Paul
CastleCops Founder
Joined: Feb 22, 2002
Posts: 27351
|
 Posted: Tue Dec 04, 2007 5:23 am Post subject: [WsIRT#484] RFI Scanner Public, r57shell |
|
|
Attack Alert
Full Report:  /RFI_Scanner_Public_r57shell_attack484.html
Changed status to confirmed attack.
IP Converted: 216.246.41.127
dword = 3640011135
hex1 = 0xd8f6297f
hex2 = 0xd8.0xf6.0x29.0x7f
oct = 0330.0366.051.0177
View CIDR AS23352 Report: http://www.cidr-report.org/cgi-bin/as-report?as=23352
"23352 | US | arin | 2002-03-05 | SERVERCENTRAL - Server Central Network"<br />
Extended information for AS23352:
State/Province: il
Country: us
Responsible Domain: servercentral.net
Abuse Email: abuse@servercentral.net
IP Converted: 216.39.58.235
dword = 3626449643
hex1 = 0xd8273aeb
hex2 = 0xd8.0x27.0x3a.0xeb
oct = 0330.047.072.0353
View CIDR AS14779 Report: http://www.cidr-report.org/cgi-bin/as-report?as=14779
"14779 | US | arin | 2000-02-07 | INKTOMI-LAWSON - Inktomi Corporation"<br />
Extended information for AS14779:
State/Province: ca
Country: us
Responsible Domain: inktomi.com
Abuse Email: *disable*@yahoo-inc.com
http://celebritytemple.com/halle_berry/gallery/thumb/pit.txt is now down, however, http://myfaiz.com/hack.txt up and running. This is the r57 shell that attackers are attemping to download via pit.txt onto compromised machines which gives them remove shell access. Please remove.
| Quote: | | http://celebritytemple.com/halle_berry/gallery/thumb/pit.txt |
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
