[Silicon Defense logo]

SnortSnarf alert page

Source: 47.90.92.121

SnortSnarf v021111.1

Signature section (358)Top 20 source IPsTop 20 dest IPs

28 such alerts found using input module SnortFileInput, with sources:
Earliest: 02:07:39.368427 on 06/06/2019
Latest: 10:03:39.409905 on 07/04/2019

1 different signatures are present for 47.90.92.121 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

47.90.92.121 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade


[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
06/06-02:07:39.368427 47.90.92.121:53232 -> 192.168.0.38:80
TCP TTL:51 TOS:0x0 ID:19844 IpLen:20 DgmLen:600 DF
***AP*** Seq: 0x4CC60748 Ack: 0x859ED3E1 Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
06/06-02:07:40.871378 47.90.92.121:53483 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:23901 IpLen:20 DgmLen:636 DF
***AP*** Seq: 0x441EA47B Ack: 0x345C18B7 Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:02:54.107281 47.90.92.121:25590 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:8631 IpLen:20 DgmLen:600 DF
***AP*** Seq: 0x6523D1ED Ack: 0xA06C42BF Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:02:55.422031 47.90.92.121:26065 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:12357 IpLen:20 DgmLen:612 DF
***AP*** Seq: 0x4F6A905E Ack: 0x6CA778B5 Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:02:56.875241 47.90.92.121:27384 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:17642 IpLen:20 DgmLen:612 DF
***AP*** Seq: 0xE3835060 Ack: 0x6ED9D99D Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:02:58.083469 47.90.92.121:28005 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:21310 IpLen:20 DgmLen:608 DF
***AP*** Seq: 0x20EB550 Ack: 0xD2213771 Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:02:59.450888 47.90.92.121:29268 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:26169 IpLen:20 DgmLen:609 DF
***AP*** Seq: 0xAEEC0954 Ack: 0x5EBED3AD Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:00.779912 47.90.92.121:29822 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:30069 IpLen:20 DgmLen:608 DF
***AP*** Seq: 0x264CE28E Ack: 0x6C61E21C Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:02.360130 47.90.92.121:31058 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:2536 IpLen:20 DgmLen:609 DF
***AP*** Seq: 0xFC06DC9E Ack: 0xA5DAD38 Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:03.541319 47.90.92.121:31420 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:5401 IpLen:20 DgmLen:608 DF
***AP*** Seq: 0x87E5EDCB Ack: 0x88D0B71B Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:04.740054 47.90.92.121:32024 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:9648 IpLen:20 DgmLen:611 DF
***AP*** Seq: 0xB08C6669 Ack: 0x8C7535EB Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:05.991860 47.90.92.121:33227 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:13711 IpLen:20 DgmLen:612 DF
***AP*** Seq: 0xF56B72D1 Ack: 0x6F4C6587 Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:07.221699 47.90.92.121:33810 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:18165 IpLen:20 DgmLen:615 DF
***AP*** Seq: 0x13A01365 Ack: 0x7268BCCB Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:08.622642 47.90.92.121:35072 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:22634 IpLen:20 DgmLen:624 DF
***AP*** Seq: 0x932D868B Ack: 0xF03CA6AC Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:09.952988 47.90.92.121:35598 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:25418 IpLen:20 DgmLen:618 DF
***AP*** Seq: 0xBB4A7BF7 Ack: 0xBFEEC2BA Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:26.928537 47.90.92.121:47040 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:16109 IpLen:20 DgmLen:636 DF
***AP*** Seq: 0xA07DD803 Ack: 0x323C4549 Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:27.874005 47.90.92.121:47429 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:20206 IpLen:20 DgmLen:648 DF
***AP*** Seq: 0xD80B380A Ack: 0xC219120A Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:29.116432 47.90.92.121:48297 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:23382 IpLen:20 DgmLen:648 DF
***AP*** Seq: 0xE365633 Ack: 0x624974DB Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:30.208558 47.90.92.121:49212 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:27061 IpLen:20 DgmLen:644 DF
***AP*** Seq: 0xB406848F Ack: 0xAA0BC6DB Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:31.230927 47.90.92.121:49497 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:30798 IpLen:20 DgmLen:645 DF
***AP*** Seq: 0x720C62CF Ack: 0x774017DF Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:32.372867 47.90.92.121:50814 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:2255 IpLen:20 DgmLen:644 DF
***AP*** Seq: 0xA477FA1A Ack: 0xC20D940A Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:33.438683 47.90.92.121:51313 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:5396 IpLen:20 DgmLen:645 DF
***AP*** Seq: 0x7C6C23AA Ack: 0xC9744257 Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:34.486633 47.90.92.121:51542 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:8841 IpLen:20 DgmLen:644 DF
***AP*** Seq: 0x584C021 Ack: 0x60826644 Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:35.822026 47.90.92.121:53010 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:13253 IpLen:20 DgmLen:647 DF
***AP*** Seq: 0x8A918912 Ack: 0xF4C654AE Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:36.710735 47.90.92.121:53349 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:15813 IpLen:20 DgmLen:648 DF
***AP*** Seq: 0xD4087CF Ack: 0x309D9F2B Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:37.589053 47.90.92.121:53721 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:19124 IpLen:20 DgmLen:651 DF
***AP*** Seq: 0x367C1E42 Ack: 0xD64760C1 Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:38.640233 47.90.92.121:55010 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:23581 IpLen:20 DgmLen:660 DF
***AP*** Seq: 0x94324268 Ack: 0xF1B918D8 Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]
[**] [1:47649:1] SERVER-WEBAPP Apache Struts remote code execution attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
07/04-10:03:39.409905 47.90.92.121:55294 -> 192.168.0.38:80
TCP TTL:49 TOS:0x0 ID:25361 IpLen:20 DgmLen:654 DF
***AP*** Seq: 0xF79D21CF Ack: 0x10A0D0B6 Win: 0xFFFF TcpLen: 20
[Xref => http://cwiki.apache.org/confluence/display/WW/S2-057][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776]

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Fri Nov 22 13:01:48 2019