Report - xakep.ru/wp-content/uploads/post/46257/Apache-Tomcat-runtime.getRuntime().exec()-Privilege-Escalation-Exploit.txt

Report Overview

Visited public
2023-09-13 20:51:42
Tags
URL
xakep.ru/wp-content/uploads/post/46257/Apache-Tomcat-runtime.getRuntime().exec()-Privilege-Escalation-Exploit.txt
Finishing URL
xakep.ru/wp-content/uploads/post/46257/Apache-Tomcat-runtime.getRuntime().exec()-Privilege-Escalation-Exploit.txt
IP / ASN
178.248.232.27
#197068 HLL LLC
Title
xakep.ru/wp-content/uploads/post/46257/Apache-Tomcat-runtime.getRuntime().exec()-Privilege-Escalation-Exploit.txt

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
xakep.ru	94245	1998-10-09	2014-10-25 05:00:11	2023-09-10 23:23:58	1.1 kB	36 kB	178.248.232.27

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2023-09-13	medium	xakep.ru/wp-content/uploads/post/46257/Apache-Tomcat-runtime.getRuntime().exec()-Privilege-Escalation-Exploit.txt	Generic JSP webshell
2023-09-13	medium	xakep.ru/wp-content/uploads/post/46257/Apache-Tomcat-runtime.getRuntime().exec()-Privilege-Escalation-Exploit.txt	JSP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions.

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

xakep.ru/wp-content/uploads/post/46257/Apache-Tomcat-runtime.getRuntime().exec()-Privilege-Escalation-Exploit.txt

178.248.232.27

200 OK

2.5 kB

URL User Request GET HTTP/1.1
xakep.ru/wp-content/uploads/post/46257/Apache-Tomcat-runtime.getRuntime().exec()-Privilege-Escalation-Exploit.txt
IP
178.248.232.27:443
ASN
#197068 HLL LLC

Certificate
IssuerLet's Encrypt
Subjectxakep.ru
FingerprintFB:CA:AE:68:CE:64:27:42:68:EF:A2:5A:47:F8:16:D5:8E:AE:4D:60
ValiditySun, 16 Jul 2023 01:41:50 GMT - Sat, 14 Oct 2023 01:41:49 GMT

File type
HTML document text\012- HTML document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Size
2.5 kB (2486 bytes)
Hash
b47c56084d1908978c5df6ca8d9258a9
fc343ed72186788ce8cd089989add00847971209
22d18916e0ef2e84449e33469dbdd9a8e3f3b81553314ad3b38be62971e7ca1b

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Generic JSP webshell
Public Nextron YARA rules	malware	JSP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions.

HTTP Headers

GET /wp-content/uploads/post/46257/Apache-Tomcat-runtime.getRuntime().exec()-Privilege-Escalation-Exploit.txt HTTP/1.1
Host: xakep.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: QRATOR
Date: Wed, 13 Sep 2023 20:51:24 GMT
Content-Type: text/plain
Content-Length: 2486
Connection: keep-alive
Keep-Alive: timeout=15
Last-Modified: Fri, 04 Mar 2016 13:19:35 GMT
ETag: "56d98b67-9b6"
Accept-Ranges: bytes

xakep.ru/favicon.ico

178.248.232.27

200 OK

33 kB

URL GET HTTP/1.1
xakep.ru/favicon.ico
IP
178.248.232.27:443
ASN
#197068 HLL LLC

Requested by
https://xakep.ru/wp-content/uploads/post/46257/Apache-Tomcat-runtime.getRuntime().exec()-Privilege-Escalation-Exploit.txt
Certificate
IssuerLet's Encrypt
Subjectxakep.ru
FingerprintFB:CA:AE:68:CE:64:27:42:68:EF:A2:5A:47:F8:16:D5:8E:AE:4D:60
ValiditySun, 16 Jul 2023 01:41:50 GMT - Sat, 14 Oct 2023 01:41:49 GMT

File type
MS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
33 kB (32988 bytes)
Hash
2b75fe681b6edacb7350af49c770c9ff
e7d7d6a909e3b4deb9e07401991678788b9d867f
a344de04957ab56b806ebeaa2e16df9b701336bdf880e73d60b89c4c966e99ae

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: xakep.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xakep.ru/wp-content/uploads/post/46257/Apache-Tomcat-runtime.getRuntime().exec()-Privilege-Escalation-Exploit.txt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: QRATOR
Date: Wed, 13 Sep 2023 20:51:25 GMT
Content-Type: image/x-icon
Content-Length: 32988
Connection: keep-alive
Keep-Alive: timeout=15
Last-Modified: Sat, 26 Jun 2021 11:24:24 GMT
ETag: "60d70e68-80dc"
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers