Mittwoch, 21. Oktober 2015

74.94.108.29 - wp_woocommerce / virtuemart Cookie and Auth

EGIN OF HTTP DATA:
2015-10-21 10:56:18
Source IP: 74.94.108.29
Country: US RiskScore: 1 Malware: []
GET http://ya.ru:80/ HTTP/1.1
Content-Type: text/html
Host: ya.ru
Accept: text/html, */*
User-Agent: Mozilla/3.0 (compatible; Indy Library)
Authorization: Basic Og==
Cookie: nl-wag-lbsession=493641290.39121.584371104.3216573472; JSESSIONID=3F318DEF20EA379FF67AA05B51374618; 9db8b84e697d8de7acd04dee7393b60a=ae337258da9910c1feaf1f03b9df7725; wfvt_4053413342=56274d2d95c4e; CFTOKEN=98030C9E-58DE-4492-AAA47B1510FA5BF7; CFID=12366; ASPSESSIONIDQCAABTCD=PBIANEADMJBMMEHPKHPEKMAP; ASPSESSIONIDQASRRQRB=LCAABDADJPOGJALLBHMBGNBN; ASPSESSIONIDACACCQTS=BNGFBDADHOLOELKAMDJIFEME; ASPSESSIONIDCQTSABBT=CECMJGADBKMGLMCECPFLFPNN; ASPSESSIONIDAQDACTSD=AKIFDJDDAJNIJNAHIHELNJIB; X-Mapping-jfocjcpm=A58326710875159DFD1FE605A98F3A80; X-Mapping-ihnbadbn=8BEBCF55946DB931DDF1C87D24A0415C; X-Mapping-jdinjeol=FFDF3B29993B876585FCDFA9909EF15F; wp_shopp_bc38cde85b50c10d9bdebb0eb9193993=0ba9c5b80f14e3f69860cda7509a7077; site[currency]=Q2FrZQ%3D%3D.vETn; CmsDomain=ya.ru; incap_ses_199_81566=CowODjN5bwLj6hkOvh7DAvZKJ1YAAAAAB+BCoPnonUJVBYCp5xUKeQ==; incap_ses_407_81566=ZiaWKzMEIgHDhOlfWvSlBfVKJ1YAAAAAfo/1rHWeppqZ6cdvfuJygQ==; incap_ses_406_81566=VOYzJLd34ACTtwr062aiBfNKJ1YAAAAA5nUs9H2KvROsHSxk0yOoEg==;
 incap_ses_401_81566=1LbWZCya8SvkuymvnKOQBfVKJ1YAAAAAy8RJbgwe/Y9PBd7XDw6cGg==; incap_ses_120_81566=2RjJBLglW191UoOJbVOqAdJKJ1YAAAAAf1UQwaBqr5Q2wMpPHAQzaw==; incap_ses_261_81566=GZFGVnd3gXbLg9D+zkKfA9FKJ1YAAAAA2WcQTAGttQIVGqAIjg7fRg==; incap_ses_315_81566=x1z+JLhBoEOPMkXlOBtfBNBKJ1YAAAAAqbuqN5aJ+t3aC1WvABbnpw==; incap_ses_313_81566=/PXnYr1CfhNBs2r3LwBYBNBKJ1YAAAAA3TQ/Y6pEe9RAPouemwDbXg==; incap_ses_305_81566=RGA+XGM6xmecIhByTZQ7BM5KJ1YAAAAA3rjxLOTABAkf53cptw7paw==; incap_ses_288_81566=3Kc0cX2Hr3j8MJEq4i7/A8NKJ1YAAAAAAt+Y5yuHzk8KE/HuJXRI9g==; incap_ses_287_81566=w/wICF7G1GDzkOg8TKH7A79KJ1YAAAAAUL1px1Y01QJyJ/n/pGVI8A==; incap_ses_200_81566=OAVsNLkUm354oNE05YvGAqlKJ1YAAAAAxuJV8VYMtg3gV6RmKu1wew==; visid_incap_81566=8xGGpkYVRvilOCRZozp2W6lKJ1YAAAAAQUIPAAAAAADRL/a6/cPFkRp0rDsRnGWo; imp=S_n8yXBXBcel4PcTxg63NoDy6Loe610223Z0000Z0; ASPSESSIONIDSQTCSTCS=FKOFIBOCFBFEMNCGEPPIJDLF; bd45d1676dea992b2a6b94dd527b20c2=7011dcd6fd478fc235e3040e6a279ae1; virtuemart=36939bcb581af13e6e7823e25bad5880;
 d0c6e38cc40e095b29d8a68f70508dee=-; wp_woocommerce_session_fa8c6534742fba09c695479b86b3f50d=0e49327a58656322f9d7b3401f1d4603%7C%7C1445585631%7C%7C1445582031%7C%7C365c5ab325c06e102f5b29921898a4f2; uEUb_2132_lastact=1445412735%09forum.php%09; uEUb_2132_sid=InzUW5; uEUb_2132_lastvisit=1445409135; uEUb_2132_saltkey=YKpFR7pK; rg_cookie_session_id=549763849; PIWIK_SESSID=10361ae0ab110d2b93baf4907dde252d; corebb7bvisit=1445412063; GBALID=web01; ASPSESSIONIDSQBCDAQD=BHHHPNOABKBFDHFICLIHIFME; BIGipServerwww.agnis.net-HTTP=2493880074.20480.0000; EkAnalytics=0; EktGUID=66e92cf7-6a60-496f-aae8-11a40c0bac96; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=ya.ru&SiteLanguage=1033; CID=7ae028d37d407c5edcf586b3396dfcd75c48bed9s%3A40%3A%22d51ce68a4e9c6f58aa7ae28ce3b41bbd6e8738b1%22%3B; juSecondLang=fa; juFirstLang=en;
 PHPSESSID=c4fa633918d04c44e65d62eb7735adc8; ASPSESSIONIDQQRQRCDC=ILLFLNJDDBNCMELHLKFFGFBJ; Cacti=n1rek3j8pdj08nvj8bi6ot8dj5; ASP.NET_SessionId=3zc024ndj3yvajcyw5rw2vp1; .ASPXANONYMOUS=PB2ACGBC0QEkAAAAMjI2Mzg0OTMtYzk3My00NGE0LTkxYzgtZmE2MWUzY2U5MGUy--uyzTEzsohzI0t45c49Aeo2c2UuUsTfNVKkGB8VVk81; AIROS_SESSIONID=757da0eccfd2ab191585a35dd22cfde9; 1f9adce772dab79ce17b47eeff21ce20=3bc5dcaf79f897eeb113a3d87c756a55
Not to mention that this Honeypot does not run and content except "Hello World"

74.94.108[.]29

    Static Source: GeoIP data
  • Country: United States
  • ASN: AS7922 Comcast Cable Communications, Inc.
    Dynamic Source: SANS Internet Storm Cast
  • comment:IP is listed on SANS ISC
  • comment:This entry alone does not indicate a threat, please check the link
  • Reference: https://isc.sans.edu/api/ip/74.94.108.29