Posted on by SYSMGR

Script kiddy

It’s been some time, but today there has been a script kiddy busy:

213.186.50.160 - - [15/Jan/2007:17:59:49 +0100] "GET /a1b2c3d4e5f6g7h8i9/nonexistentfile.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:49 +0100] "GET /adxmlrpc.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:49 +0100] "GET /adserver/adxmlrpc.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:49 +0100] "GET /phpAdsNew/adxmlrpc.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:49 +0100] "GET /phpadsnew/adxmlrpc.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:49 +0100] "GET /phpads/adxmlrpc.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:49 +0100] "GET /Ads/adxmlrpc.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:49 +0100] "GET /ads/adxmlrpc.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:49 +0100] "GET /xmlrpc.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:49 +0100] "GET /xmlrpc/xmlrpc.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:49 +0100] "GET /xmlsrv/xmlrpc.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:49 +0100] "GET /blog/xmlrpc.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:50 +0100] "GET /drupal/xmlrpc.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:50 +0100] "GET /community/xmlrpc.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:50 +0100] "GET /blogs/xmlrpc.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:50 +0100] "GET /blogs/xmlsrv/xmlrpc.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:50 +0100] "GET /blog/xmlsrv/xmlrpc.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:50 +0100] "GET /blogtest/xmlsrv/xmlrpc.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:50 +0100] "GET /b2/xmlsrv/xmlrpc.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:50 +0100] "GET /b2evo/xmlsrv/xmlrpc.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:50 +0100] "GET /wordpress/xmlrpc.php HTTP/1.0" 404 864
213.186.50.160 - - [15/Jan/2007:17:59:50 +0100] "GET /phpgroupware/xmlrpc.php HTTP/1.0" 404 864

Who is this:

$ whois 213.186.50.160

Whois Server Version 1.3

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Server Name: NS1.HEBERGISTE.COM
IP Address: 213.186.50.160
Registrar: OVH
Whois Server: whois.ovh.com
Referral URL: http://www.ovh.com

>>> Last update of whois database: Mon, 15 Jan 2007 07:54:15 EST < << $ whois ovh.com Whois Server Version 1.3 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: OVH.COM Registrar: OVH Whois Server: whois.ovh.com Referral URL: http://www.ovh.com Name Server: NS.OVH.NET Name Server: DNS.OVH.NET Status: clientTransferProhibited Status: clientUpdateProhibited Status: clientDeleteProhibited Updated Date: 09-feb-2006 Creation Date: 07-feb-1997 Expiration Date: 08-feb-2007 >>> Last update of whois database: Mon, 15 Jan 2007 07:54:15 EST < <<

That's just what VMS's services gave. A web-based service gave this:


inetnum: 213.186.50.128 - 213.186.50.191
netname: BEWEST
descr: BEWEST
country: FR
admin-c: OK217-RIPE
tech-c: OK217-RIPE
status: ASSIGNED PA
mnt-by: OVH-MNT
source: RIPE # Filtered

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.