Help Irongeek.com pay for bandwidth and research equipment:
Irongeek Security Hacking Illustrated Videos InfoSec Articles Mobile Pen-testing Tools Apps/Scripts Reviews RSS Your IP Podcasts Hoosier Hackers Newscat Links Contact Forums Workout Nutrition Supplements Humor Advertise Irongeek Campuses Fed Watch Books Store About
Search Irongeek.com: Affiliates: Web Hosting: Help Irongeek.com pay for bandwidth and research equipment:	Web Shells and RFIs Collection       I wrote a little script to periodically look through my web logs for unique RFIs and Web Shells, and then collect them on one page where I can go look at them or download them to add to my Web Shell library. Many of these attacks are repeated multiple time, so I ignore the time fields in judging if an RFI/Web Shell is unique. I've coded it to weed out links to Web Shells that 404. I also use nofollow and a referrer hiding service so it does not look like I'm attacking anyone with the web shells (but the check for 404 sort of looks suspicious). This page will also let you link off to firebwall.com where you can use their PHP decoder to look at the obfuscated code. Enjoy my Web Shell zoo, it should update itself every hour or so. If you see your domain on the list of websites hosting Web Shells you are likely pwned and should clean up your server. Filtered For More Likely Live Webshell RFIs Attacker Whois IP Request View on PHP Decoder Agent Referer Time 74.208.246.23 Whois http://www.psychvisit.com/id1.txt? View on PHP Decoder Mozilla/5.0 - 20/May/2013:15:31:10 -0700 184.107.212.154 Whois http://blogger.com.host2develop.com/bot.txt?? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 - 20/May/2013:02:15:45 -0700 72.12.217.38 Whois http://jsrsports.com/docs//bt.php? View on PHP Decoder Mozilla/4.61 [en] (OS/2; U) - 16/May/2013:07:05:11 -0700 200.20.102.2 Whois http://www.c99php.com/shell/r57.txt View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 15/May/2013:13:44:40 -0700 202.228.204.204 Whois http://xlentvibes.com/store/.setan/j3.txt?? View on PHP Decoder SonyEricssonV600i/R2K Browser/SEMC-Browser/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 - 07/May/2013:12:43:06 -0700 202.228.204.204 Whois http://xlentvibes.com/store/.setan/j2.txt?? View on PHP Decoder SonyEricssonV600i/R2K Browser/SEMC-Browser/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 - 07/May/2013:12:43:05 -0700 202.228.204.204 Whois http://xlentvibes.com/store/.setan/j1.txt?? View on PHP Decoder SonyEricssonV600i/R2K Browser/SEMC-Browser/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 - 07/May/2013:12:43:04 -0700 63.141.253.124 Whois http://www.sh3ll.org/c99.txt? View on PHP Decoder Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0 - 02/May/2013:15:30:55 -0700 201.10.113.14 Whois http://picasa.com.phonotouch.si/bot.txt??? View on PHP Decoder Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 - 30/Apr/2013:02:35:28 -0700 201.10.113.14 Whois http://picasa.com.phonotouch.si/id.txt? View on PHP Decoder Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 - 30/Apr/2013:02:35:26 -0700 192.135.11.9 Whois http://nghetinhport.com.vn:8425/challenge/template_header.inc???ON6??? View on PHP Decoder Avant Browser (http://www.avantbrowser.com) - 27/Apr/2013:12:19:50 -0700 216.185.103.157 Whois http://www.st-williams.com.tw/appserv/AUTHORS.txt View on PHP Decoder Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0 - 27/Apr/2013:09:16:57 -0700 1.234.27.245 Whois http://pastie.org/688750.txt?? View on PHP Decoder Mozilla/5.0 - 25/Apr/2013:21:50:30 -0700 201.4.0.164 Whois http://superpromo-2013.com/ok.txt?? View on PHP Decoder - - 24/Apr/2013:22:40:14 -0700 187.41.249.9 Whois http://mahesh.podserver.info/templates/atomic/men.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 23/Apr/2013:22:53:03 -0700 202.228.204.224 Whois http://www.mixturesport.com//wp-content/themes/Avenue/cache/lobo.txt?? View on PHP Decoder Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0 - 18/Apr/2013:10:37:53 -0700 70.38.37.79 Whois http://www.printom.ru/netcat/modules/my_captcha/img/fee4181443c7299d710d3036451418e4? View on PHP Decoder libwww-perl/5.805 - 16/Apr/2013:09:43:03 -0700 88.151.215.41 Whois http://picasa.com.tuson.ca/bot.txt??? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 - 15/Apr/2013:20:06:33 -0700 184.168.83.239 Whois http://rameshs.ca/images/rabot.txt??? View on PHP Decoder Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 - 15/Apr/2013:00:58:06 -0700 184.168.83.239 Whois http://rameshs.ca/images/ec.txt??? View on PHP Decoder Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 - 15/Apr/2013:00:58:05 -0700 184.168.83.239 Whois http://rameshs.ca/images/air.txt? View on PHP Decoder Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 - 15/Apr/2013:00:58:04 -0700 66.49.160.18 Whois http://picasa.com.tuson.ca/bat.txt? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 - 15/Apr/2013:00:38:52 -0700 205.204.64.226 Whois http://picasa.com.tuson.ca/bad.txt? View on PHP Decoder Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 - 15/Apr/2013:00:19:43 -0700 174.92.186.141 Whois http://users2.TitanicHost.com/ninagirl/pb.txt? View on PHP Decoder Wget/1.1 (compatible; i486; Linux; RedHat7.3) - 13/Apr/2013:13:38:35 -0700 63.143.50.187 Whois http://www.ppge.ufrpe.br/plugins/system/buceta.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 13/Apr/2013:02:27:28 -0700 91.64.91.147 Whois http://amyru.h18.ru/images/cs.txt? View on PHP Decoder Wget/1.1 (compatible; i486; Linux; RedHat7.3) - 16/Dec/2012:08:33:07 -0800 189.72.209.60 Whois http://casamarvera10.cwahi.net/tester.txt?? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 13/Dec/2012:13:57:09 -0800 111.68.215.186 Whois http://www.sungeundongsan.org/zb/id.txt? View on PHP Decoder libwww-perl/5.805 - 05/Dec/2012:21:35:42 -0800 200.98.129.248 Whois http://www.ideocondo.com/php/new/flood/Scripts/g.txt? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 03/Dec/2012:18:45:35 -0800 200.98.164.226 Whois http://swiatodziezy.com/libraries/inside.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 02/Dec/2012:10:11:41 -0800 200.98.140.97 Whois http://www.ntempreco.com/teste.txt?? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 26/Nov/2012:16:29:14 -0800 200.98.129.118 Whois http://www.asiandogs.ru/dog/id1.txt?? View on PHP Decoder Mozilla/5.0 - 24/Nov/2012:16:48:24 -0800 176.254.215.142 Whois http://www.drivehq.com/web/v3nd3tta/shells/c99.txt? View on PHP Decoder Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0 - 18/Nov/2012:15:45:22 -0800 200.98.171.238 Whois http://acesso9583.hut4.ru/tester.txt? View on PHP Decoder - - 14/Nov/2012:16:43:05 -0800 187.90.77.194 Whois http://www.xambre.pr.gov.br/plugins/system/tester.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 14/Nov/2012:08:46:22 -0800 200.98.70.207 Whois http://acesso9583.hut4.ru/Vem-imbox.txt? View on PHP Decoder - - 13/Nov/2012:05:54:01 -0800 5.39.9.95 Whois http://swjzaleze.ovh.org/swietlica_15/danger.txt?? View on PHP Decoder Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1 - 04/Nov/2012:08:49:21 -0800 49.156.155.246 Whois http://ead-aerospace.com/Intranet/Dossiers/Customers/2/c99.txt View on PHP Decoder Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4 - 01/Nov/2012:07:32:59 -0700 189.90.36.210 Whois http://stmarysschoolsng.com/inside.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 31/Oct/2012:22:23:47 -0700 Likely Dead Links Attacker Whois IP Request View on PHP Decoder Agent Referer Time 187.40.80.98 Whois http://www.fileden.com/files/2012/12/18/3377635/Na1do-UP.txt?id? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 20/Dec/2012:14:15:49 -0800 201.2.98.204 Whois http://malabakeyaconsultants.com/plugins/system/goza.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 06/Oct/2012:11:54:18 -0700 118.97.95.231 Whois http://ijencrew.wapsite.me/bnc.ichat.txt?? View on PHP Decoder Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20100101 Firefox/17.0 - 11/Dec/2012:09:04:35 -0800 216.245.197.213 Whois http://www.luvex.com.br/luvex02/documentos/Bolinha.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 12/May/2013:20:21:15 -0700 187.40.106.182 Whois http://www.luvex.com.br/teste/riko.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 16/Dec/2012:20:34:42 -0800 74.208.246.23 Whois http://www.psychvisit.com/id1.txt? View on PHP Decoder Mozilla/5.0 - 20/May/2013:15:31:10 -0700 187.194.111.19 Whois http://jsrsports.com/docs//bt.php? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6 - 16/May/2013:07:02:21 -0700 184.107.212.154 Whois http://blogger.com.host2develop.com/bot.txt?? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 - 20/May/2013:02:15:45 -0700 50.117.61.253 Whois http://www.c99shell.gen.tr/c99.txt? View on PHP Decoder Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.97 Safari/537.11 - 19/Dec/2012:18:49:16 -0800 50.117.61.253 Whois http://www.c99shell.gen.tr/c99.txt?% View on PHP Decoder Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.97 Safari/537.11 - 19/Dec/2012:18:49:10 -0800 177.75.176.9 Whois http://krugeremichels.com.br/cmdtvul.txt? View on PHP Decoder - - 27/Nov/2012:16:39:35 -0800 189.1.174.192 Whois http://www.wushu.org.ge/e107_images/david.txt View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.8pre) Gecko/20070928 Firefox/2.0.0.7 Navigator/9.0RC1 - 13/Nov/2012:17:23:57 -0800 72.55.132.168 Whois http://jamina.vacau.com/e107_admin/raw.txt?? View on PHP Decoder Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511 - 26/Oct/2012:20:12:31 -0700 177.158.160.134 Whois http://members.multimania.co.uk/zadmin/epl/c99private.txt View on PHP Decoder Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.2.2.0 Safari/537.31 - 04/May/2013:08:50:07 -0700 189.74.19.227 Whois http://pc.eromil.com/goza.txt? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 16/Nov/2012:15:47:09 -0800 200.98.137.29 Whois http://atualnovosx.my3gb.com/up.txt? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 10/Nov/2012:16:33:09 -0800 200.98.137.204 Whois http://stranback.h19.ru/cmd.txt? View on PHP Decoder - - 07/Nov/2012:11:14:11 -0800 189.90.36.202 Whois http://www.buy-nippon-motors.com/upx.txt? View on PHP Decoder - - 24/Nov/2012:22:04:15 -0800 201.15.114.66 Whois http://www.buy-nippon-motors.com/com/js/swfobject/optms.txt View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 14/Nov/2012:14:58:25 -0800 189.48.124.171 Whois http://egyptinsideout.com/plugins/system//tooltips/images/tester.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 14/Nov/2012:06:18:24 -0800 187.40.25.31 Whois http://www.tanink.com/autoworld/cm.txt? View on PHP Decoder - - 02/May/2013:02:25:18 -0700 177.25.109.82 Whois http://egyptinsideout.com/plugins/system/nnframework/images/tester.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 17/Nov/2012:04:26:40 -0800 200.98.168.52 Whois http://www.gatewaytorichmond.ca/email/tester.txt?? View on PHP Decoder - - 22/Dec/2012:18:47:42 -0800 95.17.70.204 Whois http://hackertrainer.zz.mu/c99.txt View on PHP Decoder Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.12 - 26/Dec/2012:05:12:10 -0800 187.40.82.13 Whois http://www.amerint.com.br/plugins/system/chupa.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 24/Dec/2012:19:47:31 -0800 177.177.78.192 Whois http://mrlh.org/libraries/tcpdf/cache/teste.txt? View on PHP Decoder - - 23/Dec/2012:11:31:45 -0800 200.98.168.52 Whois http://www.cursomail.com/nutriterapeutica13/000/tester.txt?? View on PHP Decoder - - 22/Dec/2012:06:03:11 -0800 201.4.193.57 Whois http://www.amerint.com.br/plugins/system/qwe.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 21/Dec/2012:20:17:04 -0800 187.40.81.59 Whois http://www.goodigood.com/mcharge/php/class//ekta.txt? View on PHP Decoder - - 20/Dec/2012:13:48:06 -0800 186.249.211.224 Whois http://www.goodigood.com/mcharge/php/class//dek.txt? View on PHP Decoder - - 20/Dec/2012:01:16:04 -0800 200.98.168.52 Whois http://www.portal-novia.com/tester.txt?? View on PHP Decoder - - 19/Dec/2012:11:01:51 -0800 186.207.244.20 Whois http://204.93.219.182/spd.txt? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 18/Dec/2012:21:01:00 -0800 189.90.43.3 Whois http://www.qualityom.com.br/plugins/system/ip.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 18/Dec/2012:12:17:48 -0800 187.58.105.54 Whois http://c99.gen.tr/c99.txt? View on PHP Decoder Mozilla/5.0 (Windows NT 5.1; rv:8.0.1) Gecko/20100101 Firefox/8.0.1 - 17/Dec/2012:13:26:10 -0800 177.100.28.100 Whois http://www.xfocus.net/tools/200608/r57.txt? View on PHP Decoder Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.97 Safari/537.11 - 17/Dec/2012:07:20:45 -0800 187.40.40.61 Whois http://www.coli.com.tw/images/cmds.dat? View on PHP Decoder - - 16/Dec/2012:17:38:30 -0800 186.249.211.231 Whois http://decultis.fr//modules/mod_feed/tmpl/CMD.txt? View on PHP Decoder - - 14/Dec/2012:23:57:07 -0800 200.98.143.17 Whois http://www.goodigood.com/mainfiles/teste.txt? View on PHP Decoder - - 14/Dec/2012:16:12:49 -0800 189.72.209.60 Whois http://casamarvera10.cwahi.net/teste.txt?? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 13/Dec/2012:14:08:11 -0800 200.98.143.17 Whois http://www.goodigood.com/mainfiles/inside.txt? View on PHP Decoder - - 13/Dec/2012:04:38:05 -0800 81.177.22.64 Whois http://adamhomes.co.uk/scripts/id1.txt? View on PHP Decoder Mozilla/5.0 - 13/Dec/2012:01:15:11 -0800 187.79.14.39 Whois http://www.marioricci.com.br/plugins/system/riko.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 12/Dec/2012:15:03:08 -0800 186.194.6.158 Whois http://www.santameliavirtual.com.br/plugins/content/spm.txt? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 10/Dec/2012:19:48:49 -0800 177.40.85.81 Whois http://maisconquiste.com/teste.txt?? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 10/Dec/2012:07:02:11 -0800 190.188.186.123 Whois http://mobile.asnieres-sur-seine.fr/data/hjkjyuf43.txt? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 09/Dec/2012:17:21:14 -0800 187.19.236.40 Whois http://petrovaves.sk/new/media/system/css/system/tester.txt?? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 08/Dec/2012:19:38:01 -0800 187.40.46.133 Whois http://www.cerenergie.it/casa/inside.txt? View on PHP Decoder - - 08/Dec/2012:14:14:50 -0800 187.40.111.9 Whois http://www.khonkaenrongyen.com/plugins/cmd2.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 06/Dec/2012:20:58:26 -0800 187.40.103.247 Whois http://www.jcestetica.com.br/plugins/system/r57.txt?? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 06/Dec/2012:06:38:05 -0800 187.40.89.52 Whois http://www.khonkaenrongyen.com/plugins/cmd.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 05/Dec/2012:20:08:51 -0800 200.98.129.3 Whois http://www.cfihungary.hu/plugins/system/tool.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 29/Nov/2012:17:27:07 -0800 177.6.107.193 Whois http://www.kini-kini.com/ancien_kini/optms.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 29/Nov/2012:03:43:41 -0800 177.6.107.193 Whois http://www.galaxiauniversal.com/css/optms.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 29/Nov/2012:03:00:23 -0800 187.40.94.54 Whois http://www.blackgreenfoods.com/plugins/system/UPmanolo.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 28/Nov/2012:21:00:10 -0800 200.98.163.159 Whois http://mastersurpreend.1gb.ru/u.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 28/Nov/2012:14:12:23 -0800 200.98.129.248 Whois http://kpp.ac.th/rms/chk2007/theme/tatc/error_logs/g.txt? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 27/Nov/2012:20:06:51 -0800 187.19.236.51 Whois http://www.petrovaves.sk/new/media/system/css/system/tester.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 27/Nov/2012:20:06:17 -0800 5.39.9.95 Whois http://www.dunkerquepromotion.org/images/temoignages/danger.txt?? View on PHP Decoder Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1 - 27/Nov/2012:16:21:38 -0800 111.119.184.52 Whois http://c99.gen.tr/c99.txt View on PHP Decoder Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20100101 Firefox/15.0 - 26/Nov/2012:22:24:24 -0800 187.19.236.41 Whois http://www.thinakkural.com/plugins/system/jat3/base-themes/default/etc/layouts/tester.txt?? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 26/Nov/2012:17:38:05 -0800 200.98.128.138 Whois http://www.jf-requeixo.pt/tester.txt? View on PHP Decoder - - 26/Nov/2012:08:05:30 -0800 189.73.212.194 Whois http://galaxiauniversal.com/css/optms.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 24/Nov/2012:03:09:29 -0800 189.31.61.27 Whois http://www.brigitte-ravenel.ch/music_honegger2/honegger2/optms.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 23/Nov/2012:11:56:47 -0800 200.98.71.217 Whois http://www.faculdadesalfa.br/arqsfck/files/cmd.txt?&&r=s& View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 22/Nov/2012:23:46:09 -0800 187.19.239.127 Whois http://www.thinakkural.com/plugins/system/jat3/base-themes/default/etc/layouts/tester.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 22/Nov/2012:03:55:17 -0800 187.90.71.211 Whois http://cordsrilanka.org/xmlrpc/includes/tester.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 21/Nov/2012:03:42:01 -0800 187.40.94.178 Whois http://www.jcestetica.com.br/plugins/system/r57.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 20/Nov/2012:12:21:40 -0800 187.40.63.236 Whois http://cfzpromo2.hut2.ru/pesquisar.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 20/Nov/2012:04:13:54 -0800 200.98.163.159 Whois http://novosurpreenda.1gb.ru/u.txt? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 18/Nov/2012:18:30:55 -0800 188.165.241.81 Whois http://www.hufeland-therme.de//tmp/danger.txt?????? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 - 18/Nov/2012:01:19:49 -0800 178.40.1.77 Whois http://27.0.0.1/s.txt% View on PHP Decoder Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0 - 17/Nov/2012:06:29:13 -0800 178.40.1.77 Whois http://27.0.0.1/s.txt View on PHP Decoder Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0 - 17/Nov/2012:06:29:12 -0800 177.132.253.51 Whois http://manogoias.dominiotemporario.com/cmdtvul2.txt View on PHP Decoder - - 16/Nov/2012:06:52:26 -0800 187.40.44.195 Whois http://www.new.siamteachtech.co.th/plugins/system/tool.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 15/Nov/2012:08:08:44 -0800 187.90.50.3 Whois http://www.thinakkural.com/plugins/system/jat3/base-themes/default/blocks/tester.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 15/Nov/2012:04:39:04 -0800 200.98.167.180 Whois http://www.ncprd.org.ng/tester.txt?? View on PHP Decoder - - 14/Nov/2012:21:53:31 -0800 200.98.163.159 Whois http://wwmastervis.1gb.ru/u.txt? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 13/Nov/2012:16:02:27 -0800 200.98.163.159 Whois http://wwwmastervisa.1gb.ru/u.txt? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 11/Nov/2012:19:28:31 -0800 201.88.197.7 Whois http://www.brigitte-ravenel.ch/optimus.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 11/Nov/2012:13:56:46 -0800 200.98.70.207 Whois http://forestry.crs.gov.ng/plugins/i/tester.txt? View on PHP Decoder - - 11/Nov/2012:08:10:32 -0800 201.24.16.247 Whois http://produtosmaster.com/sonaberadinha.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 09/Nov/2012:04:25:14 -0800 189.73.213.247 Whois http://produtosmaster.com/sonaberadinha.txt View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 08/Nov/2012:10:35:59 -0800 200.98.67.191 Whois http://www.bbppketindan.info/plugins/editors-xtd/editors-xtd/langs/tester.txt?? View on PHP Decoder - - 08/Nov/2012:00:59:09 -0800 189.73.214.224 Whois http://www.armadarealseg.com.br/plugins/system/40.txt View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 07/Nov/2012:15:21:08 -0800 188.132.222.50 Whois http://demo.media-revolution.eu/2/wp-content/languages/id.txt?? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 - 07/Nov/2012:02:25:53 -0800 62.103.171.179 Whois http://www.elian.asia.lk/super/image/pb.txt??? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 05/Nov/2012:12:25:15 -0800 201.10.137.3 Whois http://www.aerovision.cl/plugins/system/sonaberadinha.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 04/Nov/2012:22:32:25 -0800 201.10.137.3 Whois http://www.aerovision.cl/plugins/system/sonaberadinha.txt View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 04/Nov/2012:21:30:43 -0800 62.193.224.66 Whois http://www.cje-pierredesaurel.com/contact/cmd3.txt?&cmd=id View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.0; nl; rv:1.8.0.9) Geck - 02/Nov/2012:14:52:56 -0700 200.98.137.204 Whois http://newuserr-ru.1gb.ru/elo/cmd.txt?? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 01/Nov/2012:16:15:51 -0700 187.39.14.69 Whois http://christpres.com/media/ppp.txt?] View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 30/Oct/2012:23:38:58 -0700 177.6.109.34 Whois http://www.guiadopaladar.com.br/modules/mod_acepolls/sonaberadinha.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 29/Oct/2012:22:38:36 -0700 200.98.128.113 Whois http://mastersurprreenda.1gb.ru/u.txt? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 29/Oct/2012:20:57:11 -0700 5.9.83.2 Whois http://www.google.com/robots.txt% View on PHP Decoder Python-httplib2/$Rev$ - 27/Oct/2012:06:01:57 -0700 189.11.222.252 Whois http://www.comu.mx/wp-includes/gol.txt View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 25/Oct/2012:04:57:24 -0700 64.20.38.154 Whois http://c99.gen.tr/r57.txt?&security/changemac View on PHP Decoder Snoopy v1.2.4 - 24/Oct/2012:11:12:35 -0700 64.20.38.154 Whois http://c99.gen.tr/r57.txt?&security/windows-forensics-registry-and-file-system-spots View on PHP Decoder Snoopy v1.2.4 - 24/Oct/2012:11:09:59 -0700 64.20.38.154 Whois http://c99.gen.tr/r57.txt?&security/networkprinterhacking View on PHP Decoder Snoopy v1.2.4 - 24/Oct/2012:10:35:49 -0700 177.0.49.124 Whois http://www.jkchemicals.in/wp-content/themes/Chameleon/cache/shell.txt View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 20/Oct/2012:18:22:20 -0700 177.40.113.75 Whois http://200.98.164.3/teste.txt??? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 18/Oct/2012:18:01:44 -0700 177.16.211.125 Whois http://200.98.164.3/teste.txt? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 18/Oct/2012:14:51:46 -0700 186.247.205.162 Whois http://www.acfinance.com.br/tool.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 18/Oct/2012:09:45:34 -0700 177.1.244.124 Whois http://www.grasselli.com/teste.txt?.php View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 18/Oct/2012:07:50:11 -0700 200.98.164.62 Whois http://c99.gen.tr/c99.txt?? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 17/Oct/2012:16:42:06 -0700 217.71.106.39 Whois http://www.avidsen.com/2009/danger.txt???? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 - 17/Oct/2012:05:41:12 -0700 186.247.205.162 Whois http://acsconduz.com.br/tool.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 16/Oct/2012:22:08:35 -0700 200.98.142.88 Whois http://voudevisa.1gb.ru/u.txt? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 16/Oct/2012:17:16:34 -0700 187.112.111.138 Whois http://200.98.164.3/teste.txt?? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 16/Oct/2012:17:00:19 -0700 200.140.167.164 Whois http://www.ccssidacv.com/r57.txt View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 16/Oct/2012:16:07:39 -0700 177.198.161.175 Whois http://www.agnuscommerce.com/cmd.txt?&cmd=id View on PHP Decoder - - 14/Oct/2012:09:42:58 -0700 207.198.114.2 Whois http://www.terex-co.com/cmd3.txt?&cmd=id View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; (R1 1 - 13/Oct/2012:20:23:58 -0700 187.53.34.51 Whois http://www.ccssidacv.com/lavamanois.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 11/Oct/2012:21:14:15 -0700 187.53.34.51 Whois http://www.ccssidacv.com/r57.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 11/Oct/2012:19:47:18 -0700 63.143.40.28 Whois http://www.three-wheely.at/mail.txt?? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 09/Oct/2012:20:21:18 -0700 186.244.149.1 Whois http://cimzon.com/doityourself/ok.txt? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 06/Oct/2012:11:22:38 -0700 69.57.164.48 Whois http://www.xbox360-kinect.nu//wp-includes/images/smilies/id.txt?? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 - 06/Oct/2012:06:11:38 -0700 196.41.124.211 Whois http://thesocialmediaexperts.com.au/wp-content/themes/twentyeleven/images/id.txt?? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 - 05/Oct/2012:23:46:24 -0700 82.165.152.245 Whois http://theoperacritic.com/cmd3.txt?&cmd=id View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.0.9) Geck - 04/Oct/2012:21:42:18 -0700 63.143.40.27 Whois http://www.nysnagard.no/mail.txt? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 04/Oct/2012:08:25:27 -0700 187.41.255.98 Whois http://www.alohabrindes.com.br/tool.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 04/Oct/2012:05:08:00 -0700 187.40.106.157 Whois http://www.akakaslogistics.com/manolo.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 02/Oct/2012:22:20:27 -0700 187.41.254.87 Whois http://abrasoft.com.br/tool.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 02/Oct/2012:22:00:35 -0700 177.78.162.190 Whois http://recompencecampground.com/goza.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 02/Oct/2012:16:18:13 -0700 200.101.110.143 Whois http://77.11.48.237/~lojas1/sonaberadinha.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 02/Oct/2012:12:18:09 -0700 201.65.241.232 Whois http://www.cassab.com.br/php/up.txt? View on PHP Decoder Mozilla/3.0 (compatible; Indy Library) - 02/Oct/2012:10:01:55 -0700 187.79.10.7 Whois http://www.groupe-rouquette.com/src/up.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 02/Oct/2012:08:04:47 -0700 78.46.53.221 Whois http://www.avidsen.com/2009/danger.txt?? View on PHP Decoder Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1 - 15/May/2013:07:53:34 -0700 61.100.181.242 Whois http://www.geocities.ws/angker/aaa.txt?? View on PHP Decoder Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0 - 15/May/2013:04:54:02 -0700 81.2.235.36 Whois http://c99.gen.tr/r57.txt? View on PHP Decoder Mozilla/5.0 - 14/May/2013:11:43:22 -0700 92.61.114.117 Whois http://www.linkterkep.hu/stat/id.txt? View on PHP Decoder Microsoft Pocket Internet Explorer/0.6 - 08/May/2013:02:19:29 -0700 41.193.5.52 Whois http://ingwemilan.at.ua/al.txt?? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 - 07/May/2013:21:30:15 -0700 201.4.192.144 Whois http://bbcode-suporte-atendimento.com/ok.txt?? View on PHP Decoder - - 06/May/2013:17:46:38 -0700 24.11.62.245 Whois http://ninaru.hut2.ru/images/cs.txt? View on PHP Decoder Wget/1.1 (compatible; i486; Linux; RedHat7.3) - 02/May/2013:18:27:43 -0700 95.173.183.35 Whois http://andoexperimentando.com.br/wp-content/ddos.txt??? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 - 01/May/2013:03:01:00 -0700 95.173.183.35 Whois http://zukdoit.stronazen.pl/wp-includes/diam.txt??? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 - 01/May/2013:03:00:58 -0700 95.173.183.35 Whois http://picasa.com.roosterrenovations.ca/bad.txt? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 - 01/May/2013:03:00:56 -0700 5.63.154.113 Whois http://picasa.com.roosterrenovations.ca/bot.txt?? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 - 27/Apr/2013:21:05:03 -0700 175.107.185.3 Whois http://flickr.com.air-custom.com/bot.txt?? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 - 27/Apr/2013:14:13:41 -0700 192.135.11.9 Whois http://nghetinhport.com.vn:8425/challenge/template_msg_respone.inc?? View on PHP Decoder Avant Browser (http://www.avantbrowser.com) - 27/Apr/2013:12:19:51 -0700 63.143.50.187 Whois http://www.oftalmoquimica.com/templates/beez/Bolinha.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 26/Apr/2013:19:40:54 -0700 208.115.125.60 Whois http://wordpress.com.chibagloves.com/load.txt??? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 - 25/Apr/2013:12:10:28 -0700 208.115.125.60 Whois http://wordpress.com.chibagloves.com/id.txt? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 - 25/Apr/2013:12:10:27 -0700 133.242.195.179 Whois http://www.visionofvanity.com/wp-includes/edian/j3.txt?? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1 - 23/Apr/2013:15:59:57 -0700 133.242.195.179 Whois http://www.visionofvanity.com/wp-includes/edian/j2.txt?? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1 - 23/Apr/2013:15:59:56 -0700 133.242.195.179 Whois http://www.visionofvanity.com/wp-includes/edian/j1.txt?? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1 - 23/Apr/2013:15:59:55 -0700 202.228.204.224 Whois http://flickr.com.meuviciodesdeoinicio.com.br/bot.txt?? View on PHP Decoder Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 - 18/Apr/2013:09:59:06 -0700 210.242.222.37 Whois http://mysmartpuppy.com/sites/default/files/u1039/id1.txt? View on PHP Decoder Mozilla/5.0 - 17/Apr/2013:16:58:58 -0700 187.40.98.102 Whois http://www.fiberfeber.dk/plugins/system/r57.txt? View on PHP Decoder Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 15/Apr/2013:21:11:45 -0700 205.204.64.226 Whois http://www.mkea.com.tw/images/ec.txt??? View on PHP Decoder Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 - 15/Apr/2013:00:19:45 -0700 178.63.100.9 Whois http://www.tampasharp.com/wp-content/themes/id.txt???? View on PHP Decoder libwww-perl/5.813 - 13/Apr/2013:10:13:16 -0700 81.57.217.41 Whois http://75.181.42.93/phpMyAdmin/clones.txt?? View on PHP Decoder Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0 - 12/Apr/2013:21:14:44 -0700 Printable version of this article 15 most recent posts on Irongeek.com: ISSA Kentuckiana Web Pen-Testing Workshop AIDE 2013:The rest of the videos Notacon 10 Videos AIDE 2013 Hacker Swap Meet: Don't Let That Old Junk Go To Waste! Outerz0ne 9 (2013) Videos Updated: Links for Doxing, Personal OSInt, Profiling, Footprinting, Cyberstalking Outerz0ne 9 Dates Announced: April 5-6th, Introduction to Pen Testing Simple Network Management Protocol (SNMP) Introduction to HTML Injection (HTMLi) and Cross Site Scripting (XSS) Using Mutillidae Bro IDS/Network Programming Language Video Page Intro To The Louisville OWASP Chapter Shmoocon FireTalks 2013 Basics of using sqlmap - ISSA Kentuckiana workshop 8 - Jeremy Druin ASAReaper: Grab Configs From Multiple Cisco Devices Over SSH (Demos PExpect and AES Encrypted INI Files in Python)

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2013, IronGeek
Louisville / Kentuckiana Information Security Enthusiast