http://www.getsmartnotary.net/cart/pub/ddd.jpg??
http://www.freewebmonitoring.com/)
http://husnu.dns1.us/boki13.jpg????
http://husnu.dns1.us/latas.jpg????
http://malesjomblo.com/plugins/logon.txt??
http://husnu.dns1.us/boki13.jpg?????
http://husnu.dns1.us/latas.jpg???????
http://www.njk.co.kr/board/icon/bb.gif??
http://www.njk.co.kr/board/icon/mysql.gif??
http://www.novusortusatlanta.com/georgiagames/vero.jpg?
http://www.mobile4style.com/define/response.txt?
http://www.furor-normannicus.de/maho/daster.jpg??
http://www.furor-normannicus.de/maho/topi.jpg??
http://www.furor-normannicus.de/maho/j1.txt??
http://www.furor-normannicus.de/maho/j2.txt??
http://www.tecfashion.com/editors/module/byroe.jpg??
http://www.tecfashion.com/editors/module/j1.txt??
http://www.fuerzatemporal.com.co/templates/robots.txt???
http://www.blu-nightclub.co.uk/main/images/idxml.txt??
http://www.blu-nightclub.co.uk/main/images/man.jpg??
http://www.blu-nightclub.co.uk/main/images/men.jpg??
http://turninpt.com/satu.txt???
http://drquyong.com/mambo/aisha.jpg??
http://www.fuerzatemporal.com.co/templates/robots.txt??%0D??
http://91.121.51.71/webmail/docs/cx/david.txt??
http://www.gigablast.com/spider.html)
http://91.121.51.71/webmail/docs/cx/sangatta.txt??
http://91.121.51.71/webmail/docs/cx/parepare.txt??
http://some.thesome.com/etc/jc.jpg??
http://some.thesome.com/etc/9991.jpg??
http://some.thesome.com/etc/byz9991.jpg??
http://www.zompakoyu.net/images/smilies/Fx29ID.txt??
http://www.kbvrc.org/bbs/files/HAN/cached.jpg??
http://www.go-fulda.de/e107_images/apache.jpg??
http://www.kbvrc.org/bbs/files/HAN/apache.jpg??
http://www.newnetworks.biz/cache/test.txt??
http://itil.host.sc/gif?%0D?
http://www.fastindia.in/Policy/kir.jpg??
http://www.fastindia.in/Policy/rik.jpg??
http://www.menrs.gov.mg/coopuniv/ec.txt????
http://www.menrs.gov.mg/coopuniv/dor.txt????
http://www.zenithpropertymaintenance.co.uk/byz9991.jpg??
http://www.menrs.gov.mg/coopuniv/vero.txt?
http://dl.dropbox.com/u/35150150/edan.jpg??
http://dl.dropbox.com/u/35150150/scan.jpg??
http://www.ahhobby.dk/vcl/xajax/xajax_js/byroe.jpg??
http://www.ahhobby.dk/vcl/xajax/xajax_js/allnet.jpg??
http://www.kortech.cn/bbs/java.jpg??
http://www.sogou.com/docs/help/webmasters.htm#07)
http://www.kortech.cn/bbs/pbot.jpg??
http://www.messengersofmercy.org/images/paypal/byroe.jpg??
http://www.messengersofmercy.org/images/paypal/allnet.jpg??
http://berg.globaz.pt/download/id.txt???
http://berg.globaz.pt/download/id.txt??%0D??
http://www.vipekaem.ru/images/pandegaid.txt?
http://luzzer.jatekoldal.net/tmp/last.jpg??
http://luzzer.jatekoldal.net/tmp/banner.jpg??
http://www.bangkoklimo4u.com/image_post/id.txt??
http://yuken.fileave.com/id1.txt??x
http://fighterarcade.com/logic/id.jpg?
http://www.kudosmusic.co.uk/pdf/mic22.txt????
http://81.13.60.114/ddos.txt??
Friday, August 5, 2011
RFI's for 8/2/11 thru 8/5/11
How to hijack a php botnet
* COMMANDS: * * .user <password> //login to the bot * .logout //logout of the bot * .die //kill the bot * .restart //restart the bot * .mail <to> <from> <subject> <msg> //send an email * .dns <IP|HOST> //dns lookup * .download <URL> <filename> //download a file * .exec <cmd> // uses exec() //execute a command * .sexec <cmd> // uses shell_exec() //execute a command * .cmd <cmd> // uses popen() //execute a command * .info //get system information * .php <php code> // uses eval() //execute php code * .tcpflood <target> <packets> <packetsize> <port> <delay> //tcpflood attack * .udpflood <target> <packets> <packetsize> <delay> //udpflood attack * .raw <cmd> //raw IRC command * .rndnick //change nickname * .pscan <host> <port> //port scan * .safe // test safe_mode (dvl) * .inbox <to> // test inbox (dvl) * .conback <ip> <port> // conect back (dvl) * .uname // return shell's uname using a php function (dvl) *
Refer to previous posts and stay tuned for updates for more bots found in RFI logs
Friday, July 29, 2011
RFI 7/29/2011 update
http://jeffhobert.com/.dat/.dat/aisha.jpg???
http://211.60.155.3/skin/c.txt??
http://chap.fardinkh.com/images/export.jpg??
http://novusortusatlanta.com/georgiagames/space.gif
http://novusortusatlanta.com/georgiagames/vero.jpg?
http://211.60.155.3/skin/tile.jpg?
http://chap.fardinkh.com/images/export.jpg
http://haseban.com/id.txt?
http://bangkoklimo4u.com/image_post/id.txt??
http://digilander.libero.it/MaGoNeR00/MaGoNeRo.jpg?
http://www.pastadimandorla.com/public/catalog/images/images/center.gif?
http://dvrcamerasystem.com/media/n0x2.jpg??
http://dvrcamerasystem.com/media/n0x3.jpg??
http://www.fuerzatemporal.com.co/templates/robots.txt???
http://www.previjeni-regulatory.cz/jc.jpg??
http://www.previjeni-regulatory.cz/9991.jpg??
http://www.previjeni-regulatory.cz/byz9991.jpg??
http://malesjomblo.com/plugins/logon.txt??
http://goldenoudhproperties.com/libraries/pear/zfxid1.txt???
http://goldenoudhproperties.com/libraries/pear/crewid.txt?
http://outuvit.com/ashleigh/Wedding/image/byroe.jpg??
http://www.google.com/bot.html)
http://outuvit.com/ashleigh/Wedding/image/allnet.jpg??
http://www.bara.or.id/components/com_seyret/themes/default/images/b_icons/I/Love/khay/byroe.jpg??
http://www.hatsnewera.com/images/allnet.jpg??
http://turbolove.free.fr/e107_files/n0x2.jpg??
http://turbolove.free.fr/e107_files/n0x3.jpg??
http://www.imptecnologici.it/maho/jbv.jpg??
http://www.imptecnologici.it/maho/j3.txt??
http://www.gigablast.com/spider.html)
http://www.dunaszerelveny.hu/uploaded/idxml.txt??
http://am-computers.us/images/dd.jpg??
http://am-computers.us/images/ddd.jpg??
http://www.menrs.gov.mg/coopuniv/vero.txt?
http://yenikoykasabasi.com/site/zero.jpg??
http://yenikoykasabasi.com/site/chat.jpg??
http://www.mobile4style.com/define/response.txt?
http://www.realinternacional.com//logs/byroe.jpg??
http://www.realinternacional.com//logs/allnet.jpg??
http://142.165.199.108/obits/Photos/penner5.jpg??
http://www.newnetworks.biz/cache/test.txt??
http://www.tiendadelta.com/tienda/images/byroe.jpg??
http://www.tiendadelta.com/tienda/images/allnet.jpg??
http://idwap.net/attila/cgi-bin/itil.txt??
http://idwap.net/attila/cgi-bin/diam.txt??
http://www.zompakoyu.net/newtemp/motd/Fx29ID.txt??
http://190.95.196.204/allnet.jpg??
http://190.95.196.204/tele.jpg??
http://www.websiteartdesigner.fr/sitejoomla//components/com_file/raff.gif??
http://www.websiteartdesigner.fr/sitejoomla//components/com_file/rob.jpg??
http://www.rydekings.com/mods/pbot.txt???
http://www.rydekings.com/mods/sh.txt??
http://rcn.org.ua/e107_themes/center/pbot.txt???
http://rcn.org.ua/e107_themes/center/sh.txt??
http://www.avantbrowser.com)
http://farid.at.ua/cache/star.jpg??
http://farid.at.ua/cache/indo.jpg??
http://dida.freezoka.net/zaraza1.jpg??????
http://dida.freezoka.net/zaraza1.jpg????????
http://coldplay.wen9.com/play.jpg??
http://sangatta.muk.su/sangatta.jpg??
http://217.16.8.23/~webmail/log.txt??
http://217.16.8.23/~webmail/spread.txt??
http://sumnal.org/images/byroescan.txt??
http://www.byunsanbandotour.com/bbs//skin/ggambo7002_board/autogallery/byroe.jpg??
http://www.byunsanbandotour.com/bbs//skin/ggambo7002_board/autogallery/allnet.jpg??
http://www.sansubds.co.kr/type6/admin/apt/domyun/osco.jpg??
http://goarmy.itshome.co.kr/data/session/.cok/ID-RFI.txt??
http://www.imptecnologici.it/maho/byroe.jpg??
http://www.imptecnologici.it/maho/allnet.jpg??
http://www.imptecnologici.it/maho/j1.txt??
http://www.imptecnologici.it/maho/j2.txt??
http://voip-pilot.com/1/jc.jpg??
http://voip-pilot.com/1/9991.jpg??
http://voip-pilot.com/1/byz9991.jpg??
http://www.imptecnologici.it/maho/dolly.jpg??
http://www.imptecnologici.it/maho/j5.txt??
http://mailhost.donboscohalle.be/dbhjo2/images/zfxid1.txt???
http://www.iltrovatore.it/aiuto/faq.html)
http://outuvit.com/aeka/education/sprd.jpg??
http://prohorovka.com.ua/images/M_images/byroe.jpg??
http://prohorovka.com.ua/images/M_images/allnet.jpg??
http://www.njk.co.kr/board/icon/bb.gif??
http://www.njk.co.kr/board/icon/mysql.gif??
http://www.camaratimbo.sc.gov.br/downloads/noticias/271_1.jpg??
http://drquyong.com/mambo/aisha.jpg???
http://harassf.cl/id.txt???
http://kkc.or.kr/upload/bbs/byroe.jpg??
http://www.freewebmonitoring.com)
http://kkc.or.kr/upload/data/botphp.txt??
http://voip-pilot.com/tutorial/contrib/patches/myid.jpg?
http://www.bangkoklimo4u.com/image_post/id.txt??
http://yuken.fileave.com/id1.txt??x
http://voip-pilot.com/tutorial/contrib/patches/myid.txt?
http://www.eapss.com/images/byroe.jpg??
http://www.eapss.com/images/allnet.jpg??
http://www.eapss.com/images/j1.txt??
http://www.eapss.com/images/j2.txt??
http://www.kissterv.hu//e107_themes/bagong.jpg??
http://www.kissterv.hu//e107_themes/petruk.jpg??
http://www.novusortusatlanta.com/georgiagames/vero.jpg?
http://solidaridadca.net/shoock/cool/allnet.jpg??
http://solidaridadca.net/shoock/cmd/dose.txt??
http://help.goo.ne.jp/help/article/1142/)
http://211.60.155.3/skin/c.txt??
http://chap.fardinkh.com/images/export.jpg??
http://novusortusatlanta.com/georgiagames/space.gif
http://novusortusatlanta.com/georgiagames/vero.jpg?
http://211.60.155.3/skin/tile.jpg?
http://chap.fardinkh.com/images/export.jpg
http://haseban.com/id.txt?
http://bangkoklimo4u.com/image_post/id.txt??
http://digilander.libero.it/MaGoNeR00/MaGoNeRo.jpg?
http://www.pastadimandorla.com/public/catalog/images/images/center.gif?
http://dvrcamerasystem.com/media/n0x2.jpg??
http://dvrcamerasystem.com/media/n0x3.jpg??
http://www.fuerzatemporal.com.co/templates/robots.txt???
http://www.previjeni-regulatory.cz/jc.jpg??
http://www.previjeni-regulatory.cz/9991.jpg??
http://www.previjeni-regulatory.cz/byz9991.jpg??
http://malesjomblo.com/plugins/logon.txt??
http://goldenoudhproperties.com/libraries/pear/zfxid1.txt???
http://goldenoudhproperties.com/libraries/pear/crewid.txt?
http://outuvit.com/ashleigh/Wedding/image/byroe.jpg??
http://www.google.com/bot.html)
http://outuvit.com/ashleigh/Wedding/image/allnet.jpg??
http://www.bara.or.id/components/com_seyret/themes/default/images/b_icons/I/Love/khay/byroe.jpg??
http://www.hatsnewera.com/images/allnet.jpg??
http://turbolove.free.fr/e107_files/n0x2.jpg??
http://turbolove.free.fr/e107_files/n0x3.jpg??
http://www.imptecnologici.it/maho/jbv.jpg??
http://www.imptecnologici.it/maho/j3.txt??
http://www.gigablast.com/spider.html)
http://www.dunaszerelveny.hu/uploaded/idxml.txt??
http://am-computers.us/images/dd.jpg??
http://am-computers.us/images/ddd.jpg??
http://www.menrs.gov.mg/coopuniv/vero.txt?
http://yenikoykasabasi.com/site/zero.jpg??
http://yenikoykasabasi.com/site/chat.jpg??
http://www.mobile4style.com/define/response.txt?
http://www.realinternacional.com//logs/byroe.jpg??
http://www.realinternacional.com//logs/allnet.jpg??
http://142.165.199.108/obits/Photos/penner5.jpg??
http://www.newnetworks.biz/cache/test.txt??
http://www.tiendadelta.com/tienda/images/byroe.jpg??
http://www.tiendadelta.com/tienda/images/allnet.jpg??
http://idwap.net/attila/cgi-bin/itil.txt??
http://idwap.net/attila/cgi-bin/diam.txt??
http://www.zompakoyu.net/newtemp/motd/Fx29ID.txt??
http://190.95.196.204/allnet.jpg??
http://190.95.196.204/tele.jpg??
http://www.websiteartdesigner.fr/sitejoomla//components/com_file/raff.gif??
http://www.websiteartdesigner.fr/sitejoomla//components/com_file/rob.jpg??
http://www.rydekings.com/mods/pbot.txt???
http://www.rydekings.com/mods/sh.txt??
http://rcn.org.ua/e107_themes/center/pbot.txt???
http://rcn.org.ua/e107_themes/center/sh.txt??
http://www.avantbrowser.com)
http://farid.at.ua/cache/star.jpg??
http://farid.at.ua/cache/indo.jpg??
http://dida.freezoka.net/zaraza1.jpg??????
http://dida.freezoka.net/zaraza1.jpg????????
http://coldplay.wen9.com/play.jpg??
http://sangatta.muk.su/sangatta.jpg??
http://217.16.8.23/~webmail/log.txt??
http://217.16.8.23/~webmail/spread.txt??
http://sumnal.org/images/byroescan.txt??
http://www.byunsanbandotour.com/bbs//skin/ggambo7002_board/autogallery/byroe.jpg??
http://www.byunsanbandotour.com/bbs//skin/ggambo7002_board/autogallery/allnet.jpg??
http://www.sansubds.co.kr/type6/admin/apt/domyun/osco.jpg??
http://goarmy.itshome.co.kr/data/session/.cok/ID-RFI.txt??
http://www.imptecnologici.it/maho/byroe.jpg??
http://www.imptecnologici.it/maho/allnet.jpg??
http://www.imptecnologici.it/maho/j1.txt??
http://www.imptecnologici.it/maho/j2.txt??
http://voip-pilot.com/1/jc.jpg??
http://voip-pilot.com/1/9991.jpg??
http://voip-pilot.com/1/byz9991.jpg??
http://www.imptecnologici.it/maho/dolly.jpg??
http://www.imptecnologici.it/maho/j5.txt??
http://mailhost.donboscohalle.be/dbhjo2/images/zfxid1.txt???
http://www.iltrovatore.it/aiuto/faq.html)
http://outuvit.com/aeka/education/sprd.jpg??
http://prohorovka.com.ua/images/M_images/byroe.jpg??
http://prohorovka.com.ua/images/M_images/allnet.jpg??
http://www.njk.co.kr/board/icon/bb.gif??
http://www.njk.co.kr/board/icon/mysql.gif??
http://www.camaratimbo.sc.gov.br/downloads/noticias/271_1.jpg??
http://drquyong.com/mambo/aisha.jpg???
http://harassf.cl/id.txt???
http://kkc.or.kr/upload/bbs/byroe.jpg??
http://www.freewebmonitoring.com)
http://kkc.or.kr/upload/data/botphp.txt??
http://voip-pilot.com/tutorial/contrib/patches/myid.jpg?
http://www.bangkoklimo4u.com/image_post/id.txt??
http://yuken.fileave.com/id1.txt??x
http://voip-pilot.com/tutorial/contrib/patches/myid.txt?
http://www.eapss.com/images/byroe.jpg??
http://www.eapss.com/images/allnet.jpg??
http://www.eapss.com/images/j1.txt??
http://www.eapss.com/images/j2.txt??
http://www.kissterv.hu//e107_themes/bagong.jpg??
http://www.kissterv.hu//e107_themes/petruk.jpg??
http://www.novusortusatlanta.com/georgiagames/vero.jpg?
http://solidaridadca.net/shoock/cool/allnet.jpg??
http://solidaridadca.net/shoock/cmd/dose.txt??
http://help.goo.ne.jp/help/article/1142/)
Tuesday, July 5, 2011
RFIs for 7/5/2011 Round 1
http://r20.r20chatonline.com.br/web/chatpolling/1258395147.txt???
http://indonesiabersatu.waphall.com/itil.txt??
http://indonesiabersatu.waphall.com/diam.txt??
http://r20.r20chatonline.com.br/web/r20/r20.jpg??
http://cupcaketeez.com/catalog/admin/includes/modules/newsletters//allnet.jpg??
http://solidaridadca.net/shoock/s1/idxml.txt??
http://solidaridadca.net/shoock/s1//allnet.jpg??
http://solidaridadca.net/shoock/s1//byroe.jpg??
http://cupcaketeez.com/catalog/admin/includes/modules/newsletters//byroe.jpg??
http://cupcaketeez.com/catalog/admin/includes/modules/newsletters/idxml.txt??
http://allaykota.xtgem.com/david.txt??
http://indonesiabersatu.waphall.com/sangatta.jpg??
http://indonesiabersatu.waphall.com/parepare.jpg??
http://tat2warehouse.com/images/global.jpg??
http://digilander.libero.it/MaGoNeR00/MaGoNeRo.jpg??
http://tat2warehouse.com/images/girl.jpg??
http://brazilfest.ca/images/stories/global.jpg??
http://nordentotal.de/00nimrod/modules/mod_tread/banner.jpg???
http://socratespharma.com/images/stories/food/allnet.jpg??
http://jruari.com.br/images/smilies/gambaran/idxml.txt??
http://sunnfolk.no/images/stories/teamwork/sangatta.jpg??
http://jruari.com.br/images/smilies/gambaran/byroe.jpg??
http://sunnfolk.no/images/stories/teamwork/parepare.jpg??
http://jruari.com.br/images/smilies/gambaran/allnet.jpg??
http://brazilfest.ca/images/stories/girl.jpg??
http://socratespharma.com/images/stories/food/byroe.jpg??
http://bisous.net/forum/images/avatars/goodid.txt?
http://m-crystal.kz/backup/pbot.txt???
http://m-crystal.kz/backup/h.txt???
Tuesday, June 28, 2011
RFI's for 6/28/11
http://www.fandefutebol.com.br/torcedores/r57.txt??
http://newbiehack.wapsite.me/itil.txt??
http://newbiehack.wapsite.me/diam.txt??
http://peligedi.net/tmp/allnet.jpg??
http://www.gigablast.com/spider.html)
http://peligedi.net/tmp/byroe.jpg??
http://bakersrentacar.co.uk/cms-files/id.jpg?
http://www.secure13.inmotionhosting.com/~warepa5/auction/uploaded/copy.jpg??
http://www.secure13.inmotionhosting.com/~warepa5/auction/uploaded/paste.jpg??
http://spa24hours.eu/store/images/images/java/fx29id1.txt???
http://handmadejewelrybeads.com/beads/3356/flower.jpg??
http://handmadejewelrybeads.com/beads/3356/zenci.jpg??
http://www.newnetworks.biz/cache/test.txt??
http://www.autoviacaomicaelense.pt/transportes/ckeditor/images/myid.txt?
http://www.autoviacaomicaelense.pt/transportes/ckeditor/images/vero.txt?
http://gduvs.com/define/response.txt?
http://www.bisous.net/forum/images/avatars/goodid.txt?
http://www.dunaszerelveny.hu/uploaded/idxml.txt??
http://www.mobile4style.com/define/response.txt?
http://nanaresidence.com/Ckrid1.txt??
http://www.anciens25ebp.be/zipimport/id.txt???
http://jspo.org/images/gallery/id.txt???
http://elearning.pnb.ac.id/files/byroe.jpg??
http://elearning.pnb.ac.id/files/1/allnet.jpg??
http://newbiehack.wapsite.me/itil.txt??
http://newbiehack.wapsite.me/diam.txt??
http://peligedi.net/tmp/allnet.jpg??
http://www.gigablast.com/spider.html)
http://peligedi.net/tmp/byroe.jpg??
http://bakersrentacar.co.uk/cms-files/id.jpg?
http://www.secure13.inmotionhosting.com/~warepa5/auction/uploaded/copy.jpg??
http://www.secure13.inmotionhosting.com/~warepa5/auction/uploaded/paste.jpg??
http://spa24hours.eu/store/images/images/java/fx29id1.txt???
http://handmadejewelrybeads.com/beads/3356/flower.jpg??
http://handmadejewelrybeads.com/beads/3356/zenci.jpg??
http://www.newnetworks.biz/cache/test.txt??
http://www.autoviacaomicaelense.pt/transportes/ckeditor/images/myid.txt?
http://www.autoviacaomicaelense.pt/transportes/ckeditor/images/vero.txt?
http://gduvs.com/define/response.txt?
http://www.bisous.net/forum/images/avatars/goodid.txt?
http://www.dunaszerelveny.hu/uploaded/idxml.txt??
http://www.mobile4style.com/define/response.txt?
http://nanaresidence.com/Ckrid1.txt??
http://www.anciens25ebp.be/zipimport/id.txt???
http://jspo.org/images/gallery/id.txt???
http://elearning.pnb.ac.id/files/byroe.jpg??
http://elearning.pnb.ac.id/files/1/allnet.jpg??
Monday, June 27, 2011
RFI's for 6/27/11
http://tal.ohhappy.net/counter/documents/logon.txt??
http://caygheprang.vn/myid.jpg?
http://raisethefist.com/allnet.jpg??
http://caygheprang.vn/c0x.txt?
http://raisethefist.com/pasbar.jpg??
http://raisethefist.com/p1.txt??
http://raisethefist.com/j2.txt??
http://handmadejewelrybeads.com/beads/3356/flower.jpg??
http://handmadejewelrybeads.com/beads/3356/zenci.jpg??
http://anciens25ebp.be/zipimport/id.txt???
http://tal.ohhappy.net/counter/documents/read.txt??
http://caygheprang.vn/ID-RFI.txt??
http://sitemakershosting.com/images/tile.jpg?
http://caygheprang.vn/cup.txt?
http://jspo.org/images/gallery/id.txt???
Saturday, June 25, 2011
Subscribe to:
Posts (Atom)