ShellShock Scans (Update)
A little grep'ing through logs reveal the following scan patterns (red: October): Source IPs: 146.71.113.194 188.138.33.11 192.210.219.20 192.227.213.66 198.20.69.74 207.240.10.33 209.126.230.72 37.59.196.199 46.105.14.134 54.251.83.67 64.15.147.111 64.251.176.240 84.200.228.109 89.207.135.125 Page Requests: GET /admin.cgi HTTP/1.1 GET //cgi-bin/bash HTTP/1.0 GET /cgi-bin/bash HTTP/1.0 GET /cgi-bin/hello HTTP/1.1 GET /cgi-bin/helpme HTTP/1.0 GET /cgi-bin/info.sh HTTP/1.0 GET /cgi-bin/php5-cli? HTTP/1.1 GET /cgi-bin/php5? HTTP/1.1 GET /cgi-bin/php.fcgi HTTP/1.0 GET /cgi-bin/php? HTTP/1.1 GET /cgi-bin-sdb/printenv HTTP/1.1 GET /cgi-bin/test-cgi HTTP/1.1 GET /cgi-bin/test.cgi HTTP/1.1 GET /cgi-bin/test.sh HTTP/1.0 GET /cgi-mod/index.cgi HTTP/1.1 GET /cgi-sys/defaultwebpage.cgi HTTP/1.0 GET /cgi-sys/defaultwebpage.cgi …