Historical OSINT - A Compilation of Publicly Accessible Web Shells - An Analysis

0
December 13, 2020

In this post I'll provide actionable intelligence on some of the currently active publicly accessible IPs which are known to have been hosting publicly accessible web shells for the purpose of empowering the cybercriminals behind the campaigns to establish a direct connection with the server in question potentially resulting in a direct compromise of the server which could further assist in the ongoing monetization of the access for the purpose of hosting blackhat SEO content including malicious software on the compromised server.

Sample known IPs known to have hosted publicly accessible Web shells circa 2013:

http://63.143.52.90/webdav/Kat.php

http://188.39.86.169/webdav/Kat.php

http://71.13.238.29/webdav/Kat.php

http://122.192.68.247/webdav/Kat.php

http://79.136.101.26/webdav/Kat.php

http://218.66.79.138/webdav/Kat.php

http://147.46.53.121/webdav/Kat.php

http://195.70.35.170/webdav/Kat.php

http://202.120.38.4/webdav/Kat.php

http://175.158.191.163/webdav/Greenshell.php

http://177.124.2.30/webdav/Greenshell.php

http://200.165.107.147/webdav/Greenshell.php

http://118.97.18.244/webdav/Greenshell.php

http://175.28.13.160/webdav/Greenshell.php

http://187.76.0.75/webdav/Greenshell.php

http://58.240.239.178/webdav/Greenshell.php

http://202.100.85.103/webdav/Greenshell.php

http://210.175.78.71/webdav/Greenshell.php

http://118.69.245.77/webdav/Greenshell.php

http://69.51.202.235/webdav/Greenshell.php

http://87.106.13.193/webdav/Greenshell.php

http://24.222.37.150/webdav/Greenshell.php

http://200.57.141.91/webdav/Greenshell.php

http://173.56.68.9/webdav/Greenshell.php

http://177.2.129.199/webdav/Greenshell.php

http://202.120.34.5/webdav/Greenshell.php

http://195.70.35.170/webdav/Greenshell.php

http://62.193.248.62/webdav/Greenshell.php

http://131.220.71.150/webdav/Greenshell.php

http://161.53.159.250/webdav/Greenshell.php

http://201.122.73.249/webdav/Greenshell.php

http://201.39.231.190/webdav/Greenshell.php

http://178.18.95.238/webdav/Greenshell.php

http://178.78.114.133/webdav/Greenshell.php

http://41.57.109.245/webdav/Greenshell.php

http://18.172.2.239/webdav/Greenshell.php

http://124.165.225.147/webdav/Greenshell.php

http://84.246.6.172/webdav/Greenshell.php

http://64.47.71.249/webdav/Greenshell.php

http://186.153.123.155/webdav/Greenshell.php

http://103.30.92.130/webdav/Greenshell.php

http://115.249.227.230/webdav/Greenshell.php

http://59.176.124.13/webdav/Greenshell.php

http://114.69.241.42/webdav/Greenshell.php

http://123.18.207.2/webdav/Greenshell.php

http://84.233.143.17/webdav/Greenshell.php

http://193.60.92.220/webdav/Greenshell.php

http://80.154.138.211/webdav/Greenshell.php

http://212.91.233.115/webdav/Greenshell.php

http://210.175.78.71/webdav/Greenshell.php

http://174.37.60.119/webdav/Greenshell.php

http://75.126.69.194/webdav/Greenshell.php

http://147.46.216.176/webdav/Greenshell.php

http://195.243.244.22/webdav/Greenshell.php

http://202.169.30.215/webdav/Greenshell.php

http://193.179.195.125/webdav/Greenshell.php

http://88.179.3.250/webdav/Greenshell.php

http://62.82.100.195/webdav/Greenshell.php

http://212.204.205.48/webdav/Greenshell.php

http://61.120.124.87/webdav/Greenshell.php

http://91.195.163.75/webdav/Greenshell.php

http://212.50.28.194/webdav/Greenshell.php

http://66.60.102.110/webdav/Greenshell.php

http://41.207.95.71/webdav/Greenshell.php

http://87.79.66.248/webdav/Greenshell.php

http://118.70.167.134/webdav/Greenshell.php

http://222.73.18.86/webdav/Greenshell.php

http://118.97.18.244/webdav/Greenshell.php

http://175.28.13.160/webdav/Greenshell.php

http://217.18.195.71/webdav/Greenshell.php

http://200.50.118.40/webdav/Greenshell.php

http://81.169.178.176/webdav/Greenshell.php

http://210.163.224.65/webdav/Greenshell.php

http://175.158.191.163/webdav/Greenshell.php

http://87.98.167.79/webdav/Greenshell.php

http://212.91.233.120/webdav/Greenshell.php

http://69.162.81.116/webdav/Greenshell.php

http://212.16.239.24/webdav/Greenshell.php

http://80.122.103.134/webdav/Greenshell.php

http://68.232.226.42/webdav/Greenshell.php

http://210.173.78.67/webdav/Greenshell.php

http://118.69.245.77/webdav/Greenshell.php

http://202.100.85.103/webdav/Greenshell.php

http://115.119.15.180/webdav/Greenshell.php

http://222.73.18.86/webdav/Kat.php

http://208.115.223.114/webdav/Kat.php

http://83.238.165.202/webdav/Kat.php

http://195.243.244.22/webdav/Kat.php

http://210.163.224.65/webdav/Kat.php

http://120.68.42.163/webdav/Kat.php

http://114.142.147.125/webdav/Kat.php

http://92.39.20.52/webdav/Greenshell.php

http://202.120.51.74/webdav/Greenshell.php

http://222.73.18.86/webdav/Greenshell.php

http://210.47.36.6/webdav/Greenshell.php

http://210.175.78.71/webdav/Greenshell.php

http://212.91.233.115/webdav/Greenshell.php

http://147.46.216.176/webdav/Greenshell.php

http://77.237.1.104/webdav/Greenshell.php

http://82.204.47.109/webdav/Greenshell.php

http://217.92.57.106/webdav/Greenshell.php

http://80.24.82.4/webdav/Greenshell.php

http://194.249.184.130/webdav/Greenshell.php

http://147.46.53.121/webdav/Greenshell.php

http://85.214.39.59/webdav/Greenshell.php

http://74.208.103.227/webdav/Greenshell.php

http://134.206.51.221/webdav/Greenshell.php

http://212.91.233.120/webdav/Greenshell.php

http://220.233.42.100/webdav/Greenshell.php

http://79.125.24.51/webdav/Greenshell.php

http://74.208.161.177/webdav/Greenshell.php

http://195.54.209.152/webdav/Greenshell.php

http://78.8.120.172/webdav/Greenshell.php

http://173.192.69.18/webdav/Greenshell.php

http://212.91.233.119/webdav/Greenshell.php

http://85.111.3.57/webdav/Greenshell.php

http://213.8.91.167/webdav/Greenshell.php

http://218.83.153.18/webdav/Greenshell.php

http://218.16.119.82/webdav/Greenshell.php

http://58.26.163.2/webdav/Greenshell.php

http://109.123.92.158/webdav/Greenshell.php

http://71.13.238.14/webdav/Greenshell.php

http://210.175.78.71/webdav/Greenshell.php

http://222.24.19.18/webdav/Greenshell.php

http://87.79.66.248/webdav/Greenshell.php

http://66.171.182.154/webdav/Greenshell.php

http://210.47.36.6/webdav/Greenshell.php

http://147.46.216.176/webdav/Greenshell.php

http://87.79.66.248/webdav/Greenshell.php

http://92.39.20.52/webdav/Greenshell.php

http://208.115.223.114/webdav/Greenshell.php

http://210.175.78.71/webdav/Greenshell.php

http://212.91.233.115/webdav/Greenshell.php

http://195.243.244.22/webdav/Greenshell.php

http://222.24.19.18/webdav/Greenshell.php

http://147.46.216.176/webdav/Greenshell.php

http://202.169.30.215/webdav/Greenshell.php

http://174.37.60.119/webdav/Greenshell.php

http://70.38.118.206/webdav/Greenshell.php

http://71.13.238.10/webdav/Greenshell.php

http://71.13.238.32/webdav/Greenshell.php

http://165.234.1.18/webdav/Greenshell.php

http://216.38.161.104/webdav/Greenshell.php

http://71.13.238.4/webdav/Greenshell.php

http://71.13.238.25/webdav/Greenshell.php

http://68.232.226.42/webdav/Greenshell.php

http://173.192.69.18/webdav/Greenshell.php

http://66.171.182.154/webdav/Greenshell.php

http://173.15.180.89/webdav/Greenshell.php

http://188.39.86.169/webdav/Greenshell.php

http://212.91.233.114/webdav/Greenshell.php

http://31.163.203.16/webdav/Greenshell.php

http://213.8.91.167/webdav/Greenshell.php

http://202.120.1.33/webdav/Greenshell.php

http://219.219.114.91/webdav/Greenshell.php

http://202.72.218.181/webdav/Greenshell.php

Stay tuned!

About Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

0 Comments:

Subscribe to: Post Comments (Atom)