phpd.local

phpd.local

Start a native PHP SOCKS daemon on a random TCP port between 20000 and 60000

Origin

IP adress 212.129.14.102

DNS name c2s3.id-clic.com

Adress space 212.129.0.0/18AS12876, Tiscali Telecom France

Domain Name: id-clic.com
Registry Domain ID: 32367445_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2017-07-20T16:42:38Z
Creation Date: 2000-08-04T14:00:18Z
Registrar Registration Expiration Date: 2018-08-04T14:00:18Z
Registrar: GANDI SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +33.170377661

traceroute to 212.129.14.102 (212.129.14.102), 30 hops max, 60 byte packets
 1  baldur.intranet (10.0.0.1)  0.947 ms  1.003 ms  1.647 ms
 2  129-45-246-162.versonetworks.net (162.246.45.129)  44.755 ms  44.774 ms  45.231 ms
 3  10.100.100.1 (10.100.100.1)  49.348 ms  49.206 ms  49.225 ms
 4  v231.core1.den1.he.net (216.66.73.25)  53.190 ms  52.966 ms  53.602 ms
 5  100ge14-1.core1.mci3.he.net (184.105.64.50)  63.921 ms  64.123 ms  64.278 ms
 6  100ge8-1.core2.chi1.he.net (184.105.81.210)  96.475 ms  85.250 ms  85.399 ms
 7  100ge16-1.core1.nyc4.he.net (184.105.223.162)  115.813 ms  77.058 ms  77.491 ms
 8  100ge4-1.core1.par2.he.net (184.105.81.78)  173.413 ms  173.215 ms  173.499 ms
 9  online.par.franceix.net (37.49.237.27)  157.325 ms  157.671 ms online-dc2.par.franceix.net (37.49.237.111)  157.690 ms
10  195.154.2.7 (195.154.2.7)  156.784 ms 195.154.2.5 (195.154.2.5)  151.218 ms 195.154.2.7 (195.154.2.7)  151.723 ms
11  c2s3.id-clic.com (212.129.14.102)  127.751 ms  149.415 ms  149.161 ms

195.154.2.7 also in AS12876, in Paris.

Decoding

1. Hand edit 212.129.14.102WhXxL9VetVmI7bWMt89GZQAAAAE.wso.scans to produce dc1.php
2. Execute dc1.php to get file phpd.local, which is a phar file.
3. Extract: phar extract -f phpd.local Contents in directory extracted/