Samstag, 10. Oktober 2015

177.157.43.206 - /webcalendar/install/index.php

BEGIN OF HTTP DATA:
2015-10-10 01:01:15
Source IP: 177.157.43.206
Country: BR RiskScore: 1 Malware: []
GET /webcalendar/install/index.php HTTP/1.1
TE: deflate,gzip;q=0.3
Keep-Alive: 300
Connection: Keep-Alive, TE
Host: 195.169.125.87
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]
Catched my eye because of an available exploit for calendar see here
https://www.exploit-db.com/exploits/18775/

177.157.43[.]206

    Static Source: GeoIP data
  • Country: Brazil
  • ASN: AS18881 Global Village Telecom
    Dynamic Source: SANS Internet Storm Cast
  • comment:IP is listed on SANS ISC
  • comment:This entry alone does not indicate a threat, please check the link
  • Reference: https://isc.sans.edu/api/ip/177.157.43.206
    Static Source: http://sendmespamids.blogspot.nl/ Blacklist
  • Comment: Listed on Honeypot blacklist
  • Reference: https://raw.githubusercontent.com/johestephan/smsids-blacklist/master/blacklist.txt