This website uses cookies to improve user experience. By using this website you consent to all cookies in accordance with our terms.

Dismiss
Click here for some search hints
1-1 of 1 results (1 page)

Linksys "The Moon" Worm

[Attack info]
Attacker: 164.132.200.93
Dest. port: 80
Time: 11/02/2019 20:55:15
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS16276 OVH SAS
Location: Hauts-de-France, Gravelines (zipcode 59820)
rDNS: ns3038151.ip-164-132-200.eu
POST /HNAP1/ HTTP/1.0 Content-Length: 329 accept-language: en-US;q=0.6,en;q=0.4 accept-encoding: deflate, gzip, identity soapaction: "http://purenetworks.com/HNAP1/IsDeviceReady" Host: 21.171.51.29 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 connection: keep-alive referer: http://21.171.51.29/ <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/encoding/"> <soap:Body> <IsDeviceReady xmlns="http://purenetworks.com/HNAP1/"> </IsDeviceReady> </soap:Body> </soap:Envelope>