Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: What bot is that? - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
What bot is that?
Can you share a pcap? Xme

326 Posts
ISC Handler
I've started a capture, might take an hour or two for the next bot hit.

Apache log is:
109.163.234.2 - - [07/May/2017:21:44:04 +0200] "POST /anmeldung.php HTTP/1.1" 302 210 "http://woo.li/" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"

last two weeks had 164 hits from 155 IPs

last submissions are:
anname=591025669d178&email=valid.mail@yahoo.com
anname=5910254f82f42&email=valid.mail@gmail.com

so the name is an ever-increasing hex number, the email field is filled with random mail adresses I don't know, so probably filled from a spam list..
Visi

40 Posts
No, we cannot their is some procedure that we need to follow. reachiso

1 Posts

Sign Up for Free or Log In to start participating in the conversation!