City: unknown
Region: unknown
Country: China
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.224.234.183
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12090
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;106.224.234.183. IN A
;; AUTHORITY SECTION:
. 30 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2025020500 1800 900 604800 86400
;; Query time: 36 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Feb 05 14:36:17 CST 2025
;; MSG SIZE rcvd: 108Host 183.234.224.106.in-addr.arpa. not found: 3(NXDOMAIN)Server: 183.60.83.19
Address: 183.60.83.19#53
** server can't find 183.234.224.106.in-addr.arpa: NXDOMAIN| IP | Type | Details | Datetime |
|---|---|---|---|
| 139.59.23.231 | attack | ZmEu是个phpMyAdmin脆弱性检查工具,可以发现phpMyAdmin的漏洞,从而进行攻击 139.59.23.231 - - [20/Apr/2019:10:24:06 +0800] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 498 "-" "ZmEu" 139.59.23.231 - - [20/Apr/2019:10:24:07 +0800] "GET /phpMyAdmin/setup.php HTTP/1.1" 404 477 "-" "ZmEu" 139.59.23.231 - - [20/Apr/2019:10:24:08 +0800] "GET /phpmyadmin/setup.php HTTP/1.1" 404 477 "-" "ZmEu" 139.59.23.231 - - [20/Apr/2019:10:24:10 +0800] "GET /phpmy/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu" 139.59.23.231 - - [20/Apr/2019:10:24:10 +0800] "GET /scripts/setup.php/index.php HTTP/1.1" 404 484 "-" "ZmEu" 139.59.23.231 - - [20/Apr/2019:10:24:11 +0800] "GET HTTP/1.1" 400 0 "-" "-" 139.59.23.231 - - [20/Apr/2019:10:24:12 +0800] "GET HTTP/1.1" 400 0 "-" "-" |
2019-04-20 10:49:01 |
| 176.9.41.28 | bots | seo相关爬虫,禁之 176.9.41.28 - - [24/Apr/2019:08:04:30 +0800] "GET /index.php/category/big-shots/duterte/page/4/ HTTP/1.1" 200 14012 "-" "Mozilla/5.0 (compatible; MegaIndex.ru/2.0; +http://megaindex.com/crawler)" 176.9.41.28 - - [24/Apr/2019:08:04:31 +0800] "GET /index.php/category/root/block-chain/page/7/ HTTP/1.1" 200 17919 "-" "Mozilla/5.0 (compatible; MegaIndex.ru/2.0; +http://megaindex.com/crawler)" 176.9.41.28 - - [24/Apr/2019:08:04:32 +0800] "GET /index.php/category/big-shots/duterte/page/32/ HTTP/1.1" 200 13589 "-" "Mozilla/5.0 (compatible; MegaIndex.ru/2.0; +http://megaindex.com/crawler)" 176.9.41.28 - - [24/Apr/2019:08:04:34 +0800] "GET /index.php/2018/07/25/google_2018_07_25_en/ HTTP/1.1" 200 12535 "-" "Mozilla/5.0 (compatible; MegaIndex.ru/2.0; +http://megaindex.com/crawler)" |
2019-04-24 08:05:14 |
| 27.115.124.6 | botsattack | 假百度refer 27.115.124.6 - - [18/Apr/2019:16:33:13 +0800] "GET /server-status HTTP/1.1" 403 3918 "http://www.baidu.com" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0" |
2019-04-18 16:36:00 |
| 205.205.150.9 | bots | 205.205.150.9 - - [17/Apr/2019:06:19:22 +0800] "GET / HTTP/1.1" 200 212220 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)" |
2019-04-17 08:05:47 |
| 27.115.124.6 | attack | 27.115.124.6 - - [17/Apr/2019:21:27:23 +0800] "PUT /9082addcc2ac2e12.txt HTTP/1.1" 301 194 "-" "Python-urllib/2.7" |
2019-04-17 21:30:42 |
| 52.5.70.31 | spambots | 52.5.70.31 - - [22/Apr/2019:18:27:34 +0800] "GET /index.php/2019/04/19/xiaomi_2019_04_19_en/ HTTP/1.1" 200 13454 "-" "Grammarly/1.0 (http://www.grammarly.com)" |
2019-04-22 18:28:24 |
| 183.17.127.137 | bots | 183.17.127.137 - - [21/Apr/2019:21:53:36 +0800] "HEAD / HTTP/1.1" 200 0 "https://ipinfo.asytech.cn" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" 183.17.127.137 - - [21/Apr/2019:21:53:37 +0800] "GET / HTTP/1.1" 200 10288 "https://ipinfo.asytech.cn" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" 183.17.127.137 - - [21/Apr/2019:21:53:37 +0800] "HEAD /check-ip/ HTTP/1.1" 200 0 "https://ipinfo.asytech.cn" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" 183.17.127.137 - - [21/Apr/2019:21:53:37 +0800] "GET /check-ip/ HTTP/1.1" 200 8130 "https://ipinfo.asytech.cn" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" 183.17.127.137 - - [21/Apr/2019:21:53:37 +0800] "HEAD /report-ip HTTP/1.1" 200 0 "https://ipinfo.asytech.cn" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" 183.17.127.137 - - [21/Apr/2019:21:53:37 +0800] "GET /report-ip HTTP/1.1" 200 8923 "https://ipinfo.asytech.cn" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" 183.17.127.137 - - [21/Apr/2019:21:53:37 +0800] "HEAD /faq HTTP/1.1" 200 0 "https://ipinfo.asytech.cn" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" |
2019-04-21 21:55:45 |
| 61.110.125.144 | attack | wordpress攻击 本身不是wordpress程序还搞了个wp-login 61.110.125.144 - - [18/Apr/2019:10:10:52 +0800] "GET /check-ip/5.9.61.232 HTTP/1.1" 200 8330 "https://ipinfo.asytech.cn/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" 61.110.125.144 - - [18/Apr/2019:10:10:52 +0800] "GET /wp-login.php?action=register HTTP/1.1" 404 209 "https://ipinfo.asytech.cn/" "Opera/9.80 (Windows NT 6.2; Win64; x64) Presto/2.12.388 Version/12.17" 61.110.125.144 - - [18/Apr/2019:10:10:53 +0800] "GET /wp-login.php?action=register HTTP/1.1" 404 209 "https://ipinfo.asytech.cn/wp-login.php?action=register" "Opera/9.80 (Windows NT 6.2; Win64; x64) Presto/2.12.388 Version/12.17" |
2019-04-18 10:11:48 |
| 101.226.114.193 | attack | 101.226.114.193 - - [22/Apr/2019:08:26:29 +0800] "GET /web/cgi-bin/hi3510/param.cgi?cmd%253Dgetp2pattr%2526cmd%253Dgetuserattr HTTP/1.1" 301 194 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117" 101.226.114.193 - - [22/Apr/2019:08:26:29 +0800] "GET /web/cgi-bin/hi3510/param.cgi?cmd%253Dgetp2pattr%2526cmd%253Dgetuserattr HTTP/1.1" 404 209 "http://118.25.52.138/web/cgi-bin/hi3510/param.cgi?cmd%253Dgetp2pattr%2526cmd%253Dgetuserattr" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117" |
2019-04-22 08:28:33 |
| 122.152.211.94 | botsattack | 122.152.211.94 - - [18/Apr/2019:12:23:08 +0800] "GET /login HTTP/1.1" 301 194 "-" "-" 122.152.211.94 - - [18/Apr/2019:12:23:08 +0800] "GET /customers/1 HTTP/1.1" 301 194 "-" "-" 122.152.211.94 - - [18/Apr/2019:12:23:08 +0800] "GET /gs-guide-websocket/803/a8vbaovq/htmlfile?c=_jp.local HTTP/1.1" 301 194 "-" "-" 122.152.211.94 - - [18/Apr/2019:12:23:08 +0800] "GET /console/login/LoginForm.jsp HTTP/1.1" 301 194 "-" "-" 122.152.211.94 - - [18/Apr/2019:12:23:08 +0800] "POST /index.php?s=captcha HTTP/1.1" 301 194 "-" "-" 122.152.211.94 - - [18/Apr/2019:12:23:08 +0800] "GET /index.php?s=/Index/\\x5Cthink\\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=abc HTTP/1.1" 301 194 "-" "-" 122.152.211.94 - - [18/Apr/2019:12:23:08 +0800] "POST /website/blog/ HTTP/1.1" 301 194 "-" "-" |
2019-04-18 12:23:38 |
| 106.2.125.215 | botsproxy | 106.2.125.215 - - [23/Apr/2019:11:06:07 +0800] "\\x04\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00" 400 182 "-" "-" 106.2.125.215 - - [23/Apr/2019:11:06:07 +0800] "\\x05\\x03\\x00\\x01\\x02" 400 182 "-" "-" 106.2.125.215 - - [23/Apr/2019:11:06:07 +0800] "GET http://baidu.com/ HTTP/1.1" 301 194 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" |
2019-04-23 11:08:28 |
| 181.209.64.98 | bots | 181.209.64.98 - - [22/Apr/2019:10:38:45 +0800] "GET /check-ip/94.36.13.15 HTTP/1.1" 200 8293 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; pt-BR; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 GTB7.1" 181.209.64.98 - - [22/Apr/2019:10:39:08 +0800] "GET /check-ip/94.36.13.15 HTTP/1.1" 200 8435 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; ja; rv:1.9.2.4) Gecko/20100513 Firefox/3.6.4 ( .NET CLR 3.5.30729)" 181.209.64.98 - - [22/Apr/2019:10:39:28 +0800] "GET /check-ip/94.36.13.15 HTTP/1.1" 200 8168 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.3) Gecko/20121221 Firefox/3.6.8" 181.209.64.98 - - [22/Apr/2019:10:39:50 +0800] "GET /check-ip/94.36.13.15 HTTP/1.1" 200 8149 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:17.0) Gecko/20100101 Firefox/17.0.6" |
2019-04-22 10:41:06 |
| 81.209.177.189 | bots | 建议屏蔽 81.209.177.189 - - [19/Apr/2019:20:24:13 +0800] "GET /check-ip/103.28.161.75/ HTTP/1.1" 200 8318 "-" "netEstate NE Crawler (+http://www.website-datenbank.de/)" 81.209.177.136 - - [19/Apr/2019:20:24:34 +0800] "GET /check-ip/216.170.115.107/ HTTP/1.1" 200 8450 "-" "netEstate NE Crawler (+http://www.website-datenbank.de/)" 81.209.177.189 - - [19/Apr/2019:20:24:44 +0800] "GET /check-ip/170.239.229.3/ HTTP/1.1" 200 9318 "-" "netEstate NE Crawler (+http://www.website-datenbank.de/)" 81.209.177.189 - - [19/Apr/2019:20:24:54 +0800] "GET /check-ip/35.192.96.39/ HTTP/1.1" 200 8547 "-" "netEstate NE Crawler (+http://www.website-datenbank.de/)" |
2019-04-19 20:27:29 |
| 178.62.232.43 | botsattack | 178.62.232.43 - - [18/Apr/2019:08:32:24 +0800] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu" 178.62.232.43 - - [18/Apr/2019:08:32:24 +0800] "GET /pma/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu" 178.62.232.43 - - [18/Apr/2019:08:32:24 +0800] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu" 178.62.232.43 - - [18/Apr/2019:08:32:24 +0800] "GET /phpmy/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu" 178.62.232.43 - - [18/Apr/2019:08:32:24 +0800] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 301 194 "-" "ZmEu" |
2019-04-18 08:35:01 |
| 185.132.133.23 | proxy | 可能是代理检测吧 185.132.133.23 - - [19/Apr/2019:18:21:50 +0800] "CONNECT mobile.chomikuj.pl:80 HTTP/1.1" 400 182 "-" "-" |
2019-04-19 18:22:44 |