Файл: forsoc.ru/manul/static/signatures/malware_db.xml
Строк: 2646
<?xml version="1.0" encoding="utf-8"?>
<!--
<signature>
id=numerical - mandatory
format=re|md5|crc32|md2|const|eval - mandatory
child_id=numerical - mandatory
sever=c|w|i - mandatory
title=string - optional
description=string - optional
detailed description:
[format]
re - regular expression
md5/md2/crc32 - file hash
path - filename or pathname fragment with wildcard (e.g. "wso*.php" or "*.php.*")
const - string constant
eval - a piece of PHP code to execute (evalute)
[child_id]
id of next signature in the chain to test through. It allows to group several signatures into sequence and check them as the chain of rules ("AND" rule).
[sever]
severity of the signature item.
c - critical
w - warning
i - information
[title] / [description]
String constant describing the signature (e.g. shell id or some other)
-->
<database>
<signature id="0" format="re" child_id="-1" sever="c" title="WebShell">ZOBUGTEL</signature>
<signature id="1" format="re" child_id="-1" sever="c" title="WebShell">MagelangCyber</signature>
<signature id="2" format="re" child_id="-1" sever="c" title="WebShell">profexor.hell</signature>
<signature id="3" format="re" child_id="-1" sever="c" title="WebShell"><!--COOKIE UPDATE--></signature>
<signature id="4" format="re" child_id="-1" sever="c" title="WebShell">//rasta//</signature>
<signature id="5" format="re" child_id="-1" sever="c" title="WebShell">$param2mask.")\=[\<qq>\"](.*?)(?=[\<qq>\"] )[\<qq>\"]/sie</signature>
<signature id="6" format="re" child_id="-1" sever="c" title="WebShell">); $i++)$ret.=chr($</signature>
<signature id="7" format="re" child_id="-1" sever="c" title="WebShell">ereg_replace(<q>&email&<q>,</signature>
<signature id="8" format="re" child_id="-1" sever="c" title="WebShell">]]));}}eval($</signature>
<signature id="9" format="re" child_id="-1" sever="c" title="WebShell">fwrite(fopen(dirname(__FILE__)</signature>
<signature id="10" format="re" child_id="-1" sever="c" title="WebShell">Baby_Drakon</signature>
<signature id="11" format="re" child_id="-1" sever="c" title="WebShell">$isevalfunctionavailable</signature>
<signature id="12" format="re" child_id="-1" sever="c" title="WebShell">Net@ddress Mail</signature>
<signature id="13" format="re" child_id="-1" sever="c" title="WebShell">Password:<s>".$_POST[<q>passwd<q>]</signature>
<signature id="14" format="re" child_id="-1" sever="c" title="WebShell">Created By EMMA</signature>
<signature id="15" format="re" child_id="-1" sever="c" title="WebShell">GIF89A;<?php</signature>
<signature id="16" format="re" child_id="-1" sever="c" title="WebShell">oTat8D3DsE8'&~hU06CCH5;$gYSq</signature>
<signature id="17" format="re" child_id="-1" sever="c" title="WebShell">$md5=md5("$random");</signature>
<signature id="18" format="re" child_id="-1" sever="c" title="WebShell">3xp1r3</signature>
<signature id="19" format="re" child_id="-1" sever="c" title="WebShell">$im=substr($tx,$p+2,$p2-($p+2));</signature>
<signature id="20" format="re" child_id="-1" sever="c" title="WebShell">NinjaVirus Here</signature>
<signature id="21" format="re" child_id="-1" sever="c" title="WebShell">7P1td+NWliaI/hWkZ4VX9</signature>
<signature id="22" format="re" child_id="-1" sever="c" title="WebShell"><dot>IrIsT</signature>
<signature id="23" format="re" child_id="-1" sever="c" title="WebShell">ndroi|htc_</signature>
<signature id="24" format="re" child_id="-1" sever="c" title="WebShell">andex|oogl</signature>
<signature id="25" format="re" child_id="-1" sever="c" title="WebShell">Hacked By EnDLeSs</signature>
<signature id="26" format="re" child_id="-1" sever="c" title="WebShell">($_POST["dir"]));</signature>
<signature id="27" format="re" child_id="-1" sever="c" title="WebShell">($indata,$b64=1){if($b64==1){$cd=base64_decode($indata)</signature>
<signature id="28" format="re" child_id="-1" sever="c" title="WebShell">$im=substr($im,0,$i).substr($im,$i2+1,$i4-($i2+1)).substr($im,$i4+12,strlen</signature>
<signature id="29" format="re" child_id="-1" sever="c" title="WebShell"><?php echo "#!!#";</signature>
<signature id="30" format="re" child_id="-1" sever="c" title="WebShell">Punker2Bot</signature>
<signature id="31" format="re" child_id="-1" sever="c" title="WebShell">$sh3llColor</signature>
<signature id="32" format="re" child_id="-1" sever="c" title="WebShell">@chr(($h[$e[$o]]<<4)+($h[$e[++$o]]));}}eval($d)</signature>
<signature id="33" format="re" child_id="-1" sever="c" title="WebShell">ppc|midp|windows ce|mtk|j2me|symbian</signature>
<signature id="34" format="re" child_id="-1" sever="c" title="WebShell">abacho|abizdirectory|about|acoon|alexana</signature>
<signature id="35" format="re" child_id="-1" sever="c" title="WebShell">Zed0x</signature>
<signature id="36" format="re" child_id="-1" sever="c" title="WebShell">darkminz</signature>
<signature id="37" format="re" child_id="-1" sever="c" title="WebShell">ReaL_PuNiShEr</signature>
<signature id="38" format="re" child_id="-1" sever="c" title="WebShell">OoN_Boy</signature>
<signature id="39" format="re" child_id="-1" sever="c" title="WebShell">__VIEWSTATEENCRYPTED</signature>
<signature id="40" format="re" child_id="-1" sever="c" title="WebShell">M4ll3r</signature>
<signature id="41" format="re" child_id="-1" sever="c" title="WebShell">createFilesForInputOutput</signature>
<signature id="42" format="re" child_id="-1" sever="c" title="WebShell">Pashkela</signature>
<signature id="43" format="re" child_id="-1" sever="c" title="WebShell">^c^a^l^p^e^r^_^g^e^r^p</signature>
<signature id="44" format="re" child_id="-1" sever="c" title="WebShell">== "bindshell"</signature>
<signature id="45" format="re" child_id="-1" sever="c" title="WebShell">Webcommander at</signature>
<signature id="46" format="re" child_id="-1" sever="c" title="WebShell">isset($_POST['execgate'])</signature>
<signature id="47" format="re" child_id="-1" sever="c" title="WebShell">fwrite($fpsetv, getenv("HTTP_COOKIE")</signature>
<signature id="48" format="re" child_id="-1" sever="c" title="WebShell">-I/usr/local/bandmin</signature>
<signature id="49" format="re" child_id="-1" sever="c" title="WebShell">$OOO000000=urldecode(</signature>
<signature id="50" format="re" child_id="-1" sever="c" title="WebShell">YENI3ERI</signature>
<signature id="51" format="re" child_id="-1" sever="c" title="WebShell">letaksekarang()</signature>
<signature id="52" format="re" child_id="-1" sever="c" title="WebShell">d3lete</signature>
<signature id="53" format="re" child_id="-1" sever="c" title="WebShell">function urlGetContents($url, $timeout = 5)</signature>
<signature id="54" format="re" child_id="-1" sever="c" title="WebShell">overflow-y:scroll;\">".$links.$html_mf['body']</signature>
<signature id="55" format="re" child_id="-1" sever="c" title="WebShell">Made by Delorean</signature>
<signature id="56" format="re" child_id="-1" sever="c" title="WebShell">if(empty($_GET['zip']) and empty($_GET['download']) & empty($_GET['img'])){</signature>
<signature id="57" format="re" child_id="-1" sever="c" title="WebShell">str_rot13($basea[($dimension*$dimension-1) - ($i*$dimension+$j)])</signature>
<signature id="58" format="re" child_id="-1" sever="c" title="WebShell">R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAA</signature>
<signature id="59" format="re" child_id="-1" sever="c" title="WebShell">preg_match('!MIDP|WAP|Windows.CE|PPC|Series60</signature>
<signature id="60" format="re" child_id="-1" sever="c" title="WebShell">preg_match('/(?<=RewriteRule).*(?=\[L\,R\=302\]</signature>
<signature id="61" format="re" child_id="-1" sever="c" title="WebShell">$url = $urls[rand(0, count($urls)-1)]</signature>
<signature id="62" format="re" child_id="-1" sever="c" title="WebShell">wp_posts WHERE post_type = 'post' AND post_status = 'publish' ORDER BY `ID` DESC</signature>
<signature id="63" format="re" child_id="-1" sever="c" title="WebShell">http://'.$_SERVER['HTTP_HOST'].urldecode($_SERVER['REQUEST_URI'])</signature>
<signature id="64" format="re" child_id="-1" sever="c" title="WebShell">fwrite($f,get_download($_GET['url'])</signature>
<signature id="65" format="re" child_id="-1" sever="c" title="WebShell">$param x $n.substr ($param, length($param) - length($code)%length($param))</signature>
<signature id="66" format="re" child_id="-1" sever="c" title="WebShell">$time_started.$secure_session_user.session_id()</signature>
<signature id="67" format="re" child_id="-1" sever="c" title="WebShell">$this->F->GetController($_SERVER['REQUEST_URI'])</signature>
<signature id="68" format="re" child_id="-1" sever="c" title="WebShell">luciffer@luciffer.org</signature>
<signature id="69" format="re" child_id="-1" sever="c" title="WebShell">base64_decode($code_script)</signature>
<signature id="70" format="re" child_id="-1" sever="c" title="WebShell">unlink($writable_dirs</signature>
<signature id="71" format="re" child_id="-1" sever="c" title="WebShell">file_get_contents(trim($f[$_GET['id']]));</signature>
<signature id="72" format="re" child_id="-1" sever="c" title="WebShell">Cybester90</signature>
<signature id="73" format="re" child_id="-1" sever="c" title="WebShell">/home/mydir/eggdrop/filesys</signature>
<signature id="74" format="re" child_id="-1" sever="c" title="WebShell">--DCCDIR [lindex $User($i) 2]</signature>
<signature id="75" format="re" child_id="-1" sever="c" title="WebShell">unbind RAW -</signature>
<signature id="76" format="re" child_id="-1" sever="c" title="WebShell">putbot $bot</signature>
<signature id="77" format="re" child_id="-1" sever="c" title="WebShell">privmsg $nick</signature>
<signature id="78" format="re" child_id="-1" sever="c" title="WebShell">proc http::Connect {token}</signature>
<signature id="79" format="re" child_id="-1" sever="c" title="WebShell">set google(data) [http::data $google(page)]</signature>
<signature id="80" format="re" child_id="-1" sever="c" title="WebShell">bind join - * gop_join</signature>
<signature id="81" format="re" child_id="-1" sever="c" title="WebShell">privmsg $chan</signature>
<signature id="82" format="re" child_id="-1" sever="c" title="WebShell">r4aTc.dPntE/fztSF1bH3RH0</signature>
<signature id="83" format="re" child_id="-1" sever="c" title="WebShell">bind dcc -</signature>
<signature id="84" format="re" child_id="-1" sever="c" title="WebShell">kill -CHLD \$botpid >/dev/null 2>&1</signature>
<signature id="85" format="re" child_id="-1" sever="c" title="WebShell">regsub -all -- , [string tolower $owner] "" owners</signature>
<signature id="86" format="re" child_id="-1" sever="c" title="WebShell">bind filt - "\001ACTION *\001"</signature>
<signature id="87" format="re" child_id="-1" sever="c" title="WebShell">ayu pr1 pr2 pr3 pr4 pr5 pr6</signature>
<signature id="88" format="re" child_id="-1" sever="c" title="WebShell">set protect-telnet 0</signature>
<signature id="89" format="re" child_id="-1" sever="c" title="WebShell">/usr/local/apache/bin/httpd -DSSL</signature>
<signature id="90" format="re" child_id="-1" sever="c" title="WebShell">$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0</signature>
<signature id="91" format="re" child_id="-1" sever="c" title="WebShell">fopen('/etc/passwd'</signature>
<signature id="92" format="re" child_id="-1" sever="c" title="WebShell">f0VMRgEBAQA</signature>
<signature id="93" format="re" child_id="-1" sever="c" title="WebShell">0d0a0d0a676c6f62616c20246d795f736d7</signature>
<signature id="94" format="re" child_id="-1" sever="c" title="WebShell">etalfnizg</signature>
<signature id="95" format="re" child_id="-1" sever="c" title="WebShell">JHZpc2l0Y291bnQgPSAkSFRUUF9DT09LSUVfV</signature>
<signature id="96" format="re" child_id="-1" sever="c" title="WebShell">edoced_46esab</signature>
<signature id="97" format="re" child_id="-1" sever="c" title="WebShell">e/*./</signature>
<signature id="98" format="re" child_id="-1" sever="c" title="WebShell">@setcookie("hit", 1, time()+</signature>
<signature id="99" format="re" child_id="-1" sever="c" title="WebShell">find_dirs($grandparent_dir, $level, 1, $dirs);</signature>
<signature id="100" format="re" child_id="-1" sever="c" title="WebShell">@copy($_FILES[fileMass][tmp_name],$_POST[path].$_FILES[fileMass][name</signature>
<signature id="101" format="re" child_id="-1" sever="c" title="WebShell">int32((($z >> 5 & 0x07ffffff) ^ $y << 2) + (($y >> 3 & 0x1fffffff) ^ $z << 4</signature>
<signature id="102" format="re" child_id="-1" sever="c" title="WebShell">VOBRA GANGO</signature>
<signature id="103" format="re" child_id="-1" sever="c" title="WebShell">echo y ; sleep 1 ; } | { while read ; do echo z$REPLY; done</signature>
<signature id="104" format="re" child_id="-1" sever="c" title="WebShell"><stdlib.h</signature>
<signature id="105" format="re" child_id="-1" sever="c" title="WebShell">add_filter('the_content', '_bloginfo', 10001)</signature>
<signature id="106" format="re" child_id="-1" sever="c" title="WebShell">itsoknoproblembro</signature>
<signature id="107" format="re" child_id="-1" sever="c" title="WebShell">if self.hash_type == 'pwdump</signature>
<signature id="108" format="re" child_id="-1" sever="c" title="WebShell">$framework.plugins.load("#{rpctype.downcase}rpc", opts).run</signature>
<signature id="109" format="re" child_id="-1" sever="c" title="WebShell">subprocess.Popen('%sgdb -p %d -batch %s' % (gdb_prefix, p</signature>
<signature id="110" format="re" child_id="-1" sever="c" title="WebShell">argparse.ArgumentParser(description=help, prog="sctunnel"</signature>
<signature id="111" format="re" child_id="-1" sever="c" title="WebShell">rule_req = raw_input("SourceFire</signature>
<signature id="112" format="re" child_id="-1" sever="c" title="WebShell">os.system('echo alias ls=".ls.bash" >> ~/.bashrc')</signature>
<signature id="113" format="re" child_id="-1" sever="c" title="WebShell">connection.send("shell "+str(os.getcwd())+</signature>
<signature id="114" format="re" child_id="-1" sever="c" title="WebShell">print("[!] Host: " + hostname + " might be down!\n[!] Response Code</signature>
<signature id="115" format="re" child_id="-1" sever="c" title="WebShell">def daemon(stdin='/dev/null', stdout='/dev/null', stderr='/dev/null')</signature>
<signature id="116" format="re" child_id="-1" sever="c" title="WebShell">subprocess.Popen(cmd, shell = True, stdout=subprocess.PIPE, stderr=subprocess.STDOU</signature>
<signature id="117" format="re" child_id="-1" sever="c" title="WebShell">if(isset($_GET['host'])&&isset($_GET['time'])){</signature>
<signature id="118" format="re" child_id="-1" sever="c" title="WebShell">NIGGERS.NIGGERS</signature>
<signature id="119" format="re" child_id="-1" sever="c" title="WebShell">HTTP flood complete after</signature>
<signature id="120" format="re" child_id="-1" sever="c" title="WebShell">80 -b $1 -i eth0 -s 8</signature>
<signature id="121" format="re" child_id="-1" sever="c" title="WebShell">exploitcookie</signature>
<signature id="122" format="re" child_id="-1" sever="c" title="WebShell">system("php -f xpl $host")</signature>
<signature id="123" format="re" child_id="-1" sever="c" title="WebShell">sh go $1.$x</signature>
<signature id="124" format="re" child_id="-1" sever="c" title="WebShell">az88pix00q98</signature>
<signature id="125" format="re" child_id="-1" sever="c" title="WebShell">unless(open(PFD,$g_upload_db))</signature>
<signature id="126" format="re" child_id="-1" sever="c" title="WebShell">www.t0s.org</signature>
<signature id="127" format="re" child_id="-1" sever="c" title="WebShell">$value =~ s/%(..)/pack('c',hex($1))/eg;</signature>
<signature id="128" format="re" child_id="-1" sever="c" title="WebShell">The Dark Raver</signature>
<signature id="129" format="re" child_id="-1" sever="c" title="WebShell">Q3JlZGl0IDogVW5kZXJncm91bmQgRGV2aWwgJm5ic3A7ICB8DQo8YSBocmVmP</signature>
<signature id="130" format="re" child_id="-1" sever="c" title="WebShell">}elseif($_GET['page']=='ddos'</signature>
<signature id="131" format="re" child_id="-1" sever="c" title="WebShell">{$_POST['root']}</signature>
<signature id="132" format="re" child_id="-1" sever="c" title="WebShell">I/gcZ/vX0A10DDRDg7Ezk/d+3+8qvqqS1K0+AXY</signature>
<signature id="133" format="re" child_id="-1" sever="c" title="WebShell">FJ3FkuPKFkU/53WEBmIaipktnLwQW8z49dc1rbbLqsw8e69l6vJM+3/124xVn+7l</signature>
<signature id="134" format="re" child_id="-1" sever="c" title="WebShell">\u003c\u0069\u006d\u0067\u0020\u0073\u0072\u0063\u003d\u0022\u0068\u0074\u0074\u0070\u003a\u002f\u002f</signature>
<signature id="135" format="re" child_id="-1" sever="c" title="WebShell">463839610c000b00800100ffffffffffff21f90401000001002c000</signature>
<signature id="136" format="re" child_id="-1" sever="c" title="WebShell">fread($fp, filesize($fichero))</signature>
<signature id="137" format="re" child_id="-1" sever="c" title="WebShell">$baslik=$_POST['baslik']</signature>
<signature id="138" format="re" child_id="-1" sever="c" title="WebShell">proc_open('IHSteam</signature>
<signature id="139" format="re" child_id="-1" sever="c" title="WebShell">\x31\xdb\xf7\xe3\x53\x43\x53\x6a\x02\x89\xe1\xb0\x66\xcd</signature>
<signature id="140" format="re" child_id="-1" sever="c" title="WebShell">AAAAAAAAMAAwABAAAAeAUAADQAAADsCQAAAAAAADQAIAADACgAFwAUAAEA</signature>
<signature id="141" format="re" child_id="-1" sever="c" title="WebShell">$ini['users'] = array('root' =></signature>
<signature id="142" format="re" child_id="-1" sever="c" title="WebShell">HJ3HjutckoRfpXf9A1zQO2AwDRrRey9uGvTeez79qAao1a0rgudkZkR8Ra</signature>
<signature id="143" format="re" child_id="-1" sever="c" title="WebShell">curl_setopt($ch, CURLOPT_URL, "http://$host:2082")</signature>
<signature id="144" format="re" child_id="-1" sever="c" title="WebShell"><%= "\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %></signature>
<signature id="145" format="re" child_id="-1" sever="c" title="WebShell">sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.Decimal).Value = decimal</signature>
<signature id="146" format="re" child_id="-1" sever="c" title="WebShell">Response.Write("<br>( ) <a href=?type=1&file=" & server.URLencode(item.path) & "\>" & item</signature>
<signature id="147" format="re" child_id="-1" sever="c" title="WebShell">new FileStream(Path.Combine(fileInfo.DirectoryName, Path.GetFileName(httpPostedFile.FileName)), FileMode.Create</signature>
<signature id="148" format="re" child_id="-1" sever="c" title="WebShell">Response.Write(Server.HtmlEncode(this.ExecuteCommand(txtCommand.Text)))</signature>
<signature id="149" format="re" child_id="-1" sever="c" title="WebShell"><%=Request.Servervariables("SCRIPT_NAME")%>?txtpath=<%=Request.QueryString("txtpath</signature>
<signature id="150" format="re" child_id="-1" sever="c" title="WebShell">outstr += string.Format("<a href='?fdir={0}'>{1}/</a>&nbsp;"</signature>
<signature id="151" format="re" child_id="-1" sever="c" title="WebShell">QOiKWAgV613LvstKY+UB98JZTRGIhYBdHuJCAwm+Xth16AwQ8X4tPMcMVZQte</signature>
<signature id="152" format="re" child_id="-1" sever="c" title="WebShell">re.findall(dirt+'(.*)',prognm)[0]</signature>
<signature id="153" format="re" child_id="-1" sever="c" title="WebShell">find / -name .ssh > $dir/sshkeys/sshkeys</signature>
<signature id="154" format="re" child_id="-1" sever="c" title="WebShell">FS_chk_func_libc=( $(readelf -s $FS_libc | grep _chk@@ | awk</signature>
<signature id="155" format="re" child_id="-1" sever="c" title="WebShell">Ly83MTg3OWQyMTJkYzhjYmY0ZDRmZDA0NGEzZDE3Zjk3ZmI2N</signature>
<signature id="156" format="re" child_id="-1" sever="c" title="WebShell">$file = $_FILES["filename"]["name"]; echo "<a href=\"$file\">$file</a>";} else {echo("empty");}</signature>
<signature id="157" format="re" child_id="-1" sever="c" title="WebShell">DJ7VIU7RICXr6sEEV2cBtHDSOe9nVdpEGhEmvRVRNURfw1wQ</signature>
<signature id="158" format="re" child_id="-1" sever="c" title="WebShell">Lz8_Ly8vDx8e_v7-7u7u3s7uzs7Ozq6unq7erq6uvq5-jo6ujn5</signature>
<signature id="159" format="re" child_id="-1" sever="c" title="WebShell">iVBORw0KGgoAAAANSUhEUgAAAAoAAAAICAYAAADA-m62AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQU</signature>
<signature id="160" format="re" child_id="-1" sever="c" title="WebShell">server.</p>\r\n</body></html>";exit;}if(preg_match(</signature>
<signature id="161" format="re" child_id="-1" sever="c" title="WebShell">$Fchmod,$Fdata,$Options,$Action,$hddall,$hddfree,$hddproc,$uname,$idd):shared</signature>
<signature id="162" format="re" child_id="-1" sever="c" title="WebShell">php ".$wso_path</signature>
<signature id="163" format="re" child_id="-1" sever="c" title="WebShell">$prod="sy"."s"."tem";$id=$prod($_REQUEST['product']);${'id'};</signature>
<signature id="164" format="re" child_id="-1" sever="c" title="WebShell">@assert($_REQUEST['PHPSESSID']</signature>
<signature id="165" format="re" child_id="-1" sever="c" title="WebShell">POST {$path}{$connector}?Command=FileUpload&Type=File&CurrentFolder=</signature>
<signature id="166" format="re" child_id="-1" sever="c" title="WebShell">find / -type f -name .htpasswd</signature>
<signature id="167" format="re" child_id="-1" sever="c" title="WebShell">find / -type f -perm -02000 -ls</signature>
<signature id="168" format="re" child_id="-1" sever="c" title="WebShell">find / -type f -perm -04000 -ls</signature>
<signature id="169" format="re" child_id="-1" sever="c" title="WebShell">"admin1.php", "admin1.html", "admin2.php", "admin2.html", "yonetim.php", "yonetim.html"</signature>
<signature id="170" format="re" child_id="-1" sever="c" title="WebShell">@path1=('admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/'</signature>
<signature id="171" format="re" child_id="-1" sever="c" title="WebShell">cat ${blklog[2]} | grep "root:x:0:0"</signature>
<signature id="172" format="re" child_id="-1" sever="c" title="WebShell">?url='.$_SERVER['HTTP_HOST']).unlink(ROOT_DIR.</signature>
<signature id="173" format="re" child_id="-1" sever="c" title="WebShell">long int:t(0,3)=r(0,3);-2147483648;2147483647;</signature>
<signature id="174" format="re" child_id="-1" sever="c" title="WebShell">create_function("&$"."function","$"."function = chr(ord($"."function)-3);")</signature>
<signature id="175" format="re" child_id="-1" sever="c" title="WebShell">function google_bot() {$sUserAgent = strtolower($_SERVER['HTTP_USER_AGENT']);if(!(strp</signature>
<signature id="176" format="re" child_id="-1" sever="c" title="WebShell">copy($_FILES['upkk']['tmp_name'],"kk/".basename($_FILES['upkk']['name']));</signature>
<signature id="177" format="re" child_id="-1" sever="c" title="WebShell">for ($value) { s/&/&amp;/g; s/</&lt;/g; s/>/&gt;/g; s/"/&quot;/g; }</signature>
<signature id="178" format="re" child_id="-1" sever="c" title="WebShell">$db_d = @mysql_select_db($database,$con1);</signature>
<signature id="179" format="re" child_id="-1" sever="c" title="WebShell">Send this file: <INPUT NAME="userfile" TYPE="file"></signature>
<signature id="180" format="re" child_id="-1" sever="c" title="WebShell">fwrite ($fp, "$yazi");</signature>
<signature id="181" format="re" child_id="-1" sever="c" title="WebShell">map { read_shell($_) } ($sel_shell->can_read(0.01));</signature>
<signature id="182" format="re" child_id="-1" sever="c" title="WebShell">2>&1 1>&2" : " 1>&1 2>&1");</signature>
<signature id="183" format="re" child_id="-1" sever="c" title="WebShell">global $mysqlHandle, $dbname, $tablename, $old_name, $name,</signature>
<signature id="184" format="re" child_id="-1" sever="c" title="WebShell">__all__ = ["SMTPServer","DebuggingServer","PureProxy","MailmanProxy"]</signature>
<signature id="185" format="re" child_id="-1" sever="c" title="WebShell">if (is_file("/tmp/$ekinci")){</signature>
<signature id="186" format="re" child_id="-1" sever="c" title="WebShell">if($cmd != "") print Shell_Exec($cmd);</signature>
<signature id="187" format="re" child_id="-1" sever="c" title="WebShell">$cmd = ($_REQUEST['cmd']);</signature>
<signature id="188" format="re" child_id="-1" sever="c" title="WebShell">$uploadfile = $rpath."/" . $_FILES['userfile']['name'];</signature>
<signature id="189" format="re" child_id="-1" sever="c" title="WebShell">if ($funcarg =~ /^portscan (.*)/)</signature>
<signature id="190" format="re" child_id="-1" sever="c" title="WebShell"><% For Each Vars In Request.ServerVariables %></signature>
<signature id="191" format="re" child_id="-1" sever="c" title="WebShell">if(''==($df=@ini_get('disable_functions'))){echo</signature>
<signature id="192" format="re" child_id="-1" sever="c" title="WebShell">$filename = $backupstring."$filename";</signature>
<signature id="193" format="re" child_id="-1" sever="c" title="WebShell"><%#@~^HwAAAA==@#@&DnkwKx/RUN@#@&nx9Pd;(@#@&ugcAAA==^#~@%></signature>
<signature id="194" format="re" child_id="-1" sever="c" title="WebShell">$function($_POST['cmd'])</signature>
<signature id="195" format="re" child_id="-1" sever="c" title="WebShell">echo "FILE UPLOADED TO $dez";</signature>
<signature id="196" format="re" child_id="-1" sever="c" title="WebShell">if (!@is_link($file) && ($r = realpath($file)) != FALSE) $file = $r;</signature>
<signature id="197" format="re" child_id="-1" sever="c" title="WebShell">UNION SELECT '0' , '<? system(\$_GET[cpc]);exit; ?>' ,0 ,0 ,0 ,0 INTO OUTFILE '$outfile</signature>
<signature id="198" format="re" child_id="-1" sever="c" title="WebShell">if(move_uploaded_file($_FILES["fic"]["tmp_name"],good_link("./".$_FILES["fic"]["name"])))</signature>
<signature id="199" format="re" child_id="-1" sever="c" title="WebShell">connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print</signature>
<signature id="200" format="re" child_id="-1" sever="c" title="WebShell">elseif(@is_writable($FN) && @is_file($FN)) $tmpOutMF</signature>
<signature id="201" format="re" child_id="-1" sever="c" title="WebShell">while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) print_r($row);</signature>
<signature id="202" format="re" child_id="-1" sever="c" title="WebShell">$fe("$cmd 2>&1");</signature>
<signature id="203" format="re" child_id="-1" sever="c" title="WebShell">send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++;;</signature>
<signature id="204" format="re" child_id="-1" sever="c" title="WebShell">} elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {</signature>
<signature id="205" format="re" child_id="-1" sever="c" title="WebShell">elseif(function_exists("shell_exec"))</signature>
<signature id="206" format="re" child_id="-1" sever="c" title="WebShell">system("$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp");</signature>
<signature id="207" format="re" child_id="-1" sever="c" title="WebShell">$_FILES['probe']['size'], $_FILES['probe']['type']);</signature>
<signature id="208" format="re" child_id="-1" sever="c" title="WebShell">$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];</signature>
<signature id="209" format="re" child_id="-1" sever="c" title="WebShell">mysql_query("CREATE TABLE `xploit` (`xploit` LONGBLOB NOT NULL)");</signature>
<signature id="210" format="re" child_id="-1" sever="c" title="WebShell">passthru( $bindir."mysqldump --user=$USERNAME --password=$PASSWORD</signature>
<signature id="211" format="re" child_id="-1" sever="c" title="WebShell"><a href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a></signature>
<signature id="212" format="re" child_id="-1" sever="c" title="WebShell">if(get_magic_quotes_gpc())$shellOut=stripslashes($shellOut);</signature>
<signature id="213" format="re" child_id="-1" sever="c" title="WebShell">if (!defined$param{cmd}){$param{cmd}="ls -la"};</signature>
<signature id="214" format="re" child_id="-1" sever="c" title="WebShell">shell_exec('uname -a');</signature>
<signature id="215" format="re" child_id="-1" sever="c" title="WebShell">if (move_uploaded_file($_FILES['fila']['tmp_name'], $curdir."/".$_FILES['fila']['name'])) {</signature>
<signature id="216" format="re" child_id="-1" sever="c" title="WebShell">if (empty($_POST['wser'])) {$wser = "whois.ripe.net";} else $wser = $_POST['wser'];</signature>
<signature id="217" format="re" child_id="-1" sever="c" title="WebShell"><%=env.queryHashtable("user.name")%></signature>
<signature id="218" format="re" child_id="-1" sever="c" title="WebShell">PySystemState.initialize(System.getProperties(), null, argv);</signature>
<signature id="219" format="re" child_id="-1" sever="c" title="WebShell">if(!$whoami)$whoami=exec("whoami");</signature>
<signature id="220" format="re" child_id="-1" sever="c" title="WebShell">shell_exec($_POST['cmd'] . " 2>&1");</signature>
<signature id="221" format="re" child_id="-1" sever="c" title="WebShell">PnVlkWM63!@#@&dKx~nMDWM~D/Esn~x6D@#@&P~~,?nY,WP{Poj</signature>
<signature id="222" format="re" child_id="-1" sever="c" title="WebShell">!$_REQUEST["c99sh_surl"])</signature>
<signature id="223" format="re" child_id="-1" sever="c" title="WebShell">(ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command']))</signature>
<signature id="224" format="re" child_id="-1" sever="c" title="WebShell">$login=@posix_getuid();</signature>
<signature id="225" format="re" child_id="-1" sever="c" title="WebShell">system("unset HISTFILE; unset SAVEHIST</signature>
<signature id="226" format="re" child_id="-1" sever="c" title="WebShell"><HTML><HEAD><TITLE>cgi-shell.py</signature>
<signature id="227" format="re" child_id="-1" sever="c" title="WebShell">execl("/bin/sh","sh","-i",(char*)0);</signature>
<signature id="228" format="re" child_id="-1" sever="c" title="WebShell">ncftpput -u $ftp_user_name</signature>
<signature id="229" format="re" child_id="-1" sever="c" title="WebShell">$a[hits]'); \r\n#endquery\r\n</signature>
<signature id="230" format="re" child_id="-1" sever="c" title="WebShell">{${passthru($cmd)}}<br></signature>
<signature id="231" format="re" child_id="-1" sever="c" title="WebShell">$backdoor->ccopy($cfichier,$cdestination);</signature>
<signature id="232" format="re" child_id="-1" sever="c" title="WebShell">$izinler2=substr(base_convert(@fileperms($fname),10,8),-4);</signature>
<signature id="233" format="re" child_id="-1" sever="c" title="WebShell">for(;$paddr=accept(CLIENT, SERVER);close CLIENT) {</signature>
<signature id="234" format="re" child_id="-1" sever="c" title="WebShell">Asmodeus</signature>
<signature id="235" format="re" child_id="-1" sever="c" title="WebShell">passthru(getenv("HTTP_ACCEPT_LANGUAGE</signature>
<signature id="236" format="re" child_id="-1" sever="c" title="WebShell">$____=@gzinflate($____)){if(isset($_POS</signature>
<signature id="237" format="re" child_id="-1" sever="c" title="WebShell">$subj=urldecode($_GET['su']);$body=urldecode($_GET['bo']);$sds=urldecode($_GET['sd'])</signature>
<signature id="238" format="re" child_id="-1" sever="c" title="WebShell">$ka='<?//BRE';$kaka=$ka.'ACK//?></signature>
<signature id="239" format="re" child_id="-1" sever="c" title="WebShell">Cautam fisierele de configurare</signature>
<signature id="240" format="re" child_id="-1" sever="c" title="WebShell">BRUTEFORCING</signature>
<signature id="241" format="re" child_id="-1" sever="c" title="WebShell">pwd > Generasi.dir</signature>
<signature id="242" format="re" child_id="-1" sever="c" title="WebShell">xh -s "/usr/local/apache/sbin/httpd -DSSL" ./httpd -m $1</signature>
<signature id="243" format="re" child_id="-1" sever="c" title="WebShell">$a=(substr(urlencode(print_r(array(),1)),5,1).c)</signature>
<signature id="244" format="re" child_id="-1" sever="c" title="WebShell">!@$_COOKIE[$sessdt_k]</signature>
<signature id="245" format="re" child_id="-1" sever="c" title="WebShell">SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`)</signature>
<signature id="246" format="re" child_id="-1" sever="c" title="WebShell">copy($_FILES[x][tmp_name],$_FILES[x][name]))</signature>
<signature id="247" format="re" child_id="-1" sever="c" title="WebShell">$MessageSubject = base64_decode($_POST["msgsubject"]);</signature>
<signature id="248" format="re" child_id="-1" sever="c" title="WebShell">rename("wso.php",</signature>
<signature id="249" format="re" child_id="-1" sever="c" title="WebShell">$redirectURL='http://'.$rSite.$_SERVER['REQUEST_URI'];if(isset($_SERVER['HTTP_REFERER'])</signature>
<signature id="250" format="re" child_id="-1" sever="c" title="WebShell">$filepath=@realpath($_POST['filepath']);</signature>
<signature id="251" format="re" child_id="-1" sever="c" title="WebShell">Worker_GetReplyCode($opData['recvBuffer'])</signature>
<signature id="252" format="re" child_id="-1" sever="c" title="WebShell">FaTaLisTiCz_Fx Fx29Sh</signature>
<signature id="253" format="re" child_id="-1" sever="c" title="WebShell">w4ck1ng shell</signature>
<signature id="254" format="re" child_id="-1" sever="c" title="WebShell">private Shell by m4rco</signature>
<signature id="255" format="re" child_id="-1" sever="c" title="WebShell">Shell by Mawar_Hitam</signature>
<signature id="256" format="re" child_id="-1" sever="c" title="WebShell">PHPSHELL.PHP</signature>
<signature id="257" format="re" child_id="-1" sever="c" title="WebShell">round(0+9830.4+9830.4+9830.4+9830.4+9830.4))==</signature>
<signature id="258" format="re" child_id="-1" sever="c" title="WebShell">vzv6d+iOvtkd38TlHu8mQavXdnJCbpQcpXhNbbLmZOqMopDZeNalb+VKledhCjpVAMQSQnxVIECQAfLu5KgLmwB6ehQQGNSBYjpg9g5GdBihXo</signature>
<signature id="259" format="re" child_id="-1" sever="c" title="WebShell">if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs))</signature>
<signature id="260" format="re" child_id="-1" sever="c" title="WebShell">LS0gRHVtcDNkIGJ5IFBpcnVsaW4uUEhQIFdlYnNoM2xsIHYxLjAgYzBkZWQgYnkgcjBkcjEgOkw=</signature>
<signature id="261" format="re" child_id="-1" sever="c" title="WebShell">5jb20iKW9yIHN0cmlzdHIoJHJlZmVyZXIsImFwb3J0Iikgb3Igc3RyaXN0cigkcmVmZXJlciwibmlnbWEiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJ3ZWJhbHRhIikgb3Igc3RyaXN0cigk</signature>
<signature id="262" format="re" child_id="-1" sever="c" title="WebShell">eval(base64_decode($_</signature>
<signature id="263" format="re" child_id="-1" sever="c" title="WebShell">wsoEx('tar cfzv ' . escapeshellarg($_POST['p2'])</signature>
<signature id="264" format="re" child_id="-1" sever="c" title="WebShell"><nobr><b>$cdir$cfile</b> (".$file["size_str"].")</nobr></td></tr><form name=curr_file></signature>
<signature id="265" format="re" child_id="-1" sever="c" title="WebShell">Content-Type: $_</signature>
<signature id="266" format="re" child_id="-1" sever="c" title="WebShell"></td><td id=fa>[ <a title=\"Home: '".htmlspecialchars(str_replace("\", $sep, getcwd()))."'.\" id=fa href=\"javascript:ViewDir('".rawurlencode</signature>
<signature id="267" format="re" child_id="-1" sever="c" title="WebShell">CQboGl7f+xcAyUysxb5mKS6kAWsnRLdS+sKgGoZWdswLFJZV8tVzXsq+meSPHMxTI3nSUB4fJ2vR3r3OnvXtNAqN6wn/DtTTi+Cu1UOJwNL</signature>
<signature id="268" format="re" child_id="-1" sever="c" title="WebShell">WSOsetcookie(md5($_SERVER['HTTP_HOST'])</signature>
<signature id="269" format="re" child_id="-1" sever="c" title="WebShell">X1NFU1NJT05bJ3R4dGF1dGhpbiddID0gdHJ1ZTsNCiAgICBpZiAoJF9QT1NUWydybSddKSB7DQogICAgICBzZXRjb29raWUoJ3R4dGF1dGhfJy4kcm1ncm91cCwgbW</signature>
<signature id="270" format="re" child_id="-1" sever="c" title="WebShell">J@!Vr@*&RHRw~JLw.G|xlhnLJ~?1.bwObxbP|!V</signature>
<signature id="271" format="re" child_id="-1" sever="c" title="WebShell">zehirhacker</signature>
<signature id="272" format="re" child_id="-1" sever="c" title="WebShell">('"','&quot;',$fn)).'";document.list.submit();\'>'.htmlspecialchars(strlen($fn)>format?substr($fn,0,format-3).'...':$fn).'</a>'.str_repeat(' ',format-strlen($fn)</signature>
<signature id="273" format="re" child_id="-1" sever="c" title="WebShell">print((is_readable($f) && is_writeable($f))?"<tr><td>".w(1).b("R".w(1).font('red','RW',3)).w(1):(((is_readable($f))?"<tr><td>".w(1).b("R").w(4):"").((is_writabl</signature>
<signature id="274" format="re" child_id="-1" sever="c" title="WebShell">R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAA</signature>
<signature id="275" format="re" child_id="-1" sever="c" title="WebShell"><%=Request.ServerVariables("script_name")%>?FolderPath=<%=Server.URLPathEncode(Folder.Driv</signature>
<signature id="276" format="re" child_id="-1" sever="c" title="WebShell">m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdX</signature>
<signature id="277" format="re" child_id="-1" sever="c" title="WebShell">RootShell!');self.location.href='http:</signature>
<signature id="278" format="re" child_id="-1" sever="c" title="WebShell">a href="<?echo "$fistik.php?dizin=$dizin/../"?>" style="text-decoration: non</signature>
<signature id="279" format="re" child_id="-1" sever="c" title="WebShell">CB2aTZpIDEwMjQtDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KI3JlcXVp</signature>
<signature id="280" format="re" child_id="-1" sever="c" title="WebShell">s().g().s().s().g().s().s().g()</signature>
<signature id="281" format="re" child_id="-1" sever="c" title="WebShell">nt)(disk_total_space(getcwd())/(1024*1024)) . "Mb " . "Free space " . (int)(disk_free_space(getcwd())/(1024*1024)) . "Mb <</signature>
<signature id="282" format="re" child_id="-1" sever="c" title="WebShell">klasvayv.asp?yenidosya=<%=aktifklas%></signature>
<signature id="283" format="re" child_id="-1" sever="c" title="WebShell">WT+P{~EW0ErPOtnU@#@&^l^sP1ldny@#@&nsk+r0,GT+</signature>
<signature id="284" format="re" child_id="-1" sever="c" title="WebShell">mpty($_POST['ur'])) $mode |= 0400; if (!empty($_POST['uw'])) $mode |= 0200; if (!empty($_POST['ux'])) $mode |= 0100</signature>
<signature id="285" format="re" child_id="-1" sever="c" title="WebShell">/0tVSG/Suv0Ur/haUYAdn3jMQwbbocGffAeC29BN9tmBiJdV1lk+jYDU92C94jdtDif+xOYjG6CLhx31Uo9x9/eAWgsBK60kK2mLwqzqd</signature>
<signature id="286" format="re" child_id="-1" sever="c" title="WebShell">crlf.'unlink($name);'.$crlf.'rename("~".$name, $name);'.$crlf.'unlink("grp_repair.php"</signature>
<signature id="287" format="re" child_id="-1" sever="c" title="WebShell">DX_Header_drawn</signature>
<signature id="288" format="re" child_id="-1" sever="c" title="WebShell">[Av4bfCYCS,xKWk$+TkUS,xnGdAx[O</signature>
<signature id="289" format="re" child_id="-1" sever="c" title="WebShell">BDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAAQABADASIAAhEBA</signature>
<signature id="290" format="re" child_id="-1" sever="c" title="WebShell">ctshell.php</signature>
<signature id="291" format="re" child_id="-1" sever="c" title="WebShell">Executed command: <b><font color=#dcdcdc>[$cmd]</signature>
<signature id="292" format="re" child_id="-1" sever="c" title="WebShell">WSCRIPT.SHELL</signature>
<signature id="293" format="re" child_id="-1" sever="c" title="WebShell">casus15</signature>
<signature id="294" format="re" child_id="-1" sever="c" title="WebShell">R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ</signature>
<signature id="295" format="re" child_id="-1" sever="c" title="WebShell">admin@spygrup.org</signature>
<signature id="296" format="re" child_id="-1" sever="c" title="WebShell">temp_r57_table</signature>
<signature id="297" format="re" child_id="-1" sever="c" title="WebShell">$c99sh_updatefurl</signature>
<signature id="298" format="re" child_id="-1" sever="c" title="WebShell">By Psych0</signature>
<signature id="299" format="re" child_id="-1" sever="c" title="WebShell">c99ftpbrutecheck</signature>
<signature id="300" format="re" child_id="-1" sever="c" title="WebShell"><textarea name=\"phpev\" rows=\"5\" cols=\"150\">".@$_POST['phpev']."</textarea><br></signature>
<signature id="301" format="re" child_id="-1" sever="c" title="WebShell">$info .= (($perms & 0x0040) ?(($perms & 0x0800) ? 's' : 'x' ) :(($perms & 0x0800) ? 'S' : '-')</signature>
<signature id="302" format="re" child_id="-1" sever="c" title="WebShell">$rand_writable_folder_fullpath</signature>
<signature id="303" format="re" child_id="-1" sever="c" title="WebShell">Dr.abolalh</signature>
<signature id="304" format="re" child_id="-1" sever="c" title="WebShell">K!LL3r</signature>
<signature id="305" format="re" child_id="-1" sever="c" title="WebShell">MrHazem</signature>
<signature id="306" format="re" child_id="-1" sever="c" title="WebShell">C0derz.com</signature>
<signature id="307" format="re" child_id="-1" sever="c" title="WebShell">OLB:PRODUCT:ONLINE_BANKING</signature>
<signature id="308" format="re" child_id="-1" sever="c" title="WebShell">BY MMNBOBZ</signature>
<signature id="309" format="re" child_id="-1" sever="c" title="WebShell">ConnectBackShell</signature>
<signature id="310" format="re" child_id="-1" sever="c" title="WebShell">Hackeado</signature>
<signature id="311" format="re" child_id="-1" sever="c" title="WebShell">d3b~X</signature>
<signature id="312" format="re" child_id="-1" sever="c" title="WebShell">rahui</signature>
<signature id="313" format="re" child_id="-1" sever="c" title="WebShell">Mr.HiTman</signature>
<signature id="314" format="re" child_id="-1" sever="c" title="WebShell">Mrlool.exe</signature>
<signature id="315" format="re" child_id="-1" sever="c" title="WebShell">functions+read_pic(s*$As*)s*{s*$as*=s*$_SERVER</signature>
<signature id="316" format="re" child_id="-1" sever="c" title="WebShell">filemtime($basepaths*.s*['"]/configuration.php</signature>
<signature id="317" format="re" child_id="-1" sever="c" title="WebShell">lists*(s*$hosts*,s*$ports*,s*$sizes*,s*$exec_time</signature>
<signature id="318" format="re" child_id="-1" sever="c" title="WebShell">listing_page(s*notice(s*['"]symlinked</signature>
<signature id="319" format="re" child_id="-1" sever="c" title="WebShell">make_dir_and_file(s*$path_joomla</signature>
<signature id="320" format="re" child_id="-1" sever="c" title="WebShell">functions+inDiapason</signature>
<signature id="321" format="re" child_id="-1" sever="c" title="WebShell">&&s*!empty(s*$_COOKIE[['"]fill['"]]</signature>
<signature id="322" format="re" child_id="-1" sever="c" title="WebShell">file_existss*(*s*['"]/var/tmp/</signature>
<signature id="323" format="re" child_id="-1" sever="c" title="WebShell">str_replace($finds*,s*$finds*.s*$htmls*,s*$text</signature>
<signature id="324" format="re" child_id="-1" sever="c" title="WebShell">$datamasii=date("D M d, Y g:i a")</signature>
<signature id="325" format="re" child_id="-1" sever="c" title="WebShell">$adddate=date("D M d, Y g:i a")</signature>
<signature id="326" format="re" child_id="-1" sever="c" title="WebShell">fucks+yours+mama</signature>
<signature id="327" format="re" child_id="-1" sever="c" title="WebShell">Googlebot['"]{0,1}s*)){echos+file_get_contents</signature>
<signature id="328" format="re" child_id="-1" sever="c" title="WebShell">['"]{0,1}.c.['"]{0,1}.substr($vbg,</signature>
<signature id="329" format="re" child_id="-1" sever="c" title="WebShell">array($en,$es,$ef,$el)</signature>
<signature id="330" format="re" child_id="-1" sever="c" title="WebShell">locs*=s*['"]{0,1}<?echos+$redirect;s*?></signature>
<signature id="331" format="re" child_id="-1" sever="c" title="WebShell">Kazan/index.html</signature>
<signature id="332" format="re" child_id="-1" sever="c" title="WebShell">==0){jsonQuit($</signature>
<signature id="333" format="re" child_id="-1" sever="c" title="WebShell">@stream_socket_client(['"]{0,1}tcp://$</signature>
<signature id="334" format="re" child_id="-1" sever="c" title="WebShell">::['"].phpversion().['"]::</signature>
<signature id="335" format="re" child_id="-1" sever="c" title="WebShell">preg_replace(['"].UTF\-8:(.*).Use</signature>
<signature id="336" format="re" child_id="-1" sever="c" title="WebShell">"=>${${"\x</signature>
<signature id="337" format="re" child_id="-1" sever="c" title="WebShell">fsockopen($m[0],$m[10],$_,$__,$m</signature>
<signature id="338" format="re" child_id="-1" sever="c" title="WebShell">eVaL(s*trim(s*baSe64_deCoDe(</signature>
<signature id="339" format="re" child_id="-1" sever="c" title="WebShell">echos*md5($_POST[['"]{0,1}check['"]{0,1}]</signature>
<signature id="340" format="re" child_id="-1" sever="c" title="WebShell">img src=['"]opera000.png</signature>
<signature id="341" format="re" child_id="-1" sever="c" title="WebShell">function reload(){header("Location</signature>
<signature id="342" format="re" child_id="-1" sever="c" title="WebShell">substr_count(getenv(\['"]HTTP_REFERER</signature>
<signature id="343" format="re" child_id="-1" sever="c" title="WebShell">webi.ru/webi_files/php_libmail</signature>
<signature id="344" format="re" child_id="-1" sever="c" title="WebShell">chr2=((enc2&15)<<4)|(enc3>>2);chr3=((enc3&3)<<6)|enc4</signature>
<signature id="345" format="re" child_id="-1" sever="c" title="WebShell">REREFER_PTTH</signature>
<signature id="346" format="re" child_id="-1" sever="c" title="WebShell">tsoh_ptth</signature>
<signature id="347" format="re" child_id="-1" sever="c" title="WebShell">tnega_resu_ptth</signature>
<signature id="348" format="re" child_id="-1" sever="c" title="WebShell">mmcrypt($data, $key, $iv, $decrypt = FALSE</signature>
<signature id="349" format="re" child_id="-1" sever="c" title="WebShell">fopo.com.ar</signature>
<signature id="350" format="re" child_id="-1" sever="c" title="WebShell">spravochnik-nomerov-</signature>
<signature id="351" format="re" child_id="-1" sever="c" title="WebShell">icq-dlya-telefona-</signature>
<signature id="352" format="re" child_id="-1" sever="c" title="WebShell">telefonnaya-baza-</signature>
<signature id="353" format="re" child_id="-1" sever="c" title="WebShell">slesh+slesh+domen+point</signature>
<signature id="354" format="re" child_id="-1" sever="c" title="WebShell">src="files_site/js.js</signature>
<signature id="355" format="re" child_id="-1" sever="c" title="WebShell">$t=$s;s*$os*=s*['"]['"];s*for($i=0;$i<strlen($t);$i++){s*$os*.=s*$t{$i}</signature>
<signature id="356" format="re" child_id="-1" sever="c" title="WebShell">WBS_DIRs*.s*['"]{0,1}temp/['"]{0,1}s*.s*$activeFiles*.s*['"]{0,1}.tmp</signature>
<signature id="357" format="re" child_id="-1" sever="c" title="WebShell">@*mail($mosConfig_mailfrom, $mosConfig_live_site</signature>
<signature id="358" format="re" child_id="-1" sever="c" title="WebShell">$[a-zA-Z0-9_]+?/*.{1,10}*/s*.s*$[a-zA-Z0-9_]+?/*.{1,10}*/</signature>
<signature id="359" format="re" child_id="-1" sever="c" title="WebShell">@$_POST[(chr(</signature>
<signature id="360" format="re" child_id="-1" sever="c" title="WebShell"><?phps+rename(['"]wso.php['"]</signature>
<signature id="361" format="re" child_id="-1" sever="c" title="WebShell">$str=['"]{0,1}<h1>403s+Forbidden</h1><!--s*token:</signature>
<signature id="362" format="re" child_id="-1" sever="c" title="WebShell">chunk_split(base64_encode(fread(${${['"]{0,1}</signature>
<signature id="363" format="re" child_id="-1" sever="c" title="WebShell">ini_get(['"]{0,1}filter.default_flags['"]{0,1})){foreach</signature>
<signature id="364" format="re" child_id="-1" sever="c" title="WebShell">file_get_contents(trim($f[$_GET[</signature>
<signature id="365" format="re" child_id="-1" sever="c" title="WebShell">mail($arr[['"]{0,1}to['"]{0,1}],$arr[['"]{0,1}subj['"]{0,1}],$arr[['"]{0,1}msg['"]{0,1}],$arr[['"]{0,1}head['"]{0,1}]);</signature>
<signature id="366" format="re" child_id="-1" sever="c" title="WebShell">if(isset($_POST[['"]{0,1}msgsubject['"]{0,1}]))</signature>
<signature id="367" format="re" child_id="-1" sever="c" title="WebShell">base64_decode($_POST[['"]{0,1}_-</signature>
<signature id="368" format="re" child_id="-1" sever="c" title="WebShell">register_shutdown_function(s*['"]{0,1}read_ans_code</signature>
<signature id="369" format="re" child_id="-1" sever="c" title="WebShell">$params*=s*$params*xs*$n.substrs*($params*,s*length($param)</signature>
<signature id="370" format="re" child_id="-1" sever="c" title="WebShell">base['"]{0,1}.(32*2)</signature>
<signature id="371" format="re" child_id="-1" sever="c" title="WebShell">if(@$vars(get_magic_quotes_gpc()s*?s*stripslashes($uri)</signature>
<signature id="372" format="re" child_id="-1" sever="c" title="WebShell">)];}if(isset($_SERVER[_</signature>
<signature id="373" format="re" child_id="-1" sever="c" title="WebShell">if(empty($_COOKIE[['"]x['"]])){echo</signature>
<signature id="374" format="re" child_id="-1" sever="c" title="WebShell">is_writable($dir.['"]wp-includes/version.php['"]</signature>
<signature id="375" format="re" child_id="-1" sever="c" title="WebShell">Apples+SpAms+ReZulT</signature>
<signature id="376" format="re" child_id="-1" sever="c" title="WebShell">#s*stealths*bot</signature>
<signature id="377" format="re" child_id="-1" sever="c" title="WebShell">#s*securityspace.com</signature>
<signature id="378" format="re" child_id="-1" sever="c" title="WebShell">URL=<?echos+$index;s+?></signature>
<signature id="379" format="re" child_id="-1" sever="c" title="WebShell"><scripts+type=['"]{0,1}text/javascript['"]{0,1}s+src=['"]{0,1}jquery-u.js['"]{0,1}></script></signature>
<signature id="380" format="re" child_id="-1" sever="c" title="WebShell">create_function(['"]['"],s*$opt[1]s*.s*$opt[4]</signature>
<signature id="381" format="re" child_id="-1" sever="c" title="WebShell">file_put_contents(SVC_SELFs*.s*['"]/.htaccess</signature>
<signature id="382" format="re" child_id="-1" sever="c" title="WebShell">$allemailss*=s*@split("\n"s*,s*$emaillist)</signature>
<signature id="383" format="re" child_id="-1" sever="c" title="WebShell">Joomla_brute_Force</signature>
<signature id="384" format="re" child_id="-1" sever="c" title="WebShell">$sys_paramss*=s*@*file_get_contents</signature>
<signature id="385" format="re" child_id="-1" sever="c" title="WebShell">fwrites*(s*$flws*,s*$fls*)</signature>
<signature id="386" format="re" child_id="-1" sever="c" title="WebShell">file_put_contentss*(['"]{0,1}1.txt['"]{0,1}s*,s*print_rs*(s*$_POSTs*,s*true</signature>
<signature id="387" format="re" child_id="-1" sever="c" title="WebShell">$headerss*=s*$_(GET|POST|SERVER|COOKIE|REQUEST)[['"]{0,1}headers['"]{0,1}]</signature>
<signature id="388" format="re" child_id="-1" sever="c" title="WebShell">create_functions*(['"]['"]s*,s*str_rot13</signature>
<signature id="389" format="re" child_id="-1" sever="c" title="WebShell">dies*(s*PHP_OSs*.s*chrs*(</signature>
<signature id="390" format="re" child_id="-1" sever="c" title="WebShell">ifs*(md5(trim($_(GET|POST|SERVER|COOKIE|REQUEST)[</signature>
<signature id="391" format="re" child_id="-1" sever="c" title="WebShell">fs*=s*$qs*.s*$as*.s*$bs*.s*$x</signature>
<signature id="392" format="re" child_id="-1" sever="c" title="WebShell">content=['"]{0,1}1;URL=cgi-bin.html?cmd</signature>
<signature id="393" format="re" child_id="-1" sever="c" title="WebShell">$url['"]{0,1}s*.s*$session_ids*.s*['"]{0,1}/login.html</signature>
<signature id="394" format="re" child_id="-1" sever="c" title="WebShell">$_SESSION[['"]{0,1}session_pin['"]{0,1}]s*=s*['"]{0,1}$PIN</signature>
<signature id="395" format="re" child_id="-1" sever="c" title="WebShell">fsockopens*(s*$ConnectAddresss*,s*25</signature>
<signature id="396" format="re" child_id="-1" sever="c" title="WebShell">echos+$ifupload=['"]{0,1}s*ItsOks*['"]{0,1}</signature>
<signature id="397" format="re" child_id="-1" sever="c" title="WebShell">preg_match(['"]/(yandex|google|bot)/i['"],s*getenv(['"]HTTP_USER_AGENT</signature>
<signature id="398" format="re" child_id="-1" sever="c" title="WebShell">$mailers*=s*$_POST[['"]{0,1}x_mailer['"]{0,1}]</signature>
<signature id="399" format="re" child_id="-1" sever="c" title="WebShell">$OOO0O0O00=__FILE__;s*$OO00O0000s*=s*0x1b540;s*eval</signature>
<signature id="400" format="re" child_id="-1" sever="c" title="WebShell">Bys+WebRooT</signature>
<signature id="401" format="re" child_id="-1" sever="c" title="WebShell">header(['"]{0,1}s:s*['"]{0,1}s*.s*php_unames*(s*['"]{0,1}n['"]{0,1}s*)</signature>
<signature id="402" format="re" child_id="-1" sever="c" title="WebShell">move_uploaded_file($_FILES[['"]{0,1}elif['"]{0,1}][['"]{0,1}tmp_name</signature>
<signature id="403" format="re" child_id="-1" sever="c" title="WebShell">$gzips*=s*@*gzinflates*(s*@*substrs*(s*$gzencode_arg</signature>
<signature id="404" format="re" child_id="-1" sever="c" title="WebShell">ifs*(s*mails*(s*$mails[$i]s*,s*$temas*,s*base64_encodes*(s*$text</signature>
<signature id="405" format="re" child_id="-1" sever="c" title="WebShell">fwrites*(s*$fhs*,s*stripslashess*(s*@*$_(GET|POST|SERVER|COOKIE|REQUEST)[</signature>
<signature id="406" format="re" child_id="-1" sever="c" title="WebShell">echos+file_get_contentss*(s*base64_url_decodes*(s*@*$_(GET|POST|SERVER|COOKIE|REQUEST)</signature>
<signature id="407" format="re" child_id="-1" sever="c" title="WebShell">ifs*(s*@*md5s*(s*$_(GET|POST|SERVER|COOKIE|REQUEST)[</signature>
<signature id="408" format="re" child_id="-1" sever="c" title="WebShell">chrs*(s*101s*)s*.s*chrs*(s*118s*)s*.s*chrs*(s*97s*)s*.s*chrs*(s*108s*)</signature>
<signature id="409" format="re" child_id="-1" sever="c" title="WebShell">$_(GET|POST|SERVER|COOKIE|REQUEST)[['"]{0,1}[a-zA-Z0-9_]+?['"]{0,1}](s*$_(GET|POST|SERVER|COOKIE|REQUEST)[['"]{0,1}[a-zA-Z0-9_]+?['"]{0,1}]s*)</signature>
<signature id="410" format="re" child_id="-1" sever="c" title="WebShell">$resultFULs*=s*stripcslashess*(s*$_POST[['"]{0,1}resultFUL['"]{0,1}</signature>
<signature id="411" format="re" child_id="-1" sever="c" title="WebShell">/usr/sbin/httpd</signature>
<signature id="412" format="re" child_id="-1" sever="c" title="WebShell">PRIVMSG.*:.owner\s+(.*)</signature>
<signature id="413" format="re" child_id="-1" sever="c" title="WebShell">prints+$socks+['"]{0,1}NICK ['"]{0,1}s+.s+$nicks+.s+['"]{0,1}\n['"]{0,1}</signature>
<signature id="414" format="re" child_id="-1" sever="c" title="WebShell">$urls*=s*$urls*.s*['"]{0,1}?['"]{0,1}s*.s*http_build_query($query)</signature>
<signature id="415" format="re" child_id="-1" sever="c" title="WebShell">preg_match_all(['"]{0,1}/<a href="\/url\?q=(.+?)[&|"]+/is['"]{0,1}, $page[['"]{0,1}exe['"]{0,1}], $links)</signature>
<signature id="416" format="re" child_id="-1" sever="c" title="WebShell"><scripts+language=['"]{0,1}JavaScript['"]{0,1}>s*parent.window.opener.locations*=s*['"]http://</signature>
<signature id="417" format="re" child_id="-1" sever="c" title="WebShell">$ps*=s*strposs*(s*$txs*,s*['"]{0,1}{#['"]{0,1}s*,s*$p2s*+s*2)</signature>
<signature id="418" format="re" child_id="-1" sever="c" title="WebShell">(msie|opera)</signature>
<signature id="419" format="re" child_id="-1" sever="c" title="WebShell">RewriteConds*%{HTTP_USER_AGENT}s*.*ndroid.*</signature>
<signature id="420" format="re" child_id="-1" sever="c" title="WebShell">ifs*(s*is_dirs*(s*$FullPaths*)s*)s*AllDirs*(s*$FullPaths*,s*$Filess*);s*}s*}</signature>
<signature id="421" format="re" child_id="-1" sever="c" title="WebShell">['"]{0,1}From:s*['"]{0,1}.$_POST[['"]{0,1}realname['"]{0,1}].['"]{0,1} ['"]{0,1}.['"]{0,1} <['"]{0,1}.$_POST[['"]{0,1}from['"]{0,1}].['"]{0,1}>\n['"]{0,1}</signature>
<signature id="422" format="re" child_id="-1" sever="c" title="WebShell"><!--#execs+cmd=['"]{0,1}$HTTP_ACCEPT['"]{0,1}s*--></signature>
<signature id="423" format="re" child_id="-1" sever="c" title="WebShell">[-]s+Connections+faild</signature>
<signature id="424" format="re" child_id="-1" sever="c" title="WebShell">if(/^\:$owner!.*\@.*PRIVMSG.*:.msgflood(.*)/){</signature>
<signature id="425" format="re" child_id="-1" sever="c" title="WebShell">prints*$sock "PRIVMSG ".$owner</signature>
<signature id="426" format="re" child_id="-1" sever="c" title="WebShell">]=['"]{0,1}ip['"]{0,1}s*;s*ifs*(s*issets*(s*$_SERVER[</signature>
<signature id="427" format="re" child_id="-1" sever="c" title="WebShell">]s*}s*=s*trims*(s*array_pops*(s*${s*${</signature>
<signature id="428" format="re" child_id="-1" sever="c" title="WebShell">print("#s+infos+OK\n\n")</signature>
<signature id="429" format="re" child_id="-1" sever="c" title="WebShell">$user_agents*=s*preg_replaces*(s*['"]|User\.Agent\:[\s ]?|i['"]s*,s*['"]['"]s*,s*$user_agent</signature>
<signature id="430" format="re" child_id="-1" sever="c" title="WebShell">$ps*=s*strpos($txs*,s*['"]{0,1}{#['"]{0,1}s*,s*$p2s*+s*2)</signature>
<signature id="431" format="re" child_id="-1" sever="c" title="WebShell">create_functions*(s*['"]$m['"]s*,s*['"]ifs*(s*$ms*[s*0x01s*]s*==s*['"]L['"]</signature>
<signature id="432" format="re" child_id="-1" sever="c" title="WebShell">$letters*=s*str_replaces*(s*$ARRAY[0][$j]s*,s*$arr[$ind]s*,s*$letter</signature>
<signature id="433" format="re" child_id="-1" sever="c" title="WebShell">IrIsT.Ir</signature>
<signature id="434" format="re" child_id="-1" sever="c" title="WebShell">ifs*(detect_mobile_device())s*{s*header</signature>
<signature id="435" format="re" child_id="-1" sever="c" title="WebShell">$posts*=s*['"]\x77\x67\x65</signature>
<signature id="436" format="re" child_id="-1" sever="c" title="WebShell">echos*['"]answer=error['"]</signature>
<signature id="437" format="re" child_id="-1" sever="c" title="WebShell">url=<?phps*echos*$rand_url;?></signature>
<signature id="438" format="re" child_id="-1" sever="c" title="WebShell">if(CheckIPOperator()s*&&s*!isModem())</signature>
<signature id="439" format="re" child_id="-1" sever="c" title="WebShell">strpos($ua,s*['"]{0,1}yandexbot['"]{0,1})s*!==s*false</signature>
<signature id="440" format="re" child_id="-1" sever="c" title="WebShell">ifs*($keys*!=s*['"]{0,1}mail_to['"]{0,1}s*&&s*$keys*!=s*['"]{0,1}smtp_server['"]{0,1}s*&&s*$keys*!=s*['"]{0,1}smtp_port</signature>
<signature id="441" format="re" child_id="-1" sever="c" title="WebShell">echo['"]{0,1}<center><b>Dones*==>s*$userfile_name</signature>
<signature id="442" format="re" child_id="-1" sever="c" title="WebShell">['"]e/*./['"]</signature>
<signature id="443" format="re" child_id="-1" sever="c" title="WebShell">asserts*(s*@*stripslashes</signature>
<signature id="444" format="re" child_id="-1" sever="c" title="WebShell">)s*.s*substrs*(s*md5s*(s*strrevs*(s*$</signature>
<signature id="445" format="re" child_id="-1" sever="c" title="WebShell">$fls*=s*"<meta http-equiv=\"Refresh\"s+content=\"0;s*URL=</signature>
<signature id="446" format="re" child_id="-1" sever="c" title="WebShell">,s*arrays*('.','..','Thumbs.db')s*)s*)s*{s*continue;s*}s*ifs*(s*is_file</signature>
<signature id="447" format="re" child_id="-1" sever="c" title="WebShell">ifs*(s*$dataSizes*<s*BOTCRYPT_MAX_SIZEs*)s*rc4s*(s*$data,s*$cryptkey</signature>
<signature id="448" format="re" child_id="-1" sever="c" title="WebShell">str_rot13s*(s*['"]{0,1}tmvasyng['"]{0,1}</signature>
<signature id="449" format="re" child_id="-1" sever="c" title="WebShell">str_rot13s*(s*['"]{0,1}onfr64_qrpbqr['"]{0,1}</signature>
<signature id="450" format="re" child_id="-1" sever="c" title="WebShell">ifs*(s*$_POST[s*['"]{0,1}path['"]{0,1}s*]s*==s*['"]{0,1}['"]{0,1}s*)s*{s*$uploadfiles*=s*$_FILES[s*['"]{0,1}file['"]{0,1}s*][s*['"]{0,1}name['"]{0,1}s*]</signature>
<signature id="451" format="re" child_id="-1" sever="c" title="WebShell">ifs*(s*fwrites*(s*$handles*,s*file_get_contentss*(s*$_(GET|POST|SERVER|COOKIE|REQUEST)</signature>
<signature id="452" format="re" child_id="-1" sever="c" title="WebShell">array_key_existss*(s*$fileRass*,s*$fileType)s*?s*$fileType[s*$fileRass*]</signature>
<signature id="453" format="re" child_id="-1" sever="c" title="WebShell">urlencode(print_r(array(),1)),5,1).c),$c);}eval($d)</signature>
<signature id="454" format="re" child_id="-1" sever="c" title="WebShell">ifs*(s*function_existss*(s*'pcntl_fork</signature>
<signature id="455" format="re" child_id="-1" sever="c" title="WebShell">finds+/s+-types+fs+-perms+-04000s+-ls</signature>
<signature id="456" format="re" child_id="-1" sever="c" title="WebShell">execl(['"]/bin/sh['"]s*,s*['"]/bin/sh['"]s*,s*['"]-i['"]s*,s*0)</signature>
<signature id="457" format="re" child_id="-1" sever="c" title="WebShell">functions+inject($file,s*$injection=</signature>
<signature id="458" format="re" child_id="-1" sever="c" title="WebShell">fclose($f);s*echos*['"]o.k.['"]</signature>
<signature id="459" format="re" child_id="-1" sever="c" title="WebShell">preg_replaces*(s*$exif[s*\['"]Make\['"]s*]s*,s*$exif[s*\['"]Model\['"]s*]</signature>
<signature id="460" format="re" child_id="-1" sever="c" title="WebShell">^downloads/([0-9]*)/([0-9]*)/$s+downloads.php?c=$1&p=$2</signature>
<signature id="461" format="re" child_id="-1" sever="c" title="WebShell">$res=mysql_query(['"]{0,1}SELECTs+*s+FROMs+`watchdog_old_05`s+WHEREs+page</signature>
<signature id="462" format="re" child_id="-1" sever="c" title="WebShell">RewriteRules+.*s+index.php?url=$0s+[L,QSA]</signature>
<signature id="463" format="re" child_id="-1" sever="c" title="WebShell">IO::Socket::INET->new(Protos*=>s*"tcp"s*,s*LocalPorts*=>s*36000s*,s*Listens*=>s*SOMAXCONN</signature>
<signature id="464" format="re" child_id="-1" sever="c" title="WebShell">evals*(*s*strrevs*(*s*str_replace</signature>
<signature id="465" format="re" child_id="-1" sever="c" title="WebShell">@*move_uploaded_files*(s*$_FILES[s*['"]{0,1}message['"]{0,1}s*][s*['"]{0,1}tmp_name['"]{0,1}s*]s*,s*$security_codes*.s*"/"s*.s*$_FILES[['"]{0,1}message['"]{0,1}][['"]{0,1}name['"]{0,1}])</signature>
<signature id="466" format="re" child_id="-1" sever="c" title="WebShell">$URLs*=s*$urls[s*rand(s*0s*,s*counts*(s*$urlss*)s*-s*1s*)s*]</signature>
<signature id="467" format="re" child_id="-1" sever="c" title="WebShell">issets*(s*$_FILES[s*['"]{0,1}x['"]{0,1}s*]s*)s*?s*(s*is_uploaded_files*(s*$_FILES[s*['"]{0,1}x['"]{0,1}s*][s*['"]{0,1}tmp_name['"]{0,1}s*]s*)s*?s*(s*copys*(s*$_FILES[s*['"]{0,1}x['"]{0,1}s*]</signature>
<signature id="468" format="re" child_id="-1" sever="c" title="WebShell">ifs*(s*$is*<s*(s*counts*(s*$_POST[s*['"]{0,1}q['"]{0,1}s*]s*)s*-s*1</signature>
<signature id="469" format="re" child_id="-1" sever="c" title="WebShell">file_get_contentss*(*s*ADMIN_REDIR_URLs*,s*falses*,s*$ctxs*)</signature>
<signature id="470" format="re" child_id="-1" sever="c" title="WebShell">tmhapbzcerff</signature>
<signature id="471" format="re" child_id="-1" sever="c" title="WebShell">content=['"]{0,1}no-cache['"]{0,1};s*$config[['"]{0,1}description['"]{0,1}]s*.=s*['"]{0,1}</signature>
<signature id="472" format="re" child_id="-1" sever="c" title="WebShell">clearstatcache(s*);s*ifs*(s*!is_dirs*(s*$flds*)s*)s*return</signature>
<signature id="473" format="re" child_id="-1" sever="c" title="WebShell">$rBuffLens*=s*ords*(s*VC_Decrypts*(s*freads*(s*$input,s*1s*)s*)s*)s**s*256</signature>
<signature id="474" format="re" child_id="-1" sever="c" title="WebShell">IrSecTeam</signature>
<signature id="475" format="re" child_id="-1" sever="c" title="WebShell">@header(['"]Location:s*['"].['"]h['"].['"]t['"].['"]t['"].['"]p['"]</signature>
<signature id="476" format="re" child_id="-1" sever="c" title="WebShell">set_time_limits*(s*0s*);s*ifs*(!SecretPageHandler::checkKey</signature>
<signature id="477" format="re" child_id="-1" sever="c" title="WebShell">returns*(s*strstrs*(s*$ss*,s*'echo's*)s*==s*falses*?s*(s*strstrs*(s*$ss*,s*'print'</signature>
<signature id="478" format="re" child_id="-1" sever="c" title="WebShell">time()s*+s*10000s*,s*['"]/['"]);s*echos+$m_zz;s*evals*($m_zz</signature>
<signature id="479" format="re" child_id="-1" sever="c" title="WebShell">if(!empty($_FILES[['"]{0,1}message['"]{0,1}][['"]{0,1}name['"]{0,1}])s+ANDs+(md5($_POST[['"]{0,1}nick['"]{0,1}])s*==s*['"]{0,1}</signature>
<signature id="480" format="re" child_id="-1" sever="c" title="WebShell">str_rot13s*(s*gzinflates*(s*base64_decode</signature>
<signature id="481" format="re" child_id="-1" sever="c" title="WebShell">gzuncompresss*(s*str_rot13s*(s*base64_decode</signature>
<signature id="482" format="re" child_id="-1" sever="c" title="WebShell">gzuncompresss*(s*base64_decodes*(s*str_rot13</signature>
<signature id="483" format="re" child_id="-1" sever="c" title="WebShell">gzinflates*(s*base64_decodes*(s*str_rot13s*(s*strrev</signature>
<signature id="484" format="re" child_id="-1" sever="c" title="WebShell">gzinflates*(s*base64_decodes*(s*strrevs*(s*str_rot13</signature>
<signature id="485" format="re" child_id="-1" sever="c" title="WebShell">gzinflates*(s*base64_decodes*(s*strrev</signature>
<signature id="486" format="re" child_id="-1" sever="c" title="WebShell">gzinflates*(s*base64_decodes*(s*base64_decodes*(s*str_rot13</signature>
<signature id="487" format="re" child_id="-1" sever="c" title="WebShell">base64_decodes*(s*gzuncompresss*(s*base64_decode</signature>
<signature id="488" format="re" child_id="-1" sever="c" title="WebShell">gzinflates*(s*base64_decodes*(s*str_rot13</signature>
<signature id="489" format="re" child_id="-1" sever="c" title="WebShell">gzinflates*(s*str_rot13s*(s*base64_decode</signature>
<signature id="490" format="re" child_id="-1" sever="c" title="WebShell">Brazils+HackTeam</signature>
<signature id="491" format="re" child_id="-1" sever="c" title="WebShell">$tlds*=s*arrays*(s*['"]com['"],['"]org['"],['"]net['"]</signature>
<signature id="492" format="re" child_id="-1" sever="c" title="WebShell">defines*(*s*['"]SBCID_REQUEST_FILE['"]s*,</signature>
<signature id="493" format="re" child_id="-1" sever="c" title="WebShell">preg_replaces*(*s*['"]/.+/esi</signature>
<signature id="494" format="re" child_id="-1" sever="c" title="WebShell">Mysteriouss+Wire</signature>
<signature id="495" format="re" child_id="-1" sever="c" title="WebShell">$headerss*.=s*$_POST[s*['"]eMailAdd['"]s*]</signature>
<signature id="496" format="re" child_id="-1" sever="c" title="WebShell">defines*(s*['"]DEFCALLBACKMAIL</signature>
<signature id="497" format="re" child_id="-1" sever="c" title="WebShell">default_actions*=s*['"]{0,1}FilesMan['"]{0,1}</signature>
<signature id="498" format="re" child_id="-1" sever="c" title="WebShell">echos+@file_get_contentss*(s*$get</signature>
<signature id="499" format="re" child_id="-1" sever="c" title="WebShell">ifs*(s*striposs*(s*$_SERVER[['"]{0,1}HTTP_USER_AGENT['"]{0,1}]s*,s*['"]{0,1}Android['"]{0,1})s*!==falses*&&s*!$_COOKIE[['"]{0,1}dle_user_id</signature>
<signature id="500" format="re" child_id="-1" sever="c" title="WebShell">headers*(['"]Location:s*['"]s*.s*$tos*.s*urldecode</signature>
<signature id="501" format="re" child_id="-1" sever="c" title="WebShell">Dc0RHa['"]</signature>
<signature id="502" format="re" child_id="-1" sever="c" title="WebShell">!touch(['"]{0,1}../../language/</signature>
<signature id="503" format="re" child_id="-1" sever="c" title="WebShell">eval(s*stripslashes(s*\$_REQUEST</signature>
<signature id="504" format="re" child_id="-1" sever="c" title="WebShell">document.writes*(s*['"]{0,1}<scripts+src=['"]{0,1}http://<?=$domain?>/</signature>
<signature id="505" format="re" child_id="-1" sever="c" title="WebShell">exits*(s*['"]{0,1}<script>s*setTimeouts*(s*\['"]{0,1}document.location.href</signature>
<signature id="506" format="re" child_id="-1" sever="c" title="WebShell">functions+sql2_safes*(</signature>
<signature id="507" format="re" child_id="-1" sever="c" title="WebShell">$postResults*=s*curl_execs*(*s*$ch</signature>
<signature id="508" format="re" child_id="-1" sever="c" title="WebShell">&&s*function_existss*(*s*['"]{0,1}getmxrr['"]{0,1})s*)s*{s*@getmxrrs*(*s*$</signature>
<signature id="509" format="re" child_id="-1" sever="c" title="WebShell">is__writables*(*s*$paths*.s*uniqids*(*s*mt_rand</signature>
<signature id="510" format="re" child_id="-1" sever="c" title="WebShell">file_put_contentzs*(*s*$</signature>
<signature id="511" format="re" child_id="-1" sever="c" title="WebShell">@*gzinflates*(s*@*base64_decodes*(s*@*str_replace</signature>
<signature id="512" format="re" child_id="-1" sever="c" title="WebShell">fopens*(*s*['"]http://['"]s*.s*$check_domains*.s*['"]:80['"]s*.s*$check_docs*,s*['"]r['"]</signature>
<signature id="513" format="re" child_id="-1" sever="c" title="WebShell">@$_COOKIE[['"]{0,1}statCounter['"]{0,1}]</signature>
<signature id="514" format="re" child_id="-1" sever="c" title="WebShell">ifs*(*s*@*preg_matchs*(*s*str</signature>
<signature id="515" format="re" child_id="-1" sever="c" title="WebShell">array_pops*(*s*$workReplaces*,s*$_(GET|POST|SERVER|COOKIE|REQUEST)s*,s*$countKeysNew</signature>
<signature id="516" format="re" child_id="-1" sever="c" title="WebShell">(GET|POST|SERVER|COOKIE|REQUEST)s*[s*['"]___['"]s*</signature>
<signature id="517" format="re" child_id="-1" sever="c" title="WebShell">(s*['"]INSHELL['"]s*</signature>
<signature id="518" format="re" child_id="-1" sever="c" title="WebShell">$bs*.s*$ps*.s*$hs*.s*$ks*.s*$v</signature>
<signature id="519" format="re" child_id="-1" sever="c" title="WebShell">=s*preg_splits*(s*['"]/\,(\ +)?/['"],s*@*ini_gets*(s*['"]disable_functions</signature>
<signature id="520" format="re" child_id="-1" sever="c" title="WebShell">ifs*(!function_existss*(s*['"]posix_getpwuid['"]s*)s*&&s*!in_arrays*(s*['"]posix_getpwuid</signature>
<signature id="521" format="re" child_id="-1" sever="c" title="WebShell">preg_replaces*(s*['"]/^(www|ftp)\./i['"]s*,s*['"]['"],s*@$_SERVERs*[s*['"]{0,1}HTTP_HOST['"]{0,1}s*]s*)</signature>
<signature id="522" format="re" child_id="-1" sever="c" title="WebShell">ifs*(*s*issets*(*s*$_(GET|POST|SERVER|COOKIE|REQUEST)s*[s*['"]{0,1}[a-zA-Z_0-9]+['"]{0,1}s*]s*)*s*)s*{s*$[a-zA-Z_0-9]+s*=s*$_(GET|POST|SERVER|COOKIE|REQUEST)s*[s*['"]{0,1}[a-zA-Z_0-9]+['"]{0,1}s*];s*evals*(*s*$[a-zA-Z_0-9]+s*)*</signature>
<signature id="523" format="re" child_id="-1" sever="c" title="WebShell">evals*(*s*stripslashess*(*s*array_pop(*$_(GET|POST|SERVER|COOKIE|REQUEST)</signature>
<signature id="524" format="re" child_id="-1" sever="c" title="WebShell">ifs+(s*strposs*(s*$urls*,s*['"]js/mootools.js['"]s*)s*===s*falses+&&s+strposs*(s*$urls*,s*['"]js/caption.js['"]{0,1}</signature>
<signature id="525" format="re" child_id="-1" sever="c" title="WebShell">ifs+(*s*mails*(s*$recps*,s*$subjs*,s*$stunts*,s*$frm</signature>
<signature id="526" format="re" child_id="-1" sever="c" title="WebShell"><?phps+$_Fs*=s*__FILE__s*;s*$_Xs*=</signature>
<signature id="527" format="re" child_id="-1" sever="c" title="WebShell">$xd+s*=s*['"].+?['"]s*;s*$xd+s*=s*['"].+?['"]s*;s*$xd+s*=s*['"]</signature>
<signature id="528" format="re" child_id="-1" sever="c" title="WebShell">$beecodes*=@*file_get_contentss*(*['"]{0,1}s*$urlpurss*['"]{0,1})*s*;s*echos+['"]{0,1}$beecode['"]{0,1}</signature>
<signature id="529" format="re" child_id="-1" sever="c" title="WebShell">$GLOBALS[s*['"]{0,1}.+?['"]{0,1}s*][s*d+s*](s*$_d+s*,s*_d+s*(s*d+s*)s*)s*)</signature>
<signature id="530" format="re" child_id="-1" sever="c" title="WebShell">preg_replaces*(*s*['"]{0,1}/.*[.+?]?/e['"]{0,1}s*,s*str_replace</signature>
<signature id="531" format="re" child_id="-1" sever="c" title="WebShell">$GLOBALS[['"]{0,1}.+?['"]{0,1}]=Arrays*(s*base64_decodes*(s*['"]{0,1}.+?['"]{0,1}s*)s*,s*base64_decodes*(s*['"]{0,1}.+?['"]{0,1}s*)</signature>
<signature id="532" format="re" child_id="-1" sever="c" title="WebShell">UNIONs+SELECTs+['"]{0,1}0['"]{0,1}s*,s*['"]{0,1}<? system(\$_(GET|POST|SERVER|COOKIE|REQUEST)[cpc]);exit;s*?>['"]{0,1}s*,s*0s*,0s*,s*0s*,s*0s+INTOs+OUTFILEs+['"]{0,1}$['"]{0,1}</signature>
<signature id="533" format="re" child_id="-1" sever="c" title="WebShell">issets*(*s*$_POSTs*[s*['"]{0,1}execgate['"]{0,1}s*]s*)*</signature>
<signature id="534" format="re" child_id="-1" sever="c" title="WebShell">fwrites*(*s*$fpsetvs*,s*getenvs*(s*['"]HTTP_COOKIE['"]s*)s*</signature>
<signature id="535" format="re" child_id="-1" sever="c" title="WebShell">symlinks*(*s*['"]/home/</signature>
<signature id="536" format="re" child_id="-1" sever="c" title="WebShell">functions+urlGetContentss*(*s*$urls*,s*$timeouts*=s*d+s*)</signature>
<signature id="537" format="re" child_id="-1" sever="c" title="WebShell">strrev(*s*['"]{0,1}edoced_46esab['"]{0,1}s*)*</signature>
<signature id="538" format="re" child_id="-1" sever="c" title="WebShell">strrev(*s*['"]{0,1}tressa['"]{0,1}s*)*</signature>
<signature id="539" format="re" child_id="-1" sever="c" title="WebShell">execs*(s*['"]ipfw</signature>
<signature id="540" format="re" child_id="-1" sever="c" title="WebShell">wp_postss+WHEREs+post_types*=s*['"]{0,1}post['"]{0,1}s+ANDs+post_statuss*=s*['"]{0,1}publish['"]{0,1}s+ORDERs+BYs+`ID`s+DESC</signature>
<signature id="541" format="re" child_id="-1" sever="c" title="WebShell">file_get_contentss*(*s*trims*(s*$.+?[$_(GET|POST|SERVER|COOKIE|REQUEST)[['"]{0,1}.+?['"]{0,1}]]));</signature>
<signature id="542" format="re" child_id="-1" sever="c" title="WebShell">is_callables*(*s*['"]{0,1}(ftp_exec|system|shell_exec|passthru|popen|proc_open)['"]{0,1})*s+ands+!in_arrays*(*s*['"]{0,1}(ftp_exec|system|shell_exec|passthru|popen|proc_open)['"]{0,1}s*,s*$disablefuncs</signature>
<signature id="543" format="re" child_id="-1" sever="c" title="WebShell">$GLOBALS[['"]{0,1}____</signature>
<signature id="544" format="re" child_id="-1" sever="c" title="WebShell">fopens*(*s*['"]{0,1}/etc/passwd['"]{0,1}</signature>
<signature id="545" format="re" child_id="-1" sever="c" title="WebShell">evals*(*@*s*stripslashess*(*s*array_pops*(*s*@*$_</signature>
<signature id="546" format="re" child_id="-1" sever="c" title="WebShell">evals*(*@*s*stripslashess*(*s*@*$_</signature>
<signature id="547" format="re" child_id="-1" sever="c" title="WebShell">@*setcookies*(*s*['"]{0,1}hit['"]{0,1},s*1s*,s*times*(*s*)*s*+</signature>
<signature id="548" format="re" child_id="-1" sever="c" title="WebShell">evals*(*s*file_get_contentss*(*</signature>
<signature id="549" format="re" child_id="-1" sever="c" title="WebShell">preg_replaces*(*s*['"]{0,1}/.*/e['"]{0,1}</signature>
<signature id="550" format="re" child_id="-1" sever="c" title="WebShell">s*{s*$_(GET|POST|SERVER|COOKIE|REQUEST)s*[s*['"]{0,1}root['"]{0,1}s*]s*}</signature>
<signature id="551" format="re" child_id="-1" sever="c" title="WebShell">['"]{0,1}httpd.conf['"]{0,1}s*,s*['"]{0,1}vhosts.conf['"]{0,1}s*,s*['"]{0,1}cfg.php['"]{0,1}s*,s*['"]{0,1}config.php['"]{0,1}</signature>
<signature id="552" format="re" child_id="-1" sever="c" title="WebShell">proc_opens*(s*['"]{0,1}IHSteam</signature>
<signature id="553" format="re" child_id="-1" sever="c" title="WebShell">$inis*[s*['"]{0,1}users['"]{0,1}s*]s*=s*arrays*(s*['"]{0,1}root['"]{0,1}s*=></signature>
<signature id="554" format="re" child_id="-1" sever="c" title="WebShell">curl_setopts*(s*$chs*,s*CURLOPT_URLs*,s*['"]{0,1}http://$host:d+['"]{0,1}s*)</signature>
<signature id="555" format="re" child_id="-1" sever="c" title="WebShell">systems*(*s*['"]{0,1}whoami['"]{0,1}s*)*</signature>
<signature id="556" format="re" child_id="-1" sever="c" title="WebShell">finds+/s+-names+.sshs+>s+$dir/sshkeys/sshkeys</signature>
<signature id="557" format="re" child_id="-1" sever="c" title="WebShell">asserts*(*s*@*$_(GET|POST|SERVER|COOKIE|REQUEST)</signature>
<signature id="558" format="re" child_id="-1" sever="c" title="WebShell">evals*(*s*@*$_(GET|POST|SERVER|COOKIE|REQUEST)</signature>
<signature id="559" format="re" child_id="-1" sever="c" title="WebShell">phps+"s*.s*$wso_path</signature>
<signature id="560" format="re" child_id="-1" sever="c" title="WebShell">@*asserts*(*s*$_(GET|POST|SERVER|COOKIE|REQUEST)s*[s*['"]{0,1}.+?['"]{0,1}s*]s*</signature>
<signature id="561" format="re" child_id="-1" sever="c" title="WebShell">eva1[a-zA-Z0-9_]+?Sir</signature>
<signature id="562" format="re" child_id="-1" sever="c" title="WebShell">$cmds*=s*(s*@*$_(GET|POST|SERVER|COOKIE|REQUEST)s*[s*['"]{0,1}.+?['"]{0,1}s*]s*)</signature>
<signature id="563" format="re" child_id="-1" sever="c" title="WebShell">$functions*(*s*@*$_(GET|POST|SERVER|COOKIE|REQUEST)s*[s*['"]{0,1}cmd['"]{0,1}s*]s*)*</signature>
<signature id="564" format="re" child_id="-1" sever="c" title="WebShell">$fe("$cmds+2>&1");</signature>
<signature id="565" format="re" child_id="-1" sever="c" title="WebShell">(ftp_exec|system|shell_exec|passthru|popen|proc_open)(['"]$cmds+1>s*/tmp/cmdtemps+2>&1;s*cats+/tmp/cmdtemp;s*rms+/tmp/cmdtemp['"]);</signature>
<signature id="566" format="re" child_id="-1" sever="c" title="WebShell">setcookie(*s*['"]mysql_web_admin_username['"]s*)*</signature>
<signature id="567" format="re" child_id="-1" sever="c" title="WebShell">(ftp_exec|system|shell_exec|passthru|popen|proc_open)s*(*s*['"]unames+-a['"]s*)*</signature>
<signature id="568" format="re" child_id="-1" sever="c" title="WebShell">(ftp_exec|system|shell_exec|passthru|popen|proc_open)s*(*s*@*$_POSTs*[s*['"].+?['"]s*]s*.s*"s*2s*>s*&1s*['"]</signature>
<signature id="569" format="re" child_id="-1" sever="c" title="WebShell">!@*$_REQUESTs*[s*['"]c99sh_surl['"]s*]s*)</signature>
<signature id="570" format="re" child_id="-1" sever="c" title="WebShell">$logins*=s*@*posix_getuid(*s*)*</signature>
<signature id="571" format="re" child_id="-1" sever="c" title="WebShell">ncftpputs*-us*$ftp_user_name</signature>
<signature id="572" format="re" child_id="-1" sever="c" title="WebShell">runcommands*(s*['"]shellhelp['"]s*,s*['"](GET|POST|SERVER|COOKIE|REQUEST)['"]</signature>
<signature id="573" format="re" child_id="-1" sever="c" title="WebShell">{s*$s*{s*passthrus*(*s*$cmds*)s*}s*}s*<br></signature>
<signature id="574" format="re" child_id="-1" sever="c" title="WebShell">passthrus*(*s*getenvs*(*s*\['"]HTTP_ACCEPT_LANGUAGE</signature>
<signature id="575" format="re" child_id="-1" sever="c" title="WebShell">passthrus*(*s*getenvs*(*s*['"]HTTP_ACCEPT_LANGUAGE</signature>
<signature id="576" format="re" child_id="-1" sever="c" title="WebShell">SELECTs+1s+FROMs+mysql.users+WHEREs+concat(s*`user`s*,s*'@'s*,s*`host`s*)</signature>
<signature id="577" format="re" child_id="-1" sever="c" title="WebShell">$MessageSubjects*=s*base64_decodes*(s*$_POSTs*[s*['"]{0,1}msgsubject['"]{0,1}s*]s*)</signature>
<signature id="578" format="re" child_id="-1" sever="c" title="WebShell">renames*(s*s*['"]{0,1}wso.php['"]{0,1}s*,</signature>
<signature id="579" format="re" child_id="-1" sever="c" title="WebShell">filepaths*=s*@*realpaths*(s*$_POSTs*[s*['"]filepath['"]s*]s*)</signature>
<signature id="580" format="re" child_id="-1" sever="c" title="WebShell">filepaths*=s*@*realpaths*(s*$_POSTs*[s*\['"]filepath\['"]s*]s*)</signature>
<signature id="581" format="re" child_id="-1" sever="c" title="WebShell">evals*(*s*base64_decodes*(*s*@*$_</signature>
<signature id="582" format="re" child_id="-1" sever="c" title="WebShell">wsoExs*(s*\['"]s*tars*cfzvs*\['"]s*.s*escapeshellargs*(s*$_POST[s*\['"]p2\['"]s*]s*)</signature>
<signature id="583" format="re" child_id="-1" sever="c" title="WebShell">WSOsetcookies*(s*md5s*(s*@*$_SERVER[s*['"]HTTP_HOST['"]s*]s*)</signature>
<signature id="584" format="re" child_id="-1" sever="c" title="WebShell">WSOsetcookies*(s*md5s*(s*@*$_SERVER[s*\['"]HTTP_HOST\['"]s*]s*)</signature>
<signature id="585" format="re" child_id="-1" sever="c" title="WebShell">$info .= (($permss*&s*0x0040)s*?(($permss*&s*0x0800)s*?s*\['"]s\['"]s*:s*\['"]x\['"]s*)s*:(($permss*&s*0x0800)s*?s*'S's*:s*'-'s*)</signature>
<signature id="586" format="re" child_id="-1" sever="c" title="WebShell">default_actions*=s*\['"]FilesMan</signature>
<signature id="587" format="re" child_id="-1" sever="c" title="WebShell">systems+files+dos+nots+delete</signature>
<signature id="588" format="re" child_id="-1" sever="c" title="WebShell">hackeds+bys+Hmei7</signature>
<signature id="589" format="re" child_id="-1" sever="c" title="WebShell">bys+Grinay</signature>
<signature id="590" format="re" child_id="-1" sever="c" title="WebShell">Captains+Crunchs+Team</signature>
<signature id="591" format="re" child_id="-1" sever="c" title="WebShell">$_(GET|POST|SERVER|COOKIE|REQUEST)[s*['"]{0,1}p2['"]{0,1}s*]s*==s*['"]{0,1}chmod['"]{0,1}</signature>
<signature id="592" format="re" child_id="-1" sever="c" title="JS Virus">userAgent|pp|http|dazalyz['"]{0,1}.split(['"]{0,1}|['"]{0,1}),0</signature>
<signature id="593" format="re" child_id="-1" sever="c" title="JS Virus">f='f'+'r'+'o'+'m'+'Ch'+'arC'+'ode';</signature>
<signature id="594" format="re" child_id="-1" sever="c" title="JS Virus">.prototype.a}catch(</signature>
<signature id="595" format="re" child_id="-1" sever="c" title="JS Virus">try{Boolean().prototype.q}catch(</signature>
<signature id="596" format="re" child_id="-1" sever="c" title="JS Virus">if(Ref.indexOf('.google.')!=</signature>
<signature id="597" format="re" child_id="-1" sever="c" title="JS Virus">indexOf|if|rc|length|msn|yahoo|referrer|altavista|ogo|bi|hp|var|aol|query</signature>
<signature id="598" format="re" child_id="-1" sever="c" title="JS Virus">Array.prototype.slice.call(arguments).join("")</signature>
<signature id="599" format="re" child_id="-1" sever="c" title="JS Virus">q=document.createElement("d"+"i"+"v");q.appendChild(q+"");}catch(qw){h=</signature>
<signature id="600" format="re" child_id="-1" sever="c" title="JS Virus">+zz;ss=[];f='fr'+'om'+'Ch';f+='arC';f+='ode';w=this;e=w[f["substr"](</signature>
<signature id="601" format="re" child_id="-1" sever="c" title="JS Virus">s5(q5){return ++q5;}function yf(sf,we){return sf.substr(we,1);}function y1(wb){if(wb==168)wb=1025;else</signature>
<signature id="602" format="re" child_id="-1" sever="c" title="JS Virus">if(navigator.userAgent.match(/(android|midp|j2me|symbian</signature>
<signature id="603" format="re" child_id="-1" sever="c" title="JS Virus">document.write('<script language="JavaScript" type="text/javascript" src="'+domain+'"></scr'+'ipt>')</signature>
<signature id="604" format="re" child_id="-1" sever="c" title="JS Virus">http://phsp.ru/_/go.php?sid=</signature>
<signature id="605" format="re" child_id="-1" sever="c" title="JS Virus"></html>s*<script</signature>
<signature id="606" format="re" child_id="-1" sever="c" title="JS Virus"></html>s*<iframe</signature>
<signature id="607" format="re" child_id="-1" sever="c" title="JS Virus">=navigator[appVersion_var].indexOf("MSIE")!=-1?'<iframe name</signature>
<signature id="608" format="re" child_id="-1" sever="c" title="JS Virus">\x65At</signature>
<signature id="609" format="re" child_id="-1" sever="c" title="JS Virus">\x61rCod</signature>
<signature id="610" format="re" child_id="-1" sever="c" title="JS Virus">"fr"+"omC"+"harCode"</signature>
<signature id="611" format="re" child_id="-1" sever="c" title="JS Virus">="ev"+"al"</signature>
<signature id="612" format="re" child_id="-1" sever="c" title="JS Virus">[((e)?"s":"")+"p"+"lit"]("a$"[((e)?"su":"")+"bstr"](1));</signature>
<signature id="613" format="re" child_id="-1" sever="c" title="JS Virus">f='fr'+'om'+'Ch';f+='arC';f+='ode';</signature>
<signature id="614" format="re" child_id="-1" sever="c" title="JS Virus">f+=(h)?'ode':"";</signature>
<signature id="615" format="re" child_id="-1" sever="c" title="JS Virus">f='f'+'r'+'o'+'m'+'Ch'+'arC'+'ode';</signature>
<signature id="616" format="re" child_id="-1" sever="c" title="JS Virus">f='fromCh';f+='arC';f+='qgode'["substr"](2);</signature>
<signature id="617" format="re" child_id="-1" sever="c" title="JS Virus">vars+div_colors</signature>
<signature id="618" format="re" child_id="-1" sever="c" title="JS Virus">vars+_0x</signature>
<signature id="619" format="re" child_id="-1" sever="c" title="JS Virus">CoreLibrariesHandler</signature>
<signature id="620" format="re" child_id="-1" sever="c" title="JS Virus">pingnow</signature>
<signature id="621" format="re" child_id="-1" sever="c" title="JS Virus">serchbot</signature>
<signature id="622" format="re" child_id="-1" sever="c" title="JS Virus">km0ae9gr6m</signature>
<signature id="623" format="re" child_id="-1" sever="c" title="JS Virus">c3284d</signature>
<signature id="624" format="re" child_id="-1" sever="c" title="JS Virus">\x68arC</signature>
<signature id="625" format="re" child_id="-1" sever="c" title="JS Virus">\x6dCha</signature>
<signature id="626" format="re" child_id="-1" sever="c" title="JS Virus">\x6fde</signature>
<signature id="627" format="re" child_id="-1" sever="c" title="JS Virus">\x6fde</signature>
<signature id="628" format="re" child_id="-1" sever="c" title="JS Virus">\x43ode</signature>
<signature id="629" format="re" child_id="-1" sever="c" title="JS Virus">\x72om</signature>
<signature id="630" format="re" child_id="-1" sever="c" title="JS Virus">\x43ha</signature>
<signature id="631" format="re" child_id="-1" sever="c" title="JS Virus">\x72Co</signature>
<signature id="632" format="re" child_id="-1" sever="c" title="JS Virus">\x43ode</signature>
<signature id="633" format="re" child_id="-1" sever="c" title="JS Virus">.dyndns.</signature>
<signature id="634" format="re" child_id="-1" sever="c" title="JS Virus">.dyndns-</signature>
<signature id="635" format="re" child_id="-1" sever="c" title="JS Virus">}s*elses*{s*document.writes*(s*['"]{0,1}.['"]{0,1})s*}s*}s*R(s*)</signature>
<signature id="636" format="re" child_id="-1" sever="c" title="JS Virus">document.write(unescape('%3Cdiv%20id%3D%22</signature>
<signature id="637" format="re" child_id="-1" sever="c" title="JS Virus">.bitcoinplus.com</signature>
<signature id="638" format="re" child_id="-1" sever="c" title="JS Virus">.split("&&");h=2;s="";if(m)for(i=0;</signature>
<signature id="639" format="re" child_id="-1" sever="c" title="JS Virus"><iframes+src="http://deluxesclicks.pro/</signature>
<signature id="640" format="re" child_id="-1" sever="c" title="JS Virus">3Bfor|fromCharCode|2C27|3D|2C88|unescape</signature>
<signature id="641" format="re" child_id="-1" sever="c" title="JS Virus">;s*document.write(['"]{0,1}<iframes*src="http://ya.ru</signature>
<signature id="642" format="re" child_id="-1" sever="c" title="JS Virus">w.document.body.appendChild(script);s*clearInterval(i);s*}s*}s*,s*d+s*)s*;s*}s*)(s*window</signature>
<signature id="643" format="re" child_id="-1" sever="c" title="JS Virus">if(!g()&&window.navigator.cookieEnabled){document.cookie="1=1;expires="+e.toGMTString()+";path=/";</signature>
<signature id="644" format="re" child_id="-1" sever="c" title="JS Virus">nn_param_preloader_container|5001|hidden|innerHTML|inject|visible</signature>
<signature id="645" format="re" child_id="-1" sever="c" title="JS Virus"><!-- [a-zA-Z0-9_]+?||stat --></signature>
<signature id="646" format="re" child_id="-1" sever="c" title="JS Virus">&parameter=$keyword&se=$se&ur=1&HTTP_REFERER='+encodeURIComponent(document.URL)</signature>
<signature id="647" format="re" child_id="-1" sever="c" title="JS Virus">windows|series|60|symbos|ce|mobile|symbian</signature>
<signature id="648" format="re" child_id="-1" sever="c" title="JS Virus">[['"]eval['"]](s);}}}}</script></signature>
<signature id="649" format="re" child_id="-1" sever="c" title="JS Virus">kC70FMblyJkFWZodCKl1WYOdWYUlnQzRnbl1WZsVEdldmL05WZtV3YvRGI9</signature>
<signature id="650" format="re" child_id="-1" sever="c" title="JS Virus">{k=i;s=s.concat(ss(eval(asq())-1));}z=s;eval(</signature>
<signature id="651" format="re" child_id="-1" sever="c" title="JS Virus">document.cookie.match(news+RegExp(s*"(?:^|; )"s*+s*name.replace(/([\.$?*|{}\(\)\[\]\/\+^])/g</signature>
<signature id="652" format="re" child_id="-1" sever="c" title="JS Virus">setCookies*(*s*"arx_tt"s*,s*1s*,s*dt.toGMTString()s*,s*['"]{0,1}/['"]{0,1}</signature>
<signature id="653" format="re" child_id="-1" sever="c" title="JS Virus">document.cookie.matchs*(s*news+RegExps*(s*"(?:^|;s*)"s*+s*name.replaces*(/([\.$?*|{}\(\)\[\]\/\+^])/g</signature>
<signature id="654" format="re" child_id="-1" sever="c" title="JS Virus">vars+dts+=s+news+Date(),s+expiryTimes+=s+dt.setTime(s+dt.getTime()s++s+900000000</signature>
<signature id="655" format="re" child_id="-1" sever="c" title="JS Virus">ifs*(s*nums*===s*0s*)s*{s*returns*1;s*}s*elses*{s*returns+nums**s*rFact(s*nums*-s*1</signature>
<signature id="656" format="re" child_id="-1" sever="c" title="JS Virus">+=String.fromCharCode(parseInt(0+'x'</signature>
<signature id="657" format="re" child_id="-1" sever="c" title="JS Virus"><scripts+language="JavaScript">s*parent.window.opener.location="http://vk.com</signature>
<signature id="658" format="re" child_id="-1" sever="c" title="JS Virus">location.replace(['"]{0,1}http://v5k45.ru</signature>
<signature id="659" format="re" child_id="-1" sever="c" title="JS Virus">;try{++document.body}catch(q){aa=function(ff){for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-12);}};}</signature>
<signature id="660" format="re" child_id="-1" sever="c" title="JS Virus">document.writes*(['"]{0,1}<['"]{0,1}s*+s*x[0]s*+s*['"]{0,1} ['"]{0,1}s*+s*x[4]s*+s*['"]{0,1}>.['"]{0,1}s*+xs*[2]s*+</signature>
<signature id="661" format="re" child_id="-1" sever="c" title="JS Virus">if(t.length==2){z+=String.fromCharCode(parseInt(t)+</signature>
<signature id="662" format="re" child_id="-1" sever="c" title="JS Virus">window.onloads*=s*function()s*{s*ifs*(document.cookie.indexOf(</signature>
<signature id="663" format="re" child_id="-1" sever="c" title="JS Virus">.style.heights*=s*['"]{0,1}0px['"]{0,1};window.onloads*=s*function()s*{document.cookie</signature>
<signature id="664" format="re" child_id="-1" sever="c" title="JS Virus">.src=(['"]{0,1}htps:['"]{0,1}==document.location.protocol?['"]{0,1}https://ssl['"]{0,1}:['"]{0,1}http://['"]{0,1})+</signature>
<signature id="665" format="re" child_id="-1" sever="c" title="JS Virus">404.php['"]{0,1}>s*</script></signature>
<signature id="666" format="re" child_id="-1" sever="c" title="JS Virus">preg_match(['"]{0,1}/sape/i['"]{0,1}s*,s*$_SERVER[['"]{0,1}HTTP_REFERER</signature>
<signature id="667" format="re" child_id="-1" sever="c" title="JS Virus">div.innerHTMLs*+=s*['"]{0,1}<embeds+id="dummy2"s+name="dummy2"s+src</signature>
<signature id="668" format="re" child_id="-1" sever="c" title="JS Virus">setTimeout(['"]{0,1}addNewObject()['"]{0,1},d+);}}};addNewObject()</signature>
<signature id="669" format="re" child_id="-1" sever="c" title="JS Virus">(b=document).head.appendChild(b.createElement</signature>
<signature id="670" format="re" child_id="-1" sever="c" title="JS Virus">Chrome|iPad|iPhone|IEMobile</signature>
<signature id="671" format="re" child_id="-1" sever="c" title="JS Virus">$:({}+"")[$]</signature>
<signature id="672" format="re" child_id="-1" sever="c" title="JS Virus">-s*PayPals*</title></signature>
<signature id="673" format="re" child_id="-1" sever="c" title="JS Virus">-s*Privatis*</title></signature>
<signature id="674" format="re" child_id="-1" sever="c" title="JS Virus"><title>s*UniCredit</signature>
<signature id="675" format="re" child_id="-1" sever="c" title="JS Virus">Banks+ofs+America</signature>
<signature id="676" format="re" child_id="-1" sever="c" title="JS Virus">Alibaba&nbsp;Manufacturer</signature>
<signature id="677" format="re" child_id="-1" sever="c" title="JS Virus">Hongs+Leongs+Online</signature>
<signature id="678" format="re" child_id="-1" sever="c" title="JS Virus">Yours+accounts+|s+Logs+in</signature>
<signature id="679" format="re" child_id="-1" sever="c" title="JS Virus">Signs+ins+tos+Yahoo</signature>
<signature id="680" format="re" child_id="-1" sever="c" title="JS Virus">BANCOLOMBIA</signature>
<signature id="681" format="re" child_id="-1" sever="c" title="JS Virus"><title>s*Amazon</signature>
<signature id="682" format="re" child_id="-1" sever="c" title="JS Virus"><title>s*Apple</signature>
<signature id="683" format="re" child_id="-1" sever="c" title="JS Virus"><title>Googles+Secure</signature>
<signature id="684" format="re" child_id="-1" sever="c" title="JS Virus"><title>Meraks+Mails+Server</signature>
<signature id="685" format="re" child_id="-1" sever="c" title="JS Virus"><title>Sockets+Webmail</signature>
<signature id="686" format="re" child_id="-1" sever="c" title="JS Virus"><title>[L_QUERY]</signature>
<signature id="687" format="re" child_id="-1" sever="c" title="JS Virus"><title>ANZs+Internets+Banking</signature>
<signature id="688" format="re" child_id="-1" sever="c" title="JS Virus">com.websterbank.servlets.Login</signature>
<signature id="689" format="re" child_id="-1" sever="c" title="JS Virus">{position:absolute;top:-9999px;}</style><divs+class=</signature>
<signature id="690" format="re" child_id="-1" sever="c" title="JS Virus">ifs*((ua.indexOf(['"]{0,1}chrome['"]{0,1})s*==s*-1s*&&s*ua.indexOf("win")s*!=s*-1)s*&&s*navigator.javaEnabled</signature>
<signature id="691" format="re" child_id="-1" sever="c" title="JS Virus">parent.window.opener.location=['"]{0,1}http://vk.com.</signature>
<signature id="692" format="re" child_id="-1" sever="c" title="JS Virus">].substr(0,1));}}return this;},\u00</signature>
<signature id="693" format="re" child_id="-1" sever="c" title="JS Virus">javascript|head|toLowerCase|chrome|win|javaEnabled|appendChild</signature>
<signature id="694" format="re" child_id="-1" sever="c" title="JS Virus">loadPNGData(strFile,</signature>
<signature id="695" format="re" child_id="-1" sever="c" title="JS Virus">);if(!~(['"]{0,1}</signature>
<signature id="696" format="re" child_id="-1" sever="c" title="JS Virus">//s*Some.devices.are</signature>
<signature id="697" format="re" child_id="-1" sever="c" title="JS Virus">striposs*(s*f_haystacks*,s*f_needles*,s*f_offset</signature>
<signature id="698" format="re" child_id="-1" sever="c" title="JS Virus">window.onerrors*=s*killerrors</signature>
<signature id="699" format="re" child_id="-1" sever="c" title="JS Virus">check_user_agent=[s*['"]{0,1}Lunascape['"]{0,1}s*,s*['"]{0,1}iPhone['"]{0,1}s*,s*['"]{0,1}Macintosh</signature>
<signature id="700" format="re" child_id="-1" sever="c" title="JS Virus">document.write(['"]{0,1}<['"]{0,1}+['"]{0,1}i['"]{0,1}+['"]{0,1}f['"]{0,1}+['"]{0,1}r['"]{0,1}+['"]{0,1}a['"]{0,1}+['"]{0,1}m['"]{0,1}+['"]{0,1}e</signature>
<signature id="701" format="re" child_id="-1" sever="c" title="JS Virus">sexfromindia.com</signature>
<signature id="702" format="re" child_id="-1" sever="c" title="JS Virus">filekx.com</signature>
<signature id="703" format="re" child_id="-1" sever="c" title="JS Virus">stummann.net</signature>
<signature id="704" format="re" child_id="-1" sever="c" title="JS Virus">http://xzx.pm</signature>
<signature id="705" format="re" child_id="-1" sever="c" title="JS Virus">.hopto.me/jquery</signature>
<signature id="706" format="re" child_id="-1" sever="c" title="JS Virus">mobi-go.in</signature>
<signature id="707" format="re" child_id="-1" sever="c" title="JS Virus">bankofamerica.com</signature>
<signature id="708" format="re" child_id="-1" sever="c" title="JS Virus">myfilestore.com</signature>
<signature id="709" format="re" child_id="-1" sever="c" title="JS Virus">filestore72.info</signature>
<signature id="710" format="re" child_id="-1" sever="c" title="JS Virus">file2store.info</signature>
<signature id="711" format="re" child_id="-1" sever="c" title="JS Virus">url2short.info</signature>
<signature id="712" format="re" child_id="-1" sever="c" title="JS Virus">filestore123.info</signature>
<signature id="713" format="re" child_id="-1" sever="c" title="JS Virus">url123.info</signature>
<signature id="714" format="re" child_id="-1" sever="c" title="JS Virus">dollarade.com</signature>
<signature id="715" format="re" child_id="-1" sever="c" title="JS Virus">secclik.ru</signature>
<signature id="716" format="re" child_id="-1" sever="c" title="JS Virus">moby-aa.ru</signature>
<signature id="717" format="re" child_id="-1" sever="c" title="JS Virus">servload.ru</signature>
<signature id="718" format="re" child_id="-1" sever="c" title="JS Virus">nnn.pm</signature>
<signature id="719" format="re" child_id="-1" sever="c" title="JS Virus">stripos(navigator.userAgents*,s*list_data[i</signature>
<signature id="720" format="re" child_id="-1" sever="c" title="JS Virus">ifs*(!see_user_agent()</signature>
<signature id="721" format="re" child_id="-1" sever="c" title="JS Virus">c.length);}returns*['"]['"];}if(!getCookie</signature>
<signature id="722" format="re" child_id="-1" sever="w" title="Suspicious Code">@*extracts*(</signature>
<signature id="723" format="re" child_id="-1" sever="w" title="Suspicious Code">@*extracts*$</signature>
<signature id="724" format="re" child_id="-1" sever="w" title="Suspicious Code">['"]eval['"]</signature>
<signature id="725" format="re" child_id="-1" sever="w" title="Suspicious Code">['"]base64_decode['"]</signature>
<signature id="726" format="re" child_id="-1" sever="w" title="Suspicious Code">['"]create_function['"]</signature>
<signature id="727" format="re" child_id="-1" sever="w" title="Suspicious Code">['"]assert['"]</signature>
<signature id="728" format="re" child_id="-1" sever="w" title="Suspicious Code">foreachs*(s*$emailss+ass+$emails*)</signature>
<signature id="729" format="re" child_id="-1" sever="w" title="Suspicious Code">Spammer</signature>
<signature id="730" format="re" child_id="-1" sever="w" title="Suspicious Code">evals*['"($]</signature>
<signature id="731" format="re" child_id="-1" sever="w" title="Suspicious Code">asserts*['"($]</signature>
<signature id="732" format="re" child_id="-1" sever="w" title="Suspicious Code">srpath://../../../..</signature>
<signature id="733" format="re" child_id="-1" sever="w" title="Suspicious Code">phpinfos*(</signature>
<signature id="734" format="re" child_id="-1" sever="w" title="Suspicious Code">SHOWs+DATABASES</signature>
<signature id="735" format="re" child_id="-1" sever="w" title="Suspicious Code">bpopens*(</signature>
<signature id="736" format="re" child_id="-1" sever="w" title="Suspicious Code">execs*(</signature>
<signature id="737" format="re" child_id="-1" sever="w" title="Suspicious Code">bsystems*(</signature>
<signature id="738" format="re" child_id="-1" sever="w" title="Suspicious Code">bpassthrus*(</signature>
<signature id="739" format="re" child_id="-1" sever="w" title="Suspicious Code">bproc_opens*(</signature>
<signature id="740" format="re" child_id="-1" sever="w" title="Suspicious Code">shell_execs*(</signature>
<signature id="741" format="re" child_id="-1" sever="w" title="Suspicious Code">ini_restores*(</signature>
<signature id="742" format="re" child_id="-1" sever="w" title="Suspicious Code">bdls*(</signature>
<signature id="743" format="re" child_id="-1" sever="w" title="Suspicious Code">bsymlinks*(</signature>
<signature id="744" format="re" child_id="-1" sever="w" title="Suspicious Code">bchgrps*(</signature>
<signature id="745" format="re" child_id="-1" sever="w" title="Suspicious Code">bini_sets*(</signature>
<signature id="746" format="re" child_id="-1" sever="w" title="Suspicious Code">bputenvs*(</signature>
<signature id="747" format="re" child_id="-1" sever="w" title="Suspicious Code">getmyuids*(</signature>
<signature id="748" format="re" child_id="-1" sever="w" title="Suspicious Code">fsockopens*(</signature>
<signature id="749" format="re" child_id="-1" sever="w" title="Suspicious Code">posix_setuids*(</signature>
<signature id="750" format="re" child_id="-1" sever="w" title="Suspicious Code">posix_setsids*(</signature>
<signature id="751" format="re" child_id="-1" sever="w" title="Suspicious Code">posix_setpgids*(</signature>
<signature id="752" format="re" child_id="-1" sever="w" title="Suspicious Code">posix_kills*(</signature>
<signature id="753" format="re" child_id="-1" sever="w" title="Suspicious Code">apache_child_terminates*(</signature>
<signature id="754" format="re" child_id="-1" sever="w" title="Suspicious Code">bchmods*(</signature>
<signature id="755" format="re" child_id="-1" sever="w" title="Suspicious Code">bchdirs*(</signature>
<signature id="756" format="re" child_id="-1" sever="w" title="Suspicious Code">pcntl_execs*(</signature>
<signature id="757" format="re" child_id="-1" sever="w" title="Suspicious Code">bvirtuals*(</signature>
<signature id="758" format="re" child_id="-1" sever="w" title="Suspicious Code">proc_closes*(</signature>
<signature id="759" format="re" child_id="-1" sever="w" title="Suspicious Code">proc_get_statuss*(</signature>
<signature id="760" format="re" child_id="-1" sever="w" title="Suspicious Code">proc_terminates*(</signature>
<signature id="761" format="re" child_id="-1" sever="w" title="Suspicious Code">proc_nices*(</signature>
<signature id="762" format="re" child_id="-1" sever="w" title="Suspicious Code">getmygids*(</signature>
<signature id="763" format="re" child_id="-1" sever="w" title="Suspicious Code">proc_getstatuss*(</signature>
<signature id="764" format="re" child_id="-1" sever="w" title="Suspicious Code">proc_closes*(</signature>
<signature id="765" format="re" child_id="-1" sever="w" title="Suspicious Code">escapeshellcmds*(</signature>
<signature id="766" format="re" child_id="-1" sever="w" title="Suspicious Code">escapeshellargs*(</signature>
<signature id="767" format="re" child_id="-1" sever="w" title="Suspicious Code">show_sources*(</signature>
<signature id="768" format="re" child_id="-1" sever="w" title="Suspicious Code">bpcloses*(</signature>
<signature id="769" format="re" child_id="-1" sever="w" title="Suspicious Code">safe_dirs*(</signature>
<signature id="770" format="re" child_id="-1" sever="w" title="Suspicious Code">ini_restores*(</signature>
<signature id="771" format="re" child_id="-1" sever="w" title="Suspicious Code">chowns*(</signature>
<signature id="772" format="re" child_id="-1" sever="w" title="Suspicious Code">chgrps*(</signature>
<signature id="773" format="re" child_id="-1" sever="w" title="Suspicious Code">shown_sources*(</signature>
<signature id="774" format="re" child_id="-1" sever="w" title="Suspicious Code">mysql_list_dbss*(</signature>
<signature id="775" format="re" child_id="-1" sever="w" title="Suspicious Code">get_current_users*(</signature>
<signature id="776" format="re" child_id="-1" sever="w" title="Suspicious Code">getmyids*(</signature>
<signature id="777" format="re" child_id="-1" sever="w" title="Suspicious Code">bleaks*(</signature>
<signature id="778" format="re" child_id="-1" sever="w" title="Suspicious Code">pfsockopens*(</signature>
<signature id="779" format="re" child_id="-1" sever="w" title="Suspicious Code">get_current_users*(</signature>
<signature id="780" format="re" child_id="-1" sever="w" title="Suspicious Code">syslogs*(</signature>
<signature id="781" format="re" child_id="-1" sever="w" title="Suspicious Code">$default_use_ajax</signature>
<signature id="782" format="re" child_id="-1" sever="w" title="Suspicious Code">evals*(*s*unescape</signature>
<signature id="783" format="re" child_id="-1" sever="w" title="Suspicious Code">FLoodeR</signature>
<signature id="784" format="re" child_id="-1" sever="w" title="Suspicious Code">document.writes*(s*unescape</signature>
<signature id="785" format="re" child_id="-1" sever="w" title="Suspicious Code">bcopys*(</signature>
<signature id="786" format="re" child_id="-1" sever="w" title="Suspicious Code">move_uploaded_files*(</signature>
<signature id="787" format="re" child_id="-1" sever="w" title="Suspicious Code">.333333</signature>
<signature id="788" format="re" child_id="-1" sever="w" title="Suspicious Code">.666666</signature>
<signature id="789" format="re" child_id="-1" sever="w" title="Suspicious Code">rounds*(*s*0s*)*</signature>
<signature id="790" format="re" child_id="-1" sever="w" title="Suspicious Code">copys*(*s*$_FILESs*[s*['"]{0,1}file['"]{0,1}s*][s*['"]{0,1}tmp_name['"]{0,1}s*]s*,s*$uploadfile</signature>
<signature id="791" format="re" child_id="-1" sever="w" title="Suspicious Code">move_uploaded_filess*(*s*$_FILESs*[s*['"]{0,1}file['"]{0,1}s*][s*['"]{0,1}tmp_name['"]{0,1}s*]s*,s*$uploadfile</signature>
<signature id="792" format="re" child_id="-1" sever="w" title="Suspicious Code">ini_gets*(s*['"]{0,1}disable_functions['"]{0,1}</signature>
<signature id="793" format="re" child_id="-1" sever="w" title="Suspicious Code">UNIONs+SELECTs+['"]{0,1}0['"]{0,1}</signature>
<signature id="794" format="re" child_id="-1" sever="w" title="Suspicious Code">2s*>s*&1</signature>
<signature id="795" format="re" child_id="-1" sever="w" title="Suspicious Code">echos*(*s*$_SERVER[['"]{0,1}DOCUMENT_ROOT['"]{0,1}]</signature>
<signature id="796" format="re" child_id="-1" sever="w" title="Suspicious Code">=s*Arrays*(*s*base64_decodes*(*</signature>
<signature id="797" format="re" child_id="-1" sever="w" title="Suspicious Code">killalls+-d+</signature>
<signature id="798" format="re" child_id="-1" sever="w" title="Suspicious Code">eriuqer</signature>
<signature id="799" format="re" child_id="-1" sever="w" title="Suspicious Code">touchs*(</signature>
<signature id="800" format="re" child_id="-1" sever="w" title="Suspicious Code">sshkeys</signature>
<signature id="801" format="re" child_id="-1" sever="w" title="Suspicious Code">@include</signature>
<signature id="802" format="re" child_id="-1" sever="w" title="Suspicious Code">@require</signature>
<signature id="803" format="re" child_id="-1" sever="w" title="Suspicious Code">ifs*(mails*(s*$to,s*$subject,s*$message,s*$headers</signature>
<signature id="804" format="re" child_id="-1" sever="w" title="Suspicious Code">@ini_sets*(*['"]{0,1}allow_url_fopen</signature>
<signature id="805" format="re" child_id="-1" sever="w" title="Suspicious Code">@file_get_contents</signature>
<signature id="806" format="re" child_id="-1" sever="w" title="Suspicious Code">file_put_contents</signature>
<signature id="807" format="re" child_id="-1" sever="w" title="Suspicious Code">androids*|s*midps*|s*j2mes*|s*symbian</signature>
<signature id="808" format="re" child_id="-1" sever="w" title="Suspicious Code">@setcookies*(*['"]{0,1}hit</signature>
<signature id="809" format="re" child_id="-1" sever="w" title="Suspicious Code">@fileowner</signature>
<signature id="810" format="re" child_id="-1" sever="w" title="Suspicious Code"><kuku></signature>
<signature id="811" format="re" child_id="-1" sever="w" title="Suspicious Code">sypex</signature>
<signature id="812" format="re" child_id="-1" sever="w" title="Suspicious Code">$beecode</signature>
<signature id="813" format="re" child_id="-1" sever="w" title="Suspicious Code">Backdoor</signature>
<signature id="814" format="re" child_id="-1" sever="w" title="Suspicious Code">php_unames*(</signature>
<signature id="815" format="re" child_id="-1" sever="w" title="Suspicious Code">mails*(*s*$tos*,s*$subjs*,s*$msgs*,s*$from</signature>
<signature id="816" format="re" child_id="-1" sever="w" title="Suspicious Code">echos*['"]<script>s*alert(</signature>
<signature id="817" format="re" child_id="-1" sever="w" title="Suspicious Code">mails*(*s*$sends*,s*$subjects*,s*$headerss*,s*$message</signature>
<signature id="818" format="re" child_id="-1" sever="w" title="Suspicious Code">mails*(*s*$tos*,s*$subjects*,s*$messages*,s*$headers</signature>
<signature id="819" format="re" child_id="-1" sever="w" title="Suspicious Code">strposs*(*s*$names*,s*['"]{0,1}HTTP_['"]{0,1}s*)*s*!==s*0s*&&s*strposs*(*s*$names*,s*['"]{0,1}REQUEST_</signature>
<signature id="820" format="re" child_id="-1" sever="w" title="Suspicious Code">is_function_enableds*(s*['"]{0,1}ignore_user_abort</signature>
<signature id="821" format="re" child_id="-1" sever="w" title="Suspicious Code">echos*(*s*file_get_contents</signature>
<signature id="822" format="re" child_id="-1" sever="w" title="Suspicious Code">echos*(*['"]{0,1}<script</signature>
<signature id="823" format="re" child_id="-1" sever="w" title="Suspicious Code">prints*(*s*file_get_contents</signature>
<signature id="824" format="re" child_id="-1" sever="w" title="Suspicious Code">prints*(*['"]{0,1}<script</signature>
<signature id="825" format="re" child_id="-1" sever="w" title="Suspicious Code"><marquees+styles*=s*['"]{0,1}positions*:s*absolutes*;s*widths*:s*d+s*pxs*</signature>
<signature id="826" format="re" child_id="-1" sever="w" title="Suspicious Code">=s*['"]{0,1}../../../wp-config.php</signature>
<signature id="827" format="re" child_id="-1" sever="w" title="Suspicious Code">eggdrop</signature>
<signature id="828" format="re" child_id="-1" sever="w" title="Suspicious Code">rwxrwxrwx</signature>
<signature id="829" format="re" child_id="-1" sever="w" title="Suspicious Code">error_reporting</signature>
<signature id="830" format="re" child_id="-1" sever="w" title="Suspicious Code">bcreate_function</signature>
<signature id="831" format="re" child_id="-1" sever="w" title="Suspicious Code">{s*positions*:s*absolute;s*lefts*:s*-</signature>
<signature id="832" format="re" child_id="-1" sever="w" title="Suspicious Code"><scripts+async</signature>
<signature id="833" format="re" child_id="-1" sever="w" title="Suspicious Code">_['"]{0,1}s*]s*=s*Arrays*(s*base64_decodes*(*s*['"]{0,1}</signature>
<signature id="834" format="re" child_id="-1" sever="w" title="Suspicious Code">AddTypes+application/x-httpd-cgi</signature>
<signature id="835" format="re" child_id="-1" sever="w" title="Suspicious Code">getenvs*(*s*['"]{0,1}HTTP_COOKIE['"]{0,1}</signature>
<signature id="836" format="re" child_id="-1" sever="w" title="Suspicious Code">ignore_user_aborts*(*s*['"]{0,1}1['"]{0,1}</signature>
<signature id="837" format="re" child_id="-1" sever="w" title="Suspicious Code">$_REQUESTs*[s*%22</signature>
<signature id="838" format="re" child_id="-1" sever="w" title="Suspicious Code">urls*(['"]{0,1}datas*:s*image/png;s*base64s*,</signature>
<signature id="839" format="re" child_id="-1" sever="w" title="Suspicious Code">urls*(['"]{0,1}datas*:s*image/gif;s*base64s*,</signature>
<signature id="840" format="re" child_id="-1" sever="w" title="Suspicious Code">:s*urls*(s*['"]{0,1}<?php</signature>
<signature id="841" format="re" child_id="-1" sever="w" title="Suspicious Code"></html>.+?<script</signature>
<signature id="842" format="re" child_id="-1" sever="w" title="Suspicious Code"></html>.+?<iframe</signature>
<signature id="843" format="re" child_id="-1" sever="w" title="Suspicious Code">(ftp_exec|system|shell_exec|passthru|popen|proc_open)s*['"($]</signature>
<signature id="844" format="re" child_id="-1" sever="w" title="Suspicious Code">bmails*(</signature>
<signature id="845" format="re" child_id="-1" sever="w" title="Suspicious Code">file_get_contentss*(*s*['"]{0,1}php://input</signature>
<signature id="846" format="re" child_id="-1" sever="w" title="Suspicious Code"><metas+http-equiv=['"]{0,1}Content-type['"]{0,1}s+content=['"]{0,1}text/html;s*charset=windows-1251['"]{0,1}><body></signature>
<signature id="847" format="re" child_id="-1" sever="w" title="Suspicious Code">=s*document.createElement(s*['"]{0,1}script['"]{0,1}s*);</signature>
<signature id="848" format="re" child_id="-1" sever="w" title="Suspicious Code">document.body.insertBefore(div,s*document.body.children[0]);</signature>
<signature id="849" format="re" child_id="-1" sever="w" title="Suspicious Code"><scripts+type="text/javascript"s+src="http://[a-zA-Z0-9_]+?.php"></script></signature>
<signature id="850" format="re" child_id="-1" sever="w" title="Suspicious Code">echos+['"]{0,1}ok['"]{0,1}</signature>
<signature id="851" format="re" child_id="-1" sever="w" title="Suspicious Code">/usr/sbin/sendmail</signature>
<signature id="852" format="re" child_id="-1" sever="w" title="Suspicious Code">/var/qmail/bin/sendmail</signature>
</database>