Virus check.js sur mon site
totor
-
parhasard -
parhasard -
Bonjour,
je suis victime depuis quelques temps de cette attaque sur mon site.
Grace aux renseignements de ce forum: (https://www.webmaster-hub.com/topic/40057-virus-d%C3%A9tect%C3%A9-par-avast-en-allant-sur-mon-propre-site/ j'ai peut être trouvé la (l'une des ?) faille sur mon site:
Je passait en paramètre dans l'url le nom de ma page à afficher. Mon script fesait un include du nom de ma pageconcaténé avec l'extention .php
J'ai donc créé un petit scrip affin de récuperer l'adresse ip de la personne essayant d'entrer un autre nom de page.
Je viens d'avoir dix tentatives d'attaques, voici ce que je récupère de deux de mes srcipt:
Alerte 1:
Le: 19/03/2008 à 19:17:43
Page Demandée:http://www.filter-international.com/about-us/ I
IP: 125.45.197.7FAI: hn.kd.ny.adsl
Utilisateur: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Alerte 2:
Le: 19/03/2008 à 19:07:50
Page Demandée:http://www.filter-international.com/about-us/
IP: 78.47.78.82FAI: static.82.78.47.78.clients.your-server.de
Utilisateur: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
J'ai aussitôt fait un tracage de l'adresse ip renvoyé par mon script et donc voici ce qu'on me donne:
[code] 78.47.78.82 - DE - GERMANY
static.82.78.47.78.clients.your-server.de.
Le serveur whois.ripe.net à retourné l'information suivante :
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '78.47.78.80 - 78.47.78.87'
inetnum: 78.47.78.80 - 78.47.78.87
netname: RIVERLAND
descr: Riverland
country: DE
admin-c: NS2063-RIPE
tech-c: NS2063-RIPE
status: ASSIGNED PA
mnt-by: HOS-GUN
source: RIPE # Filtered
person: Norbert Schneider
address: Riverland
address: Nymphenburger Str. 147a
address: 80634 München
address: GERMANY
phone: +49 89255575588
fax-no: +49 89255575589
e-mail: daniel@inovativa.de
nic-hdl: NS2063-RIPE
mnt-by: HOS-GUN
source: RIPE # Filtered
% Information related to '78.46.0.0/15AS24940'
route: 78.46.0.0/15
descr: HETZNER-RZ-NBG-BLK5
origin: AS24940
org: ORG-HOA1-RIPE
mnt-by: HOS-GUN
source: RIPE # Filtered
organisation: ORG-HOA1-RIPE
org-name: Hetzner Online AG
org-type: LIR
address: Hetzner Online AG
Attn. Martin Hetzner
Industriestr. 6
91710 Gunzenhausen
Germany
phone: +49 9831 610061
fax-no: +49 9831 610062
e-mail: info@hetzner.de
admin-c: GM834-RIPE
admin-c: MH375-RIPE
admin-c: RB1502-RIPE
admin-c: SK2374-RIPE
admin-c: HOAC1-RIPE
mnt-ref: HOS-GUN
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
Localisation géographique par IP - IP geographical localization
125.45.197.7 - CN - CHINA
hn.kd.ny.adsl.
Le serveur whois.apnic.net à retourné l'information suivante :
% [whois.apnic.net node-1]
% Whois data copyright terms https://www.apnic.net/manage-ip/using-whois/bulk-access/copyright/
inetnum: 125.40.0.0 - 125.47.255.255
netname: CNCGROUP-HA
descr: CNCGROUP Henan province network
descr: China Network Communications Group Corporation
descr: No.156,Fu-Xing-Men-Nei Street,
descr: Beijing 100031
country: CN
admin-c: CH455-AP
tech-c: WW444-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-HA
mnt-routes: MAINT-CNCGROUP-RR
status: ALLOCATED PORTABLE
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@apnic.net 20051011
changed: hm-changed@apnic.net 20051020
source: APNIC
route: 125.40.0.0/13
descr: CNC Group CHINA169 Henan Province Network
country: CN
origin: AS4837
mnt-by: MAINT-CNCGROUP-RR
changed: abuse@cnc-noc.net 20060118
source: APNIC
role: CNCGroup Hostmaster
e-mail: abuse@cnc-noc.net
address: No.156,Fu-Xing-Men-Nei Street,
address: Beijing,100031,P.R.China
nic-hdl: CH455-AP
phone: +86-10-82993155
fax-no: +86-10-82993102
country: CN
admin-c: CH444-AP
tech-c: CH444-AP
changed: abuse@cnc-noc.net 20041119
mnt-by: MAINT-CNCGROUP
source: APNIC
person: Wei Wang
nic-hdl: WW444-AP
e-mail: abuse@public.zz.ha.cn
address: #37 Wei Wu Road, Zhengzhou, Henan Provice
phone: +86-371-65952358
fax-no: +86-371-65968952
country: CN
changed: wangw@data.zz.ha.cn 20060205
mnt-by: MAINT-CNCGROUP-HA
source: APNIC
222.152.200.160 - NZ - NEW ZEALAND
222-152-200-160.jetstream.xtra.co.nz.
Le serveur whois.apnic.net à retourné l'information suivante :
% [whois.apnic.net node-2]
% Whois data copyright terms https://www.apnic.net/manage-ip/using-whois/bulk-access/copyright/
inetnum: 222.152.128.0 - 222.152.223.255
netname: FIPD-XTRA-NZ
descr: Telecom Xtra
descr: DSL Dynamic Pools
country: NZ
admin-c: TNZ1-AP
tech-c: TNZ1-AP
notify: abuse@xtra.co.nz
notify: nic@netgate.net.nz
mnt-by: NZTELECOM
changed: dbk1@netgate.net.nz 20041021
status: ALLOCATED NON-PORTABLE
source: APNIC
role: Telecom New ZealandIPRegistry
address: Telecom New Zealand IP Registry
address: 31 Airedale Street,
address: Auckland
country: NZ
phone: +64-9-363-5861
fax-no: +64-9-379-4790
e-mail: nic@global-gateway.net.nz
trouble: abuse@global-gateway.net.nz
admin-c: DBK1-AP
tech-c: BS3-AP
nic-hdl: TNZ1-AP
mnt-by: NZTELECOM
notify: nic@global-gateway.net.nz
changed: dbk1@ggi.net.nz 20031023
changed: dbk1@ggi.net.nz 20041122
source: APNIC
Localisation géographique par IP - IP geographical localization
202.216.177.18 - JP - JAPAN
catv77018.tac-net.ne.jp.
Le serveur whois.apnic.net à retourné l'information suivante :
% [whois.apnic.net node-2]
% Whois data copyright terms https://www.apnic.net/manage-ip/using-whois/bulk-access/copyright/
inetnum: 202.216.0.0 - 202.219.255.255
netname: JPNIC-NET-JP
descr: Japan Network Information Center
country: JP
admin-c: JNIC1-AP
tech-c: JNIC1-AP
remarks: JPNIC Allocation Block
remarks: Authoritative information regarding assignments and
remarks: allocations made from within this block can also be
remarks: queried at whois.nic.ad.jp. To obtain an English
remarks: output query whois -h whois.nic.ad.jp x.x.x.x/e
mnt-by: APNIC-HM
mnt-lower: MAINT-JPNIC
changed: apnic-ftp@nic.ad.jp 19991115
status: ALLOCATED PORTABLE
source: APNIC
role: Japan Network Information Center
address: Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda
address: Chiyoda-ku, Tokyo 101-0047, Japan
country: JP
phone: +81-3-5297-2311
fax-no: +81-3-5297-2312
e-mail: hostmaster@nic.ad.jp
admin-c: JI13-AP
tech-c: JE53-AP
nic-hdl: JNIC1-AP
mnt-by: MAINT-JPNIC
changed: hm-changed@apnic.net 20041222
changed: hm-changed@apnic.net 20050324
changed: ip-apnic@nic.ad.jp 20051027
source: APNIC
inetnum: 202.216.176.0 - 202.216.191.255
netname: TAC-NET
descr: Tokoname New-TV Corporation
country: JP
admin-c: YF743JP
tech-c: YF743JP
remarks: This information has been partially mirrored by APNIC from
remarks: JPNIC. To obtain more specific information, please use the
remarks: JPNIC WHOIS Gateway at
remarks: https://www.nic.ad.jp/en/db/whois/en-gateway.html or
remarks: whois.nic.ad.jp for WHOIS client. (The WHOIS client
remarks: defaults to Japanese output, use the /e switch for English
remarks: output)
changed: apnic-ftp@nic.ad.jp 20030217
source: JPNIC
196.29.201.170 - MU -
Le serveur whois.arin.net à retourné l'information suivante :
OrgName: African Network Information Center
OrgID: AFRINIC
Address: 03B3 - 3rd Floor - Ebene Cyber Tower
Address: Cyber City
Address: Ebene
Address: Mauritius
City: Ebene
StateProv:
PostalCode: 0001
Country: MU
ReferralServer: whois://whois.afrinic.net
NetRange: 196.0.0.0 - 196.255.255.255
CIDR: 196.0.0.0/8
NetName: NET196
NetHandle: NET-196-0-0-0-0
Parent:
NetType: Allocated to AfriNIC
NameServer: NS1.AFRINIC.NET
NameServer: NS-SEC.RIPE.NET
NameServer: NS.LACNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
Comment:
RegDate: 1993-05-01
Updated: 2006-04-27
OrgAbuseHandle: GENER11-ARIN
OrgAbuseName: Generic POC
OrgAbusePhone: +230 4666616
OrgAbuseEmail: abusepoc@afrinic.net
OrgTechHandle: GENER11-ARIN
OrgTechName: Generic POC
OrgTechPhone: +230 4666616
OrgTechEmail: abusepoc@afrinic.net
# ARIN WHOIS database, last updated 2008-03-18 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
196.217.249.190 - MU -
adsl196-190-249-217-196.adsl196-16.iam.net.ma.
Le serveur whois.arin.net à retourné l'information suivante :
OrgName: African Network Information Center
OrgID: AFRINIC
Address: 03B3 - 3rd Floor - Ebene Cyber Tower
Address: Cyber City
Address: Ebene
Address: Mauritius
City: Ebene
StateProv:
PostalCode: 0001
Country: MU
ReferralServer: whois://whois.afrinic.net
NetRange: 196.0.0.0 - 196.255.255.255
CIDR: 196.0.0.0/8
NetName: NET196
NetHandle: NET-196-0-0-0-0
Parent:
NetType: Allocated to AfriNIC
NameServer: NS1.AFRINIC.NET
NameServer: NS-SEC.RIPE.NET
NameServer: NS.LACNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
Comment:
RegDate: 1993-05-01
Updated: 2006-04-27
OrgAbuseHandle: GENER11-ARIN
OrgAbuseName: Generic POC
OrgAbusePhone: +230 4666616
OrgAbuseEmail: abusepoc@afrinic.net
OrgTechHandle: GENER11-ARIN
OrgTechName: Generic POC
OrgTechPhone: +230 4666616
OrgTechEmail: abusepoc@afrinic.net
# ARIN WHOIS database, last updated 2008-03-18 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
218.106.254.83 - CN - CHINA
Le serveur whois.apnic.net à retourné l'information suivante :
% [whois.apnic.net node-2]
% Whois data copyright terms https://www.apnic.net/manage-ip/using-whois/bulk-access/copyright/
inetnum: 218.106.240.0 - 218.106.255.255
netname: CNCGROUP-BJ
descr: CNCGROUP Beijing province network
country: CN
admin-c: CH455-AP
tech-c: SY21-AP
status: ASSIGNED NON-PORTABLE
changed: abuse@china-netcom.com 20070716
mnt-by: MAINT-CNCGROUP
mnt-lower: MAINT-CNCGROUP-BJ
source: APNIC
route: 218.104.0.0/14
descr: CNC Group CncNet
country: CN
origin: AS9929
mnt-by: MAINT-CNCGROUP-RR
changed: abuse@cnc-noc.net 20060329
source: APNIC
role: CNCGroup Hostmaster
e-mail: abuse@cnc-noc.net
address: No.156,Fu-Xing-Men-Nei Street,
address: Beijing,100031,P.R.China
nic-hdl: CH455-AP
phone: +86-10-82993155
fax-no: +86-10-82993102
country: CN
admin-c: CH444-AP
tech-c: CH444-AP
changed: abuse@cnc-noc.net 20041119
mnt-by: MAINT-CNCGROUP
source: APNIC
person: sun ying
address: fu xing men nei da jie 97, Xicheng District
address: Beijing 100800
country: CN
phone: +86-10-66030657
fax-no: +86-10-66078815
e-mail: suny@publicf.bta.net.cn
nic-hdl: SY21-AP
mnt-by: MAINT-CNCGROUP-BJ
changed: suny@publicf.bta.net.cn 19980824
changed: hm-changed@apnic.net 20060717
source: APNIC
Localisation géographique par IP - IP geographical localization
221.13.66.161 - CN - CHINA
Le serveur whois.apnic.net à retourné l'information suivante :
% [whois.apnic.net node-1]
% Whois data copyright terms https://www.apnic.net/manage-ip/using-whois/bulk-access/copyright/
inetnum: 221.13.64.0 - 221.13.95.255
netname: CNCGROUP-XZ
descr: CNC Group Xizang province network
descr: China Network Communications Group Corporation
descr: No.156,Fu-Xing-Men-Nei Street,
descr: Beijing 100031
country: CN
admin-c: CH455-AP
tech-c: CH455-AP
remarks: service provider
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-XZ
mnt-routes: MAINT-CNCGROUP-RR
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20030528
changed: hm-changed@apnic.net 20060124
source: APNIC
role: CNCGroup Hostmaster
e-mail: abuse@cnc-noc.net
address: No.156,Fu-Xing-Men-Nei Street,
address: Beijing,100031,P.R.China
nic-hdl: CH455-AP
phone: +86-10-82993155
fax-no: +86-10-82993102
country: CN
admin-c: CH444-AP
tech-c: CH444-AP
changed: abuse@cnc-noc.net 20041119
mnt-by: MAINT-CNCGROUP
source: APNIC
196.205.94.68 - ON -
host-196-205-94-68.static.link.com.eg.
Le serveur whois.ripe.net à retourné l'information suivante :
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '196.205.0.0 - 196.205.255.255'
inetnum: 196.205.0.0 - 196.205.255.255
org: ORG-AFNC1-RIPE
netname: AFRINIC-NET-TRANSFERRED-20050223
descr: This network has been transferred to AFRINIC
remarks: These IP addresses are assigned in the AFRINIC region.
remarks: Authoritative registration information for this network
remarks: is available for query and modification in
remarks: the AFRINIC whois database: whois.afrinic.net or
remarks: web site: https://www.afrinic.net/
remarks: The routing registry information (route(6) objects)
remarks: may be published in any Routing Registry, including
remarks: RIPE Whois Database
country: EU # country is really somewhere in African Region
admin-c: AFRI-RIPE
tech-c: AFRI-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-routes: RIPE-NCC-RPSL-MNT
source: RIPE # Filtered
organisation: ORG-AFNC1-RIPE
org-name: African Internet Numbers Registry
org-type: RIR
address: see https://www.afrinic.net/
e-mail: bitbucket@ripe.net
admin-c: AFRI-RIPE
tech-c: AFRI-RIPE
remarks: For more information on AFRINIC assigned blocks, use
remarks: AFRINIC's whois database, whois.afrinic.net.
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
role: The African Internet Numbers Registry
org: ORG-AFNC1-RIPE
address: AFRINIC, see https://www.afrinic.net/
admin-c: AFRI-RIPE
tech-c: AFRI-RIPE
nic-hdl: AFRI-RIPE
e-mail: bitbucket@ripe.net
remarks: For more information on AFRINIC assigned blocks, connect
remarks: to AFRINIC's whois database, whois.afrinic.net.
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
% Information related to '196.205.0.0/16AS24863'
route: 196.205.0.0/16
descr: LINKdotNET route
origin: AS24863
mnt-by: MAINT-LINK
source: RIPE # Filtered
% Information related to '196.205.92.0/22AS24863'
route: 196.205.92.0/22
descr: LINKdotNET route
origin: AS24863
mnt-by: MAINT-LINK
source: RIPE # Filtered
% Information related to '196.205.88.0/21AS24863'
route: 196.205.88.0/21
descr: LINKdotNET route
origin: AS24863
mnt-by: MAINT-LINK
source: RIPE # Filtered
% Information related to '196.205.0.0/17AS24863'
route: 196.205.0.0/17
descr: LINKdotNET route
origin: AS24863
mnt-by: MAINT-LINK
source: RIPE # Filtered
222.129.202.131 - CN - CHINA
Le serveur whois.apnic.net à retourné l'information suivante :
% [whois.apnic.net node-2]
% Whois data copyright terms https://www.apnic.net/manage-ip/using-whois/bulk-access/copyright/
inetnum: 222.128.0.0 - 222.131.255.255
netname: CNCGROUP-BJ
descr: CNCGROUP Beijing province network
descr: China Network Communications Group Corporation
descr: No.156,Fu-Xing-Men-Nei Street,
descr: Beijing 100031
country: CN
admin-c: CH455-AP
tech-c: SY21-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-BJ
mnt-routes: MAINT-CNCGROUP-RR
changed: hm-changed@apnic.net 20031119
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20060124
source: APNIC
role: CNCGroup Hostmaster
e-mail: abuse@cnc-noc.net
address: No.156,Fu-Xing-Men-Nei Street,
address: Beijing,100031,P.R.China
nic-hdl: CH455-AP
phone: +86-10-82993155
fax-no: +86-10-82993102
country: CN
admin-c: CH444-AP
tech-c: CH444-AP
changed: abuse@cnc-noc.net 20041119
mnt-by: MAINT-CNCGROUP
source: APNIC
person: sun ying
address: fu xing men nei da jie 97, Xicheng District
address: Beijing 100800
country: CN
phone: +86-10-66030657
fax-no: +86-10-66078815
e-mail: suny@publicf.bta.net.cn
nic-hdl: SY21-AP
mnt-by: MAINT-CNCGROUP-BJ
changed: suny@publicf.bta.net.cn 19980824
changed: hm-changed@apnic.net 20060717
source: APNIC
78.47.78.82 - DE - GERMANY
static.82.78.47.78.clients.your-server.de.
Le serveur whois.ripe.net à retourné l'information suivante :
% This is the RIPE Whois query server #3.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '78.47.78.80 - 78.47.78.87'
inetnum: 78.47.78.80 - 78.47.78.87
netname: RIVERLAND
descr: Riverland
country: DE
admin-c: NS2063-RIPE
tech-c: NS2063-RIPE
status: ASSIGNED PA
mnt-by: HOS-GUN
source: RIPE # Filtered
person: Norbert Schneider
address: Riverland
address: Nymphenburger Str. 147a
address: 80634 München
address: GERMANY
phone: +49 89255575588
fax-no: +49 89255575589
e-mail: daniel@inovativa.de
nic-hdl: NS2063-RIPE
mnt-by: HOS-GUN
source: RIPE # Filtered
% Information related to '78.46.0.0/15AS24940'
route: 78.46.0.0/15
descr: HETZNER-RZ-NBG-BLK5
origin: AS24940
org: ORG-HOA1-RIPE
mnt-by: HOS-GUN
source: RIPE # Filtered
organisation: ORG-HOA1-RIPE
org-name: Hetzner Online AG
org-type: LIR
address: Hetzner Online AG
Attn. Martin Hetzner
Industriestr. 6
91710 Gunzenhausen
Germany
phone: +49 9831 610061
fax-no: +49 9831 610062
e-mail: info@hetzner.de
admin-c: GM834-RIPE
admin-c: MH375-RIPE
admin-c: RB1502-RIPE
admin-c: SK2374-RIPE
admin-c: HOAC1-RIPE
mnt-ref: HOS-GUN
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
/code
Pour info la page demandé était (http://) www.filter-international.com/webservice/aro/ipedido/a/ ou se situe un script php.
Ce site a a mon avis lui aussi été hacké.
Voila peut etre quelqu'un pourrat en dire plus :?: :?:
je suis victime depuis quelques temps de cette attaque sur mon site.
Grace aux renseignements de ce forum: (https://www.webmaster-hub.com/topic/40057-virus-d%C3%A9tect%C3%A9-par-avast-en-allant-sur-mon-propre-site/ j'ai peut être trouvé la (l'une des ?) faille sur mon site:
Je passait en paramètre dans l'url le nom de ma page à afficher. Mon script fesait un include du nom de ma pageconcaténé avec l'extention .php
J'ai donc créé un petit scrip affin de récuperer l'adresse ip de la personne essayant d'entrer un autre nom de page.
Je viens d'avoir dix tentatives d'attaques, voici ce que je récupère de deux de mes srcipt:
Alerte 1:
Le: 19/03/2008 à 19:17:43
Page Demandée:http://www.filter-international.com/about-us/ I
IP: 125.45.197.7FAI: hn.kd.ny.adsl
Utilisateur: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Alerte 2:
Le: 19/03/2008 à 19:07:50
Page Demandée:http://www.filter-international.com/about-us/
IP: 78.47.78.82FAI: static.82.78.47.78.clients.your-server.de
Utilisateur: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
J'ai aussitôt fait un tracage de l'adresse ip renvoyé par mon script et donc voici ce qu'on me donne:
[code] 78.47.78.82 - DE - GERMANY
static.82.78.47.78.clients.your-server.de.
Le serveur whois.ripe.net à retourné l'information suivante :
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '78.47.78.80 - 78.47.78.87'
inetnum: 78.47.78.80 - 78.47.78.87
netname: RIVERLAND
descr: Riverland
country: DE
admin-c: NS2063-RIPE
tech-c: NS2063-RIPE
status: ASSIGNED PA
mnt-by: HOS-GUN
source: RIPE # Filtered
person: Norbert Schneider
address: Riverland
address: Nymphenburger Str. 147a
address: 80634 München
address: GERMANY
phone: +49 89255575588
fax-no: +49 89255575589
e-mail: daniel@inovativa.de
nic-hdl: NS2063-RIPE
mnt-by: HOS-GUN
source: RIPE # Filtered
% Information related to '78.46.0.0/15AS24940'
route: 78.46.0.0/15
descr: HETZNER-RZ-NBG-BLK5
origin: AS24940
org: ORG-HOA1-RIPE
mnt-by: HOS-GUN
source: RIPE # Filtered
organisation: ORG-HOA1-RIPE
org-name: Hetzner Online AG
org-type: LIR
address: Hetzner Online AG
Attn. Martin Hetzner
Industriestr. 6
91710 Gunzenhausen
Germany
phone: +49 9831 610061
fax-no: +49 9831 610062
e-mail: info@hetzner.de
admin-c: GM834-RIPE
admin-c: MH375-RIPE
admin-c: RB1502-RIPE
admin-c: SK2374-RIPE
admin-c: HOAC1-RIPE
mnt-ref: HOS-GUN
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
Localisation géographique par IP - IP geographical localization
125.45.197.7 - CN - CHINA
hn.kd.ny.adsl.
Le serveur whois.apnic.net à retourné l'information suivante :
% [whois.apnic.net node-1]
% Whois data copyright terms https://www.apnic.net/manage-ip/using-whois/bulk-access/copyright/
inetnum: 125.40.0.0 - 125.47.255.255
netname: CNCGROUP-HA
descr: CNCGROUP Henan province network
descr: China Network Communications Group Corporation
descr: No.156,Fu-Xing-Men-Nei Street,
descr: Beijing 100031
country: CN
admin-c: CH455-AP
tech-c: WW444-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-HA
mnt-routes: MAINT-CNCGROUP-RR
status: ALLOCATED PORTABLE
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@apnic.net 20051011
changed: hm-changed@apnic.net 20051020
source: APNIC
route: 125.40.0.0/13
descr: CNC Group CHINA169 Henan Province Network
country: CN
origin: AS4837
mnt-by: MAINT-CNCGROUP-RR
changed: abuse@cnc-noc.net 20060118
source: APNIC
role: CNCGroup Hostmaster
e-mail: abuse@cnc-noc.net
address: No.156,Fu-Xing-Men-Nei Street,
address: Beijing,100031,P.R.China
nic-hdl: CH455-AP
phone: +86-10-82993155
fax-no: +86-10-82993102
country: CN
admin-c: CH444-AP
tech-c: CH444-AP
changed: abuse@cnc-noc.net 20041119
mnt-by: MAINT-CNCGROUP
source: APNIC
person: Wei Wang
nic-hdl: WW444-AP
e-mail: abuse@public.zz.ha.cn
address: #37 Wei Wu Road, Zhengzhou, Henan Provice
phone: +86-371-65952358
fax-no: +86-371-65968952
country: CN
changed: wangw@data.zz.ha.cn 20060205
mnt-by: MAINT-CNCGROUP-HA
source: APNIC
222.152.200.160 - NZ - NEW ZEALAND
222-152-200-160.jetstream.xtra.co.nz.
Le serveur whois.apnic.net à retourné l'information suivante :
% [whois.apnic.net node-2]
% Whois data copyright terms https://www.apnic.net/manage-ip/using-whois/bulk-access/copyright/
inetnum: 222.152.128.0 - 222.152.223.255
netname: FIPD-XTRA-NZ
descr: Telecom Xtra
descr: DSL Dynamic Pools
country: NZ
admin-c: TNZ1-AP
tech-c: TNZ1-AP
notify: abuse@xtra.co.nz
notify: nic@netgate.net.nz
mnt-by: NZTELECOM
changed: dbk1@netgate.net.nz 20041021
status: ALLOCATED NON-PORTABLE
source: APNIC
role: Telecom New ZealandIPRegistry
address: Telecom New Zealand IP Registry
address: 31 Airedale Street,
address: Auckland
country: NZ
phone: +64-9-363-5861
fax-no: +64-9-379-4790
e-mail: nic@global-gateway.net.nz
trouble: abuse@global-gateway.net.nz
admin-c: DBK1-AP
tech-c: BS3-AP
nic-hdl: TNZ1-AP
mnt-by: NZTELECOM
notify: nic@global-gateway.net.nz
changed: dbk1@ggi.net.nz 20031023
changed: dbk1@ggi.net.nz 20041122
source: APNIC
Localisation géographique par IP - IP geographical localization
202.216.177.18 - JP - JAPAN
catv77018.tac-net.ne.jp.
Le serveur whois.apnic.net à retourné l'information suivante :
% [whois.apnic.net node-2]
% Whois data copyright terms https://www.apnic.net/manage-ip/using-whois/bulk-access/copyright/
inetnum: 202.216.0.0 - 202.219.255.255
netname: JPNIC-NET-JP
descr: Japan Network Information Center
country: JP
admin-c: JNIC1-AP
tech-c: JNIC1-AP
remarks: JPNIC Allocation Block
remarks: Authoritative information regarding assignments and
remarks: allocations made from within this block can also be
remarks: queried at whois.nic.ad.jp. To obtain an English
remarks: output query whois -h whois.nic.ad.jp x.x.x.x/e
mnt-by: APNIC-HM
mnt-lower: MAINT-JPNIC
changed: apnic-ftp@nic.ad.jp 19991115
status: ALLOCATED PORTABLE
source: APNIC
role: Japan Network Information Center
address: Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda
address: Chiyoda-ku, Tokyo 101-0047, Japan
country: JP
phone: +81-3-5297-2311
fax-no: +81-3-5297-2312
e-mail: hostmaster@nic.ad.jp
admin-c: JI13-AP
tech-c: JE53-AP
nic-hdl: JNIC1-AP
mnt-by: MAINT-JPNIC
changed: hm-changed@apnic.net 20041222
changed: hm-changed@apnic.net 20050324
changed: ip-apnic@nic.ad.jp 20051027
source: APNIC
inetnum: 202.216.176.0 - 202.216.191.255
netname: TAC-NET
descr: Tokoname New-TV Corporation
country: JP
admin-c: YF743JP
tech-c: YF743JP
remarks: This information has been partially mirrored by APNIC from
remarks: JPNIC. To obtain more specific information, please use the
remarks: JPNIC WHOIS Gateway at
remarks: https://www.nic.ad.jp/en/db/whois/en-gateway.html or
remarks: whois.nic.ad.jp for WHOIS client. (The WHOIS client
remarks: defaults to Japanese output, use the /e switch for English
remarks: output)
changed: apnic-ftp@nic.ad.jp 20030217
source: JPNIC
196.29.201.170 - MU -
Le serveur whois.arin.net à retourné l'information suivante :
OrgName: African Network Information Center
OrgID: AFRINIC
Address: 03B3 - 3rd Floor - Ebene Cyber Tower
Address: Cyber City
Address: Ebene
Address: Mauritius
City: Ebene
StateProv:
PostalCode: 0001
Country: MU
ReferralServer: whois://whois.afrinic.net
NetRange: 196.0.0.0 - 196.255.255.255
CIDR: 196.0.0.0/8
NetName: NET196
NetHandle: NET-196-0-0-0-0
Parent:
NetType: Allocated to AfriNIC
NameServer: NS1.AFRINIC.NET
NameServer: NS-SEC.RIPE.NET
NameServer: NS.LACNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
Comment:
RegDate: 1993-05-01
Updated: 2006-04-27
OrgAbuseHandle: GENER11-ARIN
OrgAbuseName: Generic POC
OrgAbusePhone: +230 4666616
OrgAbuseEmail: abusepoc@afrinic.net
OrgTechHandle: GENER11-ARIN
OrgTechName: Generic POC
OrgTechPhone: +230 4666616
OrgTechEmail: abusepoc@afrinic.net
# ARIN WHOIS database, last updated 2008-03-18 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
196.217.249.190 - MU -
adsl196-190-249-217-196.adsl196-16.iam.net.ma.
Le serveur whois.arin.net à retourné l'information suivante :
OrgName: African Network Information Center
OrgID: AFRINIC
Address: 03B3 - 3rd Floor - Ebene Cyber Tower
Address: Cyber City
Address: Ebene
Address: Mauritius
City: Ebene
StateProv:
PostalCode: 0001
Country: MU
ReferralServer: whois://whois.afrinic.net
NetRange: 196.0.0.0 - 196.255.255.255
CIDR: 196.0.0.0/8
NetName: NET196
NetHandle: NET-196-0-0-0-0
Parent:
NetType: Allocated to AfriNIC
NameServer: NS1.AFRINIC.NET
NameServer: NS-SEC.RIPE.NET
NameServer: NS.LACNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
Comment:
RegDate: 1993-05-01
Updated: 2006-04-27
OrgAbuseHandle: GENER11-ARIN
OrgAbuseName: Generic POC
OrgAbusePhone: +230 4666616
OrgAbuseEmail: abusepoc@afrinic.net
OrgTechHandle: GENER11-ARIN
OrgTechName: Generic POC
OrgTechPhone: +230 4666616
OrgTechEmail: abusepoc@afrinic.net
# ARIN WHOIS database, last updated 2008-03-18 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
218.106.254.83 - CN - CHINA
Le serveur whois.apnic.net à retourné l'information suivante :
% [whois.apnic.net node-2]
% Whois data copyright terms https://www.apnic.net/manage-ip/using-whois/bulk-access/copyright/
inetnum: 218.106.240.0 - 218.106.255.255
netname: CNCGROUP-BJ
descr: CNCGROUP Beijing province network
country: CN
admin-c: CH455-AP
tech-c: SY21-AP
status: ASSIGNED NON-PORTABLE
changed: abuse@china-netcom.com 20070716
mnt-by: MAINT-CNCGROUP
mnt-lower: MAINT-CNCGROUP-BJ
source: APNIC
route: 218.104.0.0/14
descr: CNC Group CncNet
country: CN
origin: AS9929
mnt-by: MAINT-CNCGROUP-RR
changed: abuse@cnc-noc.net 20060329
source: APNIC
role: CNCGroup Hostmaster
e-mail: abuse@cnc-noc.net
address: No.156,Fu-Xing-Men-Nei Street,
address: Beijing,100031,P.R.China
nic-hdl: CH455-AP
phone: +86-10-82993155
fax-no: +86-10-82993102
country: CN
admin-c: CH444-AP
tech-c: CH444-AP
changed: abuse@cnc-noc.net 20041119
mnt-by: MAINT-CNCGROUP
source: APNIC
person: sun ying
address: fu xing men nei da jie 97, Xicheng District
address: Beijing 100800
country: CN
phone: +86-10-66030657
fax-no: +86-10-66078815
e-mail: suny@publicf.bta.net.cn
nic-hdl: SY21-AP
mnt-by: MAINT-CNCGROUP-BJ
changed: suny@publicf.bta.net.cn 19980824
changed: hm-changed@apnic.net 20060717
source: APNIC
Localisation géographique par IP - IP geographical localization
221.13.66.161 - CN - CHINA
Le serveur whois.apnic.net à retourné l'information suivante :
% [whois.apnic.net node-1]
% Whois data copyright terms https://www.apnic.net/manage-ip/using-whois/bulk-access/copyright/
inetnum: 221.13.64.0 - 221.13.95.255
netname: CNCGROUP-XZ
descr: CNC Group Xizang province network
descr: China Network Communications Group Corporation
descr: No.156,Fu-Xing-Men-Nei Street,
descr: Beijing 100031
country: CN
admin-c: CH455-AP
tech-c: CH455-AP
remarks: service provider
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-XZ
mnt-routes: MAINT-CNCGROUP-RR
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20030528
changed: hm-changed@apnic.net 20060124
source: APNIC
role: CNCGroup Hostmaster
e-mail: abuse@cnc-noc.net
address: No.156,Fu-Xing-Men-Nei Street,
address: Beijing,100031,P.R.China
nic-hdl: CH455-AP
phone: +86-10-82993155
fax-no: +86-10-82993102
country: CN
admin-c: CH444-AP
tech-c: CH444-AP
changed: abuse@cnc-noc.net 20041119
mnt-by: MAINT-CNCGROUP
source: APNIC
196.205.94.68 - ON -
host-196-205-94-68.static.link.com.eg.
Le serveur whois.ripe.net à retourné l'information suivante :
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '196.205.0.0 - 196.205.255.255'
inetnum: 196.205.0.0 - 196.205.255.255
org: ORG-AFNC1-RIPE
netname: AFRINIC-NET-TRANSFERRED-20050223
descr: This network has been transferred to AFRINIC
remarks: These IP addresses are assigned in the AFRINIC region.
remarks: Authoritative registration information for this network
remarks: is available for query and modification in
remarks: the AFRINIC whois database: whois.afrinic.net or
remarks: web site: https://www.afrinic.net/
remarks: The routing registry information (route(6) objects)
remarks: may be published in any Routing Registry, including
remarks: RIPE Whois Database
country: EU # country is really somewhere in African Region
admin-c: AFRI-RIPE
tech-c: AFRI-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-routes: RIPE-NCC-RPSL-MNT
source: RIPE # Filtered
organisation: ORG-AFNC1-RIPE
org-name: African Internet Numbers Registry
org-type: RIR
address: see https://www.afrinic.net/
e-mail: bitbucket@ripe.net
admin-c: AFRI-RIPE
tech-c: AFRI-RIPE
remarks: For more information on AFRINIC assigned blocks, use
remarks: AFRINIC's whois database, whois.afrinic.net.
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
role: The African Internet Numbers Registry
org: ORG-AFNC1-RIPE
address: AFRINIC, see https://www.afrinic.net/
admin-c: AFRI-RIPE
tech-c: AFRI-RIPE
nic-hdl: AFRI-RIPE
e-mail: bitbucket@ripe.net
remarks: For more information on AFRINIC assigned blocks, connect
remarks: to AFRINIC's whois database, whois.afrinic.net.
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
% Information related to '196.205.0.0/16AS24863'
route: 196.205.0.0/16
descr: LINKdotNET route
origin: AS24863
mnt-by: MAINT-LINK
source: RIPE # Filtered
% Information related to '196.205.92.0/22AS24863'
route: 196.205.92.0/22
descr: LINKdotNET route
origin: AS24863
mnt-by: MAINT-LINK
source: RIPE # Filtered
% Information related to '196.205.88.0/21AS24863'
route: 196.205.88.0/21
descr: LINKdotNET route
origin: AS24863
mnt-by: MAINT-LINK
source: RIPE # Filtered
% Information related to '196.205.0.0/17AS24863'
route: 196.205.0.0/17
descr: LINKdotNET route
origin: AS24863
mnt-by: MAINT-LINK
source: RIPE # Filtered
222.129.202.131 - CN - CHINA
Le serveur whois.apnic.net à retourné l'information suivante :
% [whois.apnic.net node-2]
% Whois data copyright terms https://www.apnic.net/manage-ip/using-whois/bulk-access/copyright/
inetnum: 222.128.0.0 - 222.131.255.255
netname: CNCGROUP-BJ
descr: CNCGROUP Beijing province network
descr: China Network Communications Group Corporation
descr: No.156,Fu-Xing-Men-Nei Street,
descr: Beijing 100031
country: CN
admin-c: CH455-AP
tech-c: SY21-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-BJ
mnt-routes: MAINT-CNCGROUP-RR
changed: hm-changed@apnic.net 20031119
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20060124
source: APNIC
role: CNCGroup Hostmaster
e-mail: abuse@cnc-noc.net
address: No.156,Fu-Xing-Men-Nei Street,
address: Beijing,100031,P.R.China
nic-hdl: CH455-AP
phone: +86-10-82993155
fax-no: +86-10-82993102
country: CN
admin-c: CH444-AP
tech-c: CH444-AP
changed: abuse@cnc-noc.net 20041119
mnt-by: MAINT-CNCGROUP
source: APNIC
person: sun ying
address: fu xing men nei da jie 97, Xicheng District
address: Beijing 100800
country: CN
phone: +86-10-66030657
fax-no: +86-10-66078815
e-mail: suny@publicf.bta.net.cn
nic-hdl: SY21-AP
mnt-by: MAINT-CNCGROUP-BJ
changed: suny@publicf.bta.net.cn 19980824
changed: hm-changed@apnic.net 20060717
source: APNIC
78.47.78.82 - DE - GERMANY
static.82.78.47.78.clients.your-server.de.
Le serveur whois.ripe.net à retourné l'information suivante :
% This is the RIPE Whois query server #3.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '78.47.78.80 - 78.47.78.87'
inetnum: 78.47.78.80 - 78.47.78.87
netname: RIVERLAND
descr: Riverland
country: DE
admin-c: NS2063-RIPE
tech-c: NS2063-RIPE
status: ASSIGNED PA
mnt-by: HOS-GUN
source: RIPE # Filtered
person: Norbert Schneider
address: Riverland
address: Nymphenburger Str. 147a
address: 80634 München
address: GERMANY
phone: +49 89255575588
fax-no: +49 89255575589
e-mail: daniel@inovativa.de
nic-hdl: NS2063-RIPE
mnt-by: HOS-GUN
source: RIPE # Filtered
% Information related to '78.46.0.0/15AS24940'
route: 78.46.0.0/15
descr: HETZNER-RZ-NBG-BLK5
origin: AS24940
org: ORG-HOA1-RIPE
mnt-by: HOS-GUN
source: RIPE # Filtered
organisation: ORG-HOA1-RIPE
org-name: Hetzner Online AG
org-type: LIR
address: Hetzner Online AG
Attn. Martin Hetzner
Industriestr. 6
91710 Gunzenhausen
Germany
phone: +49 9831 610061
fax-no: +49 9831 610062
e-mail: info@hetzner.de
admin-c: GM834-RIPE
admin-c: MH375-RIPE
admin-c: RB1502-RIPE
admin-c: SK2374-RIPE
admin-c: HOAC1-RIPE
mnt-ref: HOS-GUN
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
/code
Pour info la page demandé était (http://) www.filter-international.com/webservice/aro/ipedido/a/ ou se situe un script php.
Ce site a a mon avis lui aussi été hacké.
Voila peut etre quelqu'un pourrat en dire plus :?: :?:
A voir également:
- Virus check.js sur mon site
- Site de telechargement - Accueil - Outils
- Site comme coco - Accueil - Réseaux sociaux
- Quel site remplace coco - Accueil - Réseaux sociaux
- Site x - Guide
- Site pour vendre des objets d'occasion - Guide
2 réponses
salut,
et tu veux faire quoi ?
corrige la faille et basta !
ou alors dépose plainte mais ça risque de ne pas mener bien loin.
et tu veux faire quoi ?
corrige la faille et basta !
ou alors dépose plainte mais ça risque de ne pas mener bien loin.
Je viens d'ouvrir mon ftp (Filezilla) et avant de me connecter à mon site, j'ai reçu l'alerte de ZoneAlarm:
FileZilla voulait se connecter à
213.239.222.5
hetzner.de
évidemment, j'ai interdit la connection (après quoi, je ne pouvais pas me connecter à mon site non plus).
Toute de suite, après l'alerte, j'ai redémarré Filezilla et "personne" ne guettait à ma porte cette fois-ci...
Juste pour info (ce site /hetzner/ figure également dans les rapports de "totor").
...en fait, quel programme espion ou autre intrus pourrait bien être à l'origine de cette tentative d'intrusion??
La réponse se cache peut-être par là:
https://filezilla-project.org/
à lire en bas de la page:
"Server sponsored by Hetzner Online AG"
?
--------------------------
FileZilla voulait se connecter à
213.239.222.5
hetzner.de
évidemment, j'ai interdit la connection (après quoi, je ne pouvais pas me connecter à mon site non plus).
Toute de suite, après l'alerte, j'ai redémarré Filezilla et "personne" ne guettait à ma porte cette fois-ci...
Juste pour info (ce site /hetzner/ figure également dans les rapports de "totor").
...en fait, quel programme espion ou autre intrus pourrait bien être à l'origine de cette tentative d'intrusion??
La réponse se cache peut-être par là:
https://filezilla-project.org/
à lire en bas de la page:
"Server sponsored by Hetzner Online AG"
?
--------------------------