http://www.getsmartnotary.net/cart/pub/ddd.jpg??
http://www.freewebmonitoring.com/)
http://husnu.dns1.us/boki13.jpg????
http://husnu.dns1.us/latas.jpg????
http://malesjomblo.com/plugins/logon.txt??
http://husnu.dns1.us/boki13.jpg?????
http://husnu.dns1.us/latas.jpg???????
http://www.njk.co.kr/board/icon/bb.gif??
http://www.njk.co.kr/board/icon/mysql.gif??
http://www.novusortusatlanta.com/georgiagames/vero.jpg?
http://www.mobile4style.com/define/response.txt?
http://www.furor-normannicus.de/maho/daster.jpg??
http://www.furor-normannicus.de/maho/topi.jpg??
http://www.furor-normannicus.de/maho/j1.txt??
http://www.furor-normannicus.de/maho/j2.txt??
http://www.tecfashion.com/editors/module/byroe.jpg??
http://www.tecfashion.com/editors/module/j1.txt??
http://www.fuerzatemporal.com.co/templates/robots.txt???
http://www.blu-nightclub.co.uk/main/images/idxml.txt??
http://www.blu-nightclub.co.uk/main/images/man.jpg??
http://www.blu-nightclub.co.uk/main/images/men.jpg??
http://turninpt.com/satu.txt???
http://drquyong.com/mambo/aisha.jpg??
http://www.fuerzatemporal.com.co/templates/robots.txt??%0D??
http://91.121.51.71/webmail/docs/cx/david.txt??
http://www.gigablast.com/spider.html)
http://91.121.51.71/webmail/docs/cx/sangatta.txt??
http://91.121.51.71/webmail/docs/cx/parepare.txt??
http://some.thesome.com/etc/jc.jpg??
http://some.thesome.com/etc/9991.jpg??
http://some.thesome.com/etc/byz9991.jpg??
http://www.zompakoyu.net/images/smilies/Fx29ID.txt??
http://www.kbvrc.org/bbs/files/HAN/cached.jpg??
http://www.go-fulda.de/e107_images/apache.jpg??
http://www.kbvrc.org/bbs/files/HAN/apache.jpg??
http://www.newnetworks.biz/cache/test.txt??
http://itil.host.sc/gif?%0D?
http://www.fastindia.in/Policy/kir.jpg??
http://www.fastindia.in/Policy/rik.jpg??
http://www.menrs.gov.mg/coopuniv/ec.txt????
http://www.menrs.gov.mg/coopuniv/dor.txt????
http://www.zenithpropertymaintenance.co.uk/byz9991.jpg??
http://www.menrs.gov.mg/coopuniv/vero.txt?
http://dl.dropbox.com/u/35150150/edan.jpg??
http://dl.dropbox.com/u/35150150/scan.jpg??
http://www.ahhobby.dk/vcl/xajax/xajax_js/byroe.jpg??
http://www.ahhobby.dk/vcl/xajax/xajax_js/allnet.jpg??
http://www.kortech.cn/bbs/java.jpg??
http://www.sogou.com/docs/help/webmasters.htm#07)
http://www.kortech.cn/bbs/pbot.jpg??
http://www.messengersofmercy.org/images/paypal/byroe.jpg??
http://www.messengersofmercy.org/images/paypal/allnet.jpg??
http://berg.globaz.pt/download/id.txt???
http://berg.globaz.pt/download/id.txt??%0D??
http://www.vipekaem.ru/images/pandegaid.txt?
http://luzzer.jatekoldal.net/tmp/last.jpg??
http://luzzer.jatekoldal.net/tmp/banner.jpg??
http://www.bangkoklimo4u.com/image_post/id.txt??
http://yuken.fileave.com/id1.txt??x
http://fighterarcade.com/logic/id.jpg?
http://www.kudosmusic.co.uk/pdf/mic22.txt????
http://81.13.60.114/ddos.txt??
Friday, August 5, 2011
RFI's for 8/2/11 thru 8/5/11
How to hijack a php botnet
* COMMANDS: * * .user <password> //login to the bot * .logout //logout of the bot * .die //kill the bot * .restart //restart the bot * .mail <to> <from> <subject> <msg> //send an email * .dns <IP|HOST> //dns lookup * .download <URL> <filename> //download a file * .exec <cmd> // uses exec() //execute a command * .sexec <cmd> // uses shell_exec() //execute a command * .cmd <cmd> // uses popen() //execute a command * .info //get system information * .php <php code> // uses eval() //execute php code * .tcpflood <target> <packets> <packetsize> <port> <delay> //tcpflood attack * .udpflood <target> <packets> <packetsize> <delay> //udpflood attack * .raw <cmd> //raw IRC command * .rndnick //change nickname * .pscan <host> <port> //port scan * .safe // test safe_mode (dvl) * .inbox <to> // test inbox (dvl) * .conback <ip> <port> // conect back (dvl) * .uname // return shell's uname using a php function (dvl) *
Refer to previous posts and stay tuned for updates for more bots found in RFI logs
Friday, July 29, 2011
RFI 7/29/2011 update
http://211.60.155.3/skin/c.txt??
http://chap.fardinkh.com/images/export.jpg??
http://novusortusatlanta.com/georgiagames/space.gif
http://novusortusatlanta.com/georgiagames/vero.jpg?
http://211.60.155.3/skin/tile.jpg?
http://chap.fardinkh.com/images/export.jpg
http://haseban.com/id.txt?
http://bangkoklimo4u.com/image_post/id.txt??
http://digilander.libero.it/MaGoNeR00/MaGoNeRo.jpg?
http://www.pastadimandorla.com/public/catalog/images/images/center.gif?
http://dvrcamerasystem.com/media/n0x2.jpg??
http://dvrcamerasystem.com/media/n0x3.jpg??
http://www.fuerzatemporal.com.co/templates/robots.txt???
http://www.previjeni-regulatory.cz/jc.jpg??
http://www.previjeni-regulatory.cz/9991.jpg??
http://www.previjeni-regulatory.cz/byz9991.jpg??
http://malesjomblo.com/plugins/logon.txt??
http://goldenoudhproperties.com/libraries/pear/zfxid1.txt???
http://goldenoudhproperties.com/libraries/pear/crewid.txt?
http://outuvit.com/ashleigh/Wedding/image/byroe.jpg??
http://www.google.com/bot.html)
http://outuvit.com/ashleigh/Wedding/image/allnet.jpg??
http://www.bara.or.id/components/com_seyret/themes/default/images/b_icons/I/Love/khay/byroe.jpg??
http://www.hatsnewera.com/images/allnet.jpg??
http://turbolove.free.fr/e107_files/n0x2.jpg??
http://turbolove.free.fr/e107_files/n0x3.jpg??
http://www.imptecnologici.it/maho/jbv.jpg??
http://www.imptecnologici.it/maho/j3.txt??
http://www.gigablast.com/spider.html)
http://www.dunaszerelveny.hu/uploaded/idxml.txt??
http://am-computers.us/images/dd.jpg??
http://am-computers.us/images/ddd.jpg??
http://www.menrs.gov.mg/coopuniv/vero.txt?
http://yenikoykasabasi.com/site/zero.jpg??
http://yenikoykasabasi.com/site/chat.jpg??
http://www.mobile4style.com/define/response.txt?
http://www.realinternacional.com//logs/byroe.jpg??
http://www.realinternacional.com//logs/allnet.jpg??
http://142.165.199.108/obits/Photos/penner5.jpg??
http://www.newnetworks.biz/cache/test.txt??
http://www.tiendadelta.com/tienda/images/byroe.jpg??
http://www.tiendadelta.com/tienda/images/allnet.jpg??
http://idwap.net/attila/cgi-bin/itil.txt??
http://idwap.net/attila/cgi-bin/diam.txt??
http://www.zompakoyu.net/newtemp/motd/Fx29ID.txt??
http://190.95.196.204/allnet.jpg??
http://190.95.196.204/tele.jpg??
http://www.websiteartdesigner.fr/sitejoomla//components/com_file/raff.gif??
http://www.websiteartdesigner.fr/sitejoomla//components/com_file/rob.jpg??
http://www.rydekings.com/mods/pbot.txt???
http://www.rydekings.com/mods/sh.txt??
http://rcn.org.ua/e107_themes/center/pbot.txt???
http://rcn.org.ua/e107_themes/center/sh.txt??
http://www.avantbrowser.com)
http://farid.at.ua/cache/star.jpg??
http://farid.at.ua/cache/indo.jpg??
http://dida.freezoka.net/zaraza1.jpg??????
http://dida.freezoka.net/zaraza1.jpg????????
http://coldplay.wen9.com/play.jpg??
http://sangatta.muk.su/sangatta.jpg??
http://217.16.8.23/~webmail/log.txt??
http://217.16.8.23/~webmail/spread.txt??
http://sumnal.org/images/byroescan.txt??
http://www.byunsanbandotour.com/bbs//skin/ggambo7002_board/autogallery/byroe.jpg??
http://www.byunsanbandotour.com/bbs//skin/ggambo7002_board/autogallery/allnet.jpg??
http://www.sansubds.co.kr/type6/admin/apt/domyun/osco.jpg??
http://goarmy.itshome.co.kr/data/session/.cok/ID-RFI.txt??
http://www.imptecnologici.it/maho/byroe.jpg??
http://www.imptecnologici.it/maho/allnet.jpg??
http://www.imptecnologici.it/maho/j1.txt??
http://www.imptecnologici.it/maho/j2.txt??
http://voip-pilot.com/1/jc.jpg??
http://voip-pilot.com/1/9991.jpg??
http://voip-pilot.com/1/byz9991.jpg??
http://www.imptecnologici.it/maho/dolly.jpg??
http://www.imptecnologici.it/maho/j5.txt??
http://mailhost.donboscohalle.be/dbhjo2/images/zfxid1.txt???
http://www.iltrovatore.it/aiuto/faq.html)
http://outuvit.com/aeka/education/sprd.jpg??
http://prohorovka.com.ua/images/M_images/byroe.jpg??
http://prohorovka.com.ua/images/M_images/allnet.jpg??
http://www.njk.co.kr/board/icon/bb.gif??
http://www.njk.co.kr/board/icon/mysql.gif??
http://www.camaratimbo.sc.gov.br/downloads/noticias/271_1.jpg??
http://drquyong.com/mambo/aisha.jpg???
http://harassf.cl/id.txt???
http://kkc.or.kr/upload/bbs/byroe.jpg??
http://www.freewebmonitoring.com)
http://kkc.or.kr/upload/data/botphp.txt??
http://voip-pilot.com/tutorial/contrib/patches/myid.jpg?
http://www.bangkoklimo4u.com/image_post/id.txt??
http://yuken.fileave.com/id1.txt??x
http://voip-pilot.com/tutorial/contrib/patches/myid.txt?
http://www.eapss.com/images/byroe.jpg??
http://www.eapss.com/images/allnet.jpg??
http://www.eapss.com/images/j1.txt??
http://www.eapss.com/images/j2.txt??
http://www.kissterv.hu//e107_themes/bagong.jpg??
http://www.kissterv.hu//e107_themes/petruk.jpg??
http://www.novusortusatlanta.com/georgiagames/vero.jpg?
http://solidaridadca.net/shoock/cool/allnet.jpg??
http://solidaridadca.net/shoock/cmd/dose.txt??
http://help.goo.ne.jp/help/article/1142/)
Tuesday, July 5, 2011
RFIs for 7/5/2011 Round 1
http://r20.r20chatonline.com.br/web/chatpolling/1258395147.txt???
http://indonesiabersatu.waphall.com/itil.txt??
http://indonesiabersatu.waphall.com/diam.txt??
http://r20.r20chatonline.com.br/web/r20/r20.jpg??
http://cupcaketeez.com/catalog/admin/includes/modules/newsletters//allnet.jpg??
http://solidaridadca.net/shoock/s1/idxml.txt??
http://solidaridadca.net/shoock/s1//allnet.jpg??
http://solidaridadca.net/shoock/s1//byroe.jpg??
http://cupcaketeez.com/catalog/admin/includes/modules/newsletters//byroe.jpg??
http://cupcaketeez.com/catalog/admin/includes/modules/newsletters/idxml.txt??
http://allaykota.xtgem.com/david.txt??
http://indonesiabersatu.waphall.com/sangatta.jpg??
http://indonesiabersatu.waphall.com/parepare.jpg??
http://tat2warehouse.com/images/global.jpg??
http://digilander.libero.it/MaGoNeR00/MaGoNeRo.jpg??
http://tat2warehouse.com/images/girl.jpg??
http://brazilfest.ca/images/stories/global.jpg??
http://nordentotal.de/00nimrod/modules/mod_tread/banner.jpg???
http://socratespharma.com/images/stories/food/allnet.jpg??
http://jruari.com.br/images/smilies/gambaran/idxml.txt??
http://sunnfolk.no/images/stories/teamwork/sangatta.jpg??
http://jruari.com.br/images/smilies/gambaran/byroe.jpg??
http://sunnfolk.no/images/stories/teamwork/parepare.jpg??
http://jruari.com.br/images/smilies/gambaran/allnet.jpg??
http://brazilfest.ca/images/stories/girl.jpg??
http://socratespharma.com/images/stories/food/byroe.jpg??
http://bisous.net/forum/images/avatars/goodid.txt?
http://m-crystal.kz/backup/pbot.txt???
http://m-crystal.kz/backup/h.txt???
Tuesday, June 28, 2011
RFI's for 6/28/11
http://newbiehack.wapsite.me/itil.txt??
http://newbiehack.wapsite.me/diam.txt??
http://peligedi.net/tmp/allnet.jpg??
http://www.gigablast.com/spider.html)
http://peligedi.net/tmp/byroe.jpg??
http://bakersrentacar.co.uk/cms-files/id.jpg?
http://www.secure13.inmotionhosting.com/~warepa5/auction/uploaded/copy.jpg??
http://www.secure13.inmotionhosting.com/~warepa5/auction/uploaded/paste.jpg??
http://spa24hours.eu/store/images/images/java/fx29id1.txt???
http://handmadejewelrybeads.com/beads/3356/flower.jpg??
http://handmadejewelrybeads.com/beads/3356/zenci.jpg??
http://www.newnetworks.biz/cache/test.txt??
http://www.autoviacaomicaelense.pt/transportes/ckeditor/images/myid.txt?
http://www.autoviacaomicaelense.pt/transportes/ckeditor/images/vero.txt?
http://gduvs.com/define/response.txt?
http://www.bisous.net/forum/images/avatars/goodid.txt?
http://www.dunaszerelveny.hu/uploaded/idxml.txt??
http://www.mobile4style.com/define/response.txt?
http://nanaresidence.com/Ckrid1.txt??
http://www.anciens25ebp.be/zipimport/id.txt???
http://jspo.org/images/gallery/id.txt???
http://elearning.pnb.ac.id/files/byroe.jpg??
http://elearning.pnb.ac.id/files/1/allnet.jpg??
Monday, June 27, 2011
RFI's for 6/27/11
http://tal.ohhappy.net/counter/documents/logon.txt??
http://caygheprang.vn/myid.jpg?
http://raisethefist.com/allnet.jpg??
http://caygheprang.vn/c0x.txt?
http://raisethefist.com/pasbar.jpg??
http://raisethefist.com/p1.txt??
http://raisethefist.com/j2.txt??
http://handmadejewelrybeads.com/beads/3356/flower.jpg??
http://handmadejewelrybeads.com/beads/3356/zenci.jpg??
http://anciens25ebp.be/zipimport/id.txt???
http://tal.ohhappy.net/counter/documents/read.txt??
http://caygheprang.vn/ID-RFI.txt??
http://sitemakershosting.com/images/tile.jpg?
http://caygheprang.vn/cup.txt?
http://jspo.org/images/gallery/id.txt???
Saturday, June 25, 2011
RFI's for June 25th 2011
http://mendonca.sp.gov.br/fotos/noticias/Sala.txt? http://173.236.127.229/s/idosyris.txt???? http://raisethefist.com/allnet.jpg?? http://nzrsltd.co.nz/images/stories/food/idxml.txt?? http://nzrsltd.co.nz/images/stories/food//byroe.jpg?? http://nzrsltd.co.nz/images/stories/food//allnet.jpg?? http://raisethefist.com/id1.txt??? http://raisethefist.com/byroe.jpg?? http://coolergas.com/.mods/cmd.txt?? http://raisethefist.com/id2.txt???? http://raisethefist.com/byroe.jpg? http://raisethefist.com/j1.txt??? http://raisethefist.com/byroe.jpg??? http://200.44.49.99/ubica.txt??? http://thelovelygirl.com/files/mylove2.jpg?? http://thelovelygirl.com/files/mylove3.jpg?? http://173.236.127.229/s/red.txt?? http://dunaszerelveny.hu/uploaded/idxml.txt?? https://mydocsonline.com//MDFL/4E06201b6B994E06201c6BBB35/lucass.txt? http://xfocus.net.ru/soft/c99.txt http://xfocus.net.ru/soft/c100.txt http://an-atare.com/r57.php
http://webswapper.com/images/images/private.jpg??
http://webswapper.com/images/images/crime.jpg??
Monday, May 23, 2011
More RFI's for 5/23/2011
hxxp://cafecrew.h4ck.la/killer/byroe.jpg??
hxxp://cafecrew.h4ck.la/killer/allnet.jpg??
hxxp://www.all3c.com///images/mono/20100907/app/functions/response.txt?
hxxp://www.narkdeveloper.com/images/images/crime.jpg??
hxxp://www.narkdeveloper.com/images/images/private.jpg??
hxxp://newbie.stormpages.com/loader/idosyris.txt????
hxxp://www.ebazar.co.uk/byroe.jpg??
hxxp://www.ebazar.co.uk/allnet.jpg??
hxxp://www.sivainc.com/css/killer/id.txt??
hxxp://www.sivainc.com/css/killer/id.txt???
hxxp://femke.kuulkers.nl//media/idosyris.txt????
hxxp://lopx.interfree.it/id.txt
hxxp://www.dunaszerelveny.hu/uploaded/idxml.txt??
hxxp://www.bangkoklimo4u.com/image_post/id.txt??
hxxp://randyyang.org/.injek/.injek/injek.txt??
hxxp://randyyang.org/.injek/.file/anak.txt???????
hxxp://balaaka.com/files/crime.jpg??
hxxp://balaaka.com/files/private.jpg??
hxxp://cafecrew.h4ck.la/cafecrew/minang.jpg??
hxxp://www.isg-dk.dk////////administrator/components/com_virtuemart/goodid.txt?
hxxp://tal.ohhappy.net/counter/documents/logon.txt??
hxxp://www.b-c-a.org/byroe.jpg??
hxxp://www.b-c-a.org/allnet.jpg??
hxxp://quatangvp.com/images/page/myid.jpg?
hxxp://www.mymw.info//id.jpg?
hxxp://www.geocities.ws/sumatera/byroe.jpg??
hxxp://www.condoms-shop.com/images/star.jpg??
hxxp://www.geocities.ws/sumatera/allnet.jpg??
hxxp://www.condoms-shop.com/images/indo.jpg??
hxxp://onthebay.ca/graphics/key.jpg??
hxxp://ionesky.comoj.com/ddos.jpg??
hxxp://www.detroitdrinks.com/byroe.jpg??
hxxp://bidbuystore.com/images/allnet.jpg??
hxxp://www.musicspectator.com/form_tools/images/goodid.txt?
hxxp://www.condoms-shop.com/images/zinks.jpg??
hxxp://www.condoms-shop.com/images/zinkss.jpg??
hxxp://smokechemicals.com/shop/star.jpg??
hxxp://smokechemicals.com/shop/indo.jpg??
hxxp://lifecoachtom.com/life/skins/guadeloupe/img/zfxid1.txt???
RFI's for 5/23/2011
hxxp://femke.kuulkers.nl//media/idosyris.txt????
hxxp://www.greenhealth-bg.com///administrator/components/com_virtuemart/html/id.txt???
hxxp://www.utama-audio.com/files/id/botx.jpg??
hxxp://www.utama-audio.com/files/id/bots.jpg??
hxxp://www4.polarcomm.com/html/verbotV7.txt??
hxxp://crazyfashion.ru/images/tcp/byroe.jpg??
hxxp://crazyfashion.ru/images/tcp/allnet.jpg??
hxxp://lopx.interfree.it/id.txt
hxxp://onthebay.ca/graphics/key.jpg??
hxxp://www.catastrobogota.gov.co/portel/pandegaid.txt?
hxxp://www.catastrobogota.gov.co/portel/vero.jpg?
hxxp://www.catastrobogota.gov.co/portel/ID-RFI.txt??
hxxp://onthebay.ca/graphics/keys.jpg??
hxxp://www.condoms-shop.com/images/zinks.jpg??
hxxp://www.condoms-shop.com/images/zinkss.jpg??
hxxp://www.musicspectator.com/form_tools/images/goodid.txt?
hxxp://scriptsss.com//cache/browse/f/7/7c/7ca/blood.jpg??
hxxp://scriptsss.com//cache/browse/f/7/img0123.jpg??
hxxp://scriptsss.com//cache/browse/f/7/images/img0124.jpg??
hxxp://www.nvl.cl//modules/log.jpg??
hxxp://www.narkdeveloper.com/images/images/id_mantaf.txt%0D??
hxxp://www.vipekaem.ru/images/vero.jpg??
What Is Remote File Inclusion (RFI)
Remote File Inclusion (RFI) is a variety of vulnerability most often found on webpages, it enables the attacker to include a remote file usually through a script on the webpage. This vulnerability occurs due to the use of user supplied input without proper validation. This will likely lead to something as minimal as outputting the contents of a file, but depending on the severity, it can lead to one of the following:
Code execution on the webpage.
Code execution on the client-side such as JavaScript which can lead to other plans of attack such as cross site scripting (XSS).
Denial of Service (DoS).
Data Theft and/or Manipulation.
PHP Botnets
Friday, May 20, 2011
Recent Remote File Inclusions 5/20/2011
hxxp://geocities.ws/sumatera/byroe.jpg??
hxxp://geocities.ws/sumatera/allnet.jpg??
hxxp://condoms-shop.com/images/star.jpg??
hxxp://condoms-shop.com/images/indo.jpg??
hxxp://digilander.libero.it/MaGoNeR00/diam.txt???&modez=scannerz
hxxp://healthbeyond2000.co.nz/shop/templates/fallback/content/rfiid.txt?
hxxp://healthbeyond2000.co.nz/shop/templates/fallback/content/Auzssprd.txt?
hxxp://digilander.libero.it/MaGoNeR00/MaGoNeRo.jpg?&modez=scannerz
hxxp://digilander.libero.it/MaGoNeR00/MaGoNeRo.jpg?&modez=psybnc
hxxp://digilander.libero.it/MaGoNeR00/diam.txt???&modez=botz
hxxp://digilander.libero.it/MaGoNeR00/diam.txt???&modez=psybnc
hxxp://digilander.libero.it/MaGoNeR00/MaGoNeRo.jpg?&modez=botz
hxxp://onthebay.ca/graphics/key.jpg??
hxxp://imperadocmd.fileave.com/fx29id.txt?
hxxp://imperadocmd.fileave.com/fx29id2.txt??
hxxp://digilander.libero.it/MaGoNeR00/MaGoNeRo.jpg?&modez=shellz
hxxp://vereinsknowhow.de/nlprof/acp/export.jpg??
hxxp://tal.ohhappy.net/counter/documents/logon.txt??
hxxp://radioactivecrew.net/forum/radio1.jpg?
hxxp://ggmason.com/media/crime.jpg??
hxxp://ggmason.com/media/private.jpg??
hxxp://bangkoklimo4u.com/image_post/id.txt??
Tuesday, May 17, 2011
More RFI's for May 2011
Note: Replace hxxp:// with http:// , Also save .jpg's as .txt to see their contents
hxxp://brasilforgames.com/xml/log.txt??
hxxp://www.aevegas.com/cache/gnet.jpg??
hxxp://www.gigablast.com/spider.html
hxxp://www.aevegas.com/cache/xnet.jpg??
hxxp://www.barini.info/calendar/test.gif??
hxxp://www.icnet2000.it/captcha/logon.txt??
hxxp://www.tutoplaneta.com//new_img/id.txt????
hxxp://portal.kpwkm.gov.my/limesurvey/locale/cs/LC_MESSAGES/ID-RFI.txt??
hxxp://tal.ohhappy.net/tt/skin/096_quan/images/logon.txt??
hxxp://aytenaltunic.com.tr/id/ipuls/byroe.jpg??
hxxp://aytenaltunic.com.tr/id/ipuls/allnet.jpg??
hxxp://www.all3c.com///images/mono/20100907/app/functions/response.txt?
hxxp://www.avantbrowser.com
hxxp://www.websiteartdesigner.fr/sitejoomla//components/com_file/raff.gif??
hxxp://www.websiteartdesigner.fr/sitejoomla//components/com_file/rob.jpg??
hxxp://nwmbcms.marketaccess.ca/images/banners/ID-RFI.txt??
hxxp://smatemonkp.sch.id/profile.txt????
hxxp://ionesky.comoj.com/ddos.jpg??
hxxp://utama-audio.com/files/brons/senin.jpg??
hxxp://utama-audio.com/files/brons/selasa.jpg??
hxxp://www.fandefutebol.com.br/torcedores/byroe.jpg??
hxxp://www.fandefutebol.com.br/torcedores/allnet.jpg??
hxxp://rechurchcommunity.com/ID-RFI.txt??
hxxp://rechurchcommunity.com/vero.jpg?
hxxp://brus.fileave.com/id1.txt?
hxxp://rechurchcommunity.com/pandegaid.txt?
hxxp://h1.ripway.com/mexxshi/Ckrid1.jpg??
hxxp://tepian.dum.su/tepian.jpg??
hxxp://tepian.dum.su/pian.jpg??
hxxp://www.idocreative.ru///logs/byroe.jpg??
hxxp://www.idocreative.ru///logs/allnet.jpg??
hxxp://imperadocmd.fileave.com/fx29id.txt?
hxxp://www.progettovietri.org/components/com_agora/img/members/0/pbots.txt?
hxxp://www.hackorea.com/zfxid1.txt???
hxxp://moenge.ch/counter/includes/idxml.txt???
hxxp://www.hondabikes.net/pictures/id/ipuls/byroe.jpg??
hxxp://www.hondabikes.net/pictures/id/ipuls/allnet.jpg??
hxxp://www.sunnfolk.no/templates/beez/images/man.jpg??
hxxp://www.sunnfolk.no/templates/beez/images/men.jpg??
hxxp://h1.ripway.com/bey/msg.txt??
hxxp://h1.ripway.com/bey/pla.txt??
hxxp://mwm-clan.co.uk/e107_files/misc/myid.jpg??
hxxp://webmail.netropol.hu//horde/util/dump.txt??
hxxp://modifiedcarforums.com/shop/images/Unreal3.2.7/futja.jpg??
hxxp://modifiedcarforums.com/shop/images/Unreal3.2.7/ec.jpg??
hxxp://porkie-pie.com/admin/id.txt??
hxxp://www.forumjeunes-lemans.fr/language/pdf_fonts/tmp.jpg??
hxxp://feelcomz.fileave.com/id1.txt?
hxxp://www.a3.be/shop/images/gt_interactive/goodid.txt?
hxxp://www.sculptor-studio.com/media/clas.jpg??
hxxp://www.sculptor-studio.com/media/pro.jpg??
hxxp://www.ketabname.com/bookstore/images_of_news/byroe.jpg??
hxxp://www.ketabname.com/bookstore/images_of_news/allnet.jpg??
hxxp://iogn.interfree.it/echos.txt??
hxxp://madnet-bg.com/scripts/logs/airmata.jpg??
hxxp://madnet-bg.com/scripts/logs/byroe.jpg??
hxxp://madnet-bg.com/scripts/logs/allnet.jpg??
hxxp://holk.interfree.it/echos.txt??
hxxp://parcs.com.au/templates/pandegaid.txt?
hxxp://parcs.com.au/templates/vero.jpg?
hxxp://tenggarong.wapdale.com/rong.jpg??
hxxp://creativeink.ca/CPMS/id.txt?????
hxxp://bouno.com.mx/sitio/templates/keys.jpg??
hxxp://www.euromac2.com//modules/mod_stats/idx.pdf??
hxxp://www.lsp-to.or.id/network/tools/log.txt??
hxxp://nwmbcms.marketaccess.ca/images/banners/myid.jpg?
hxxp://com.rb.ma/components/com_wrapper/.x/lang.txt???
hxxp://tal.ohhappy.net/counter/documents/logon.txt??
hxxp://www.handballbus.de/trikotsandmore/images/microsoft/star.jpg??
hxxp://www.handballbus.de/trikotsandmore/images/microsoft/indo.jpg??
hxxp://indra.ucoz.org/load.txt??
hxxp://indra.ucoz.org/loadind.txt??
hxxp://www.vipekaem.ru/images/vero.jpg??
hxxp://videmos.net/vero.txt?
hxxp://roie.interfree.it/idosyris.txt????
hxxp://creativeink.ca/CPMS/id.txt???
hxxp://www.balkmetafoor.be/templates/vero.jpg?
hxxp://www.balkmetafoor.be/templates/ID-RFI.txt??
hxxp://com.rb.ma/images/yootheme/myid.jpg?
hxxp://www.balkmetafoor.be/templates/pandegaid.txt?
hxxp://www.singelkerk.nl/logs/idosyris.txt????
hxxp://h4ck3d.wsnw.net/edit_data.txt?
hxxp://www.bangkoklimo4u.com/image_post/id.txt??
hxxp://comsci.srru.ac.th/student/51122420233/images/b.txt??
hxxp://comsci.srru.ac.th/student/51122420233/images/c.txt??
hxxp://www.tothcsaba.com/byroe.jpg??
hxxp://bertswarehouse.com/allnet.jpg??
hxxp://125.7.237.132/hytnt//skin_shop/standard/2_view_body/images.jpg????
hxxp://www.google.com/bot.html
hxxp://www.hawaiimarinelife.com/Zone/byroe.jpg??
hxxp://www.hawaiimarinelife.com/Zone/allnet.jpg??
hxxp://pluginhoju.com//shop/data/.bash/a/star.jpg??
hxxp://pluginhoju.com//shop/data/.bash/a/indo.jpg??
hxxp://www.extrasportok.hu/e107_files/idx.txt???
hxxp://taverna-etterem.hu/images/slaps.jpg??
hxxp://taverna-etterem.hu/images/kill.jpg??
hxxp://www.utec.biz/byroe.jpg??
hxxp://www.utec.biz/allnet.jpg??
hxxp://www.dik.co.kr/upfile/rose.jpg??
hxxp://www.dik.co.kr/upfile/orchid.jpg??
hxxp://aquaarticles.com/.my/dev.jpg??
hxxp://aquaarticles.com/.my/jamputz.jpg??
hxxp://persaga.info/n0n0x/botshell.txt??
hxxp://persaga.info/n0n0x/spread.txt??
hxxp://defendersofthecross.com/indexx.jpg??
hxxp://defendersofthecross.com/allnet.jpg??
Recent Remote File Inclusions 5/17/2011
Note: Replace hxxp:// with http:// , Also save .jpg's as .txt to see their contents
hxxp://bangkoklimo4u.com/image_post/id.txt??
hxxp://cafecrew.h4ck.la/killer/byroe.jpg??
hxxp://cafecrew.h4ck.la/killer/allnet.jpg??
hxxp://gda2011.org/.Laknat/allnet.jpg??
hxxp://digilander.libero.it/MaGoNeR00/diam.txt???&modez=botz
hxxp://com.rb.ma/images/yootheme/myid.jpg?
hxxp://digilander.libero.it/MaGoNeR00/diam.txt???&modez=psybnc
hxxp://com.rb.ma/images/yootheme/thumb.txt?
hxxp://digilander.libero.it/MaGoNeR00/MaGoNeRo.jpg?&modez=shellz
hxxp://digilander.libero.it/MaGoNeR00/MaGoNeRo.jpg?&modez=botz
hxxp://imperadocmd.fileave.com/fx29id.txt?
hxxp://digilander.libero.it/MaGoNeR00/diam.txt???&modez=scannerz
hxxp://sepakat.or.id/id/ipuls/byroe.jpg??
hxxp://digilander.libero.it/MaGoNeR00/MaGoNeRo.jpg?&modez=scannerz
hxxp://sepakat.or.id/id/ipuls/allnet.jpg??
hxxp://cafecrew.h4ck.la/scan/idx.txt???
hxxp://free.7host01.com/webmaster14/cmd.txt?
hxxp://cafecrew.h4ck.la/scan/idxx.txt????
hxxp://persaga.info/n0n0x/botshell.txt??
hxxp://digilander.libero.it/MaGoNeR00/MaGoNeRo.jpg?&modez=psybnc
hxxp://cafecrew.h4ck.la/scan/setan3.txt??
hxxp://persaga.info/n0n0x/spread.txt??
hxxp://imperadocmd.fileave.com/fx29id2.txt??
hxxp://cafecrew.h4ck.la/scan/p.txt??
hxxp://cafecrew.h4ck.la/scan/fd.txt??
hxxp://GOBER.fileave.com/rendy.txt???