Bad Packets

@bad_packets

Tweets by Troy Mursch. We provide cyber on emerging threats, DDoS botnets, and network abuse. References:

Chicago, IL
badpackets.net
Joined April 2017
3,825 Photos and videos Photos and videos

Tweets

You blocked @bad_packets

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @bad_packets

  1. Pinned Tweet
    Jul 6

    Our latest CVE-2020-5902 scans have identified 3,012 vulnerable F5 hosts worldwide. Bad Packets vulnerability scan results are freely available for authorized government CERT, CSIRT, and ISAC teams. Submit request here:

    We've detected opportunistic mass scanning and exploit activity targeting F5 BIG-IP servers vulnerable to CVE-2020-5902. This critical vulnerability allows unauthenticated remote attackers to execute arbitrary commands on the targeted server.
    6 replies 55 retweets 93 likes
    Show this thread
    Show this thread
    Undo
  2. 19 hours ago

    Mass scanning activity detected from: 5.189.162.164 (🇩🇪) 5.189.181.43 (🇩🇪) 161.97.147.163 (🇩🇪) targeting F5 BIG-IP servers vulnerable to CVE-2020-5902 ().

    1 reply 8 retweets 10 likes
    Undo
  3. Dec 9

    Top 10 Countries – December 8, 2020 New unique DDoS malware hosts detected by country: 🇨🇳 China: 362 🇪🇬 Egypt: 70 🇮🇳 India: 55 🇷🇺 Russia: 55 🇧🇷 Brazil: 44 🇭🇰 Hong Kong: 41 🇹🇼 Taiwan: 40 🇹🇭 Thailand: 34 🇹🇷 Turkey: 31 🇰🇷 South Korea: 30

    1 reply 3 retweets 8 likes
    Undo
  4. Dec 8

    Also detecting CVE-2018-13379 exploit activity today from 185.107.47.215 (🇳🇱) – but it's a Tor exit node – so nothing can be done to stop it. 😢

    5 retweets 8 likes
    Show this thread
    Show this thread
    Undo
  5. Dec 8

    Mass scanning activity detected from 80.82.70.225 (🇳🇱) and 88.218.16.61 (🇳🇱) targeting Fortinet VPN servers vulnerable to unauthenticated arbitrary file read (CVE-2018-13379) leading to disclosure of usernames and passwords in plaintext.

    1 reply 13 retweets 16 likes
    Show this thread
    Show this thread
    Undo
  6. Retweeted
    14 Aug 2018

    on sale now

    10 replies 83 retweets 265 likes
    Undo
  7. Dec 7

    Mass scanning activity detected from 74.63.223.110 (🇺🇸) targeting Palo Alto GlobalProtect VPN endpoints.

    11 retweets 16 likes
    Undo
  8. Retweeted
    Dec 4

    DNS-hijacking exploit attempts ongoing targeting D-Link and ZTE routers. Rogue DNS server 192.95.59.130 (🇨🇦) still online. Target: 🇧🇷 banks, per

    2 replies 25 retweets 28 likes
    Undo
  9. Dec 7

    Ongoing mass scanning activity detected from 156.96.117.185 (🇺🇸) targeting Fortinet VPN servers vulnerable to unauthenticated arbitrary file read (CVE-2018-13379) leading to disclosure of usernames and passwords in plaintext. Ports targeted: 443 7443 8443 9443 10443 50443 60443

    3 replies 26 retweets 44 likes
    Undo
  10. Dec 4

    4 transactions now, total received stands at 0.30863173 BTC (~$5,800 USD)

    8 likes
    Show this thread
    Show this thread
    Undo
  11. Dec 4

    DNS-hijacking exploit attempts ongoing targeting D-Link and ZTE routers. Rogue DNS server 192.95.59.130 (🇨🇦) still online. Target: 🇧🇷 banks, per

    2 replies 25 retweets 28 likes
    Undo
  12. Dec 3

    Where the good packets at?

    18 replies 8 retweets 54 likes
    Undo
  13. Dec 3

    Sextortion scam, someone has paid per BTC wallet address: 1Eo9FKmAkNg8UAR4xj6F15Y53phFutzSys Email sent via 177.131.238.3 (🇧🇷)

    2 replies 9 retweets 21 likes
    Show this thread
    Show this thread
    Undo
  14. Dec 3

    Mass scanning activity detected from 156.96.117.185 (🇺🇸) targeting Fortinet VPN servers vulnerable to unauthenticated arbitrary file read (CVE-2018-13379) leading to disclosure of usernames and passwords in plaintext.

    11 retweets 14 likes
    Undo
  15. Dec 3

    Active DDoS malware payload detected: http://14.202.243.246:49168/Mozi.m VirusTotal URL detections: 0/82 () Exploit attempt source IP: 14.202.243.246 (🇦🇺) Target: Netgear router RCE

    9 retweets 19 likes
    Undo
  16. Dec 3

    Ongoing mass scanning activity detected from 59.120.255.188 (🇹🇼) targeting Fortinet VPN servers vulnerable to unauthenticated arbitrary file read (CVE-2018-13379 ) leading to disclosure of usernames and passwords in plaintext.

    7 retweets 17 likes
    Undo
  17. Dec 2

    Mass scanning activity detected from 84.199.89.45 (🇧🇪) targeting Fortinet VPN servers vulnerable to unauthenticated arbitrary file read (CVE-2018-13379) leading to disclosure of usernames and passwords in plaintext.

    14 retweets 27 likes
    Undo
  18. Dec 1

    Top 10 Countries – December 1, 2020 New unique DDoS malware hosts detected by country: 🇨🇳 China: 438 🇮🇳 India: 146 🇪🇬 Egypt: 80 🇰🇷 South Korea: 72 🇹🇼 Taiwan: 68 🇺🇸 United States: 56 🇭🇰 Hong Kong: 53 🇻🇳 Vietnam: 50 🇷🇺 Russia: 50 🇹🇭 Thailand: 33

    8 retweets 6 likes
    Undo
  19. Dec 1

    1,302,228,997 bad packets detected so far.

    2 replies 5 retweets 28 likes
    Undo
  20. Dec 1

    CVE-2019-11510 and CVE-2020-15505 for those keeping score at home.

    [Scene] Ivanti board meeting Ivanti CEO: What are among the most attacked enterprise devices today! CISO: MobileIron, Pulse Secure CEO: Buy them! Right now!
    5 retweets 9 likes
    Undo
  21. Dec 1

    Exploit activity detected from 61.222.108.235 (🇹🇼) targeting Fortinet VPN servers vulnerable to unauthenticated arbitrary file read (CVE-2018-13379 ) leading to disclosure of usernames and passwords in plaintext.

    10 retweets 13 likes
    Undo

@bad_packets hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·