我就在塘沽，Twitter上也回复过你，这边我就知道有58和搜狐视频。

@hewigovens keyboard maestro 你试试

kayboard maestro?

楼主你还不快上，弥补这个领域的空白，呵呵。

macbook pro 大降价

对，分开买，非常不厚道，我买了mac版的，效果还行。

@axuahui 玩儿法有评测，两周后我们会和官方搞一个Hider 2的Giveaway

有可能是ZF要刺激居民购房

X-Mirage和Bits 必入~

正常，这么大的软件项目必须要作促销活动才能维持销量

@764664 嗯 確實因為自己的疏忽，沒有理睬他們的通知，這檯服務器是我用來做測試用的

@a2z 嗯 謝謝 我已經和他們解釋了，就說自己不會任何hack技術

@a2z 那還能找他們回復我的賬戶嗎？

We have noticed suspicious activity from 162.243.149.107 aimed at one of our servers.
Please investigate this host and disable whichever exploit or malware is causing this activity.
For more information or questions please refer to our website located at http://www.abuse.bz/

Here are our raw logs:
==
[2014-03-21 01:12:17 CET] [Timestamp: 1395360738] [10502896.956902] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=77.95.225.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=56231 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 01:13:19 CET] [Timestamp: 1395360800] [10502958.855909] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=128.204.206.251 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=50640 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 01:28:26 CET] [Timestamp: 1395361707] [10503866.019311] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=77.95.230.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=52781 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 01:29:07 CET] [Timestamp: 1395361748] [10503906.972359] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=128.204.205.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=48438 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 02:54:18 CET] [Timestamp: 1395366859] [10509018.004304] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=37.148.160.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=51430 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 02:56:38 CET] [Timestamp: 1395366998] [10509157.619023] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=37.148.167.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=41525 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 03:04:23 CET] [Timestamp: 1395367463] [10509622.740358] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=78.41.201.251 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=44663 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 03:49:06 CET] [Timestamp: 1395370147] [10512305.808307] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=77.95.229.251 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=60979 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 04:26:08 CET] [Timestamp: 1395372369] [10514528.410242] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=89.207.133.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=54742 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 04:46:17 CET] [Timestamp: 1395373578] [10515737.432167] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=89.207.129.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=54989 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 04:55:17 CET] [Timestamp: 1395374117] [10516276.329147] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=37.148.165.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=55148 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 04:56:09 CET] [Timestamp: 1395374169] [10516328.251299] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=77.95.226.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=39662 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 04:56:15 CET] [Timestamp: 1395374176] [10516334.771017] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=128.204.197.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=46791 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 05:01:22 CET] [Timestamp: 1395374482] [10516641.835433] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=77.95.224.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=45822 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 06:18:02 CET] [Timestamp: 1395379083] [10521242.515018] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=37.148.166.251 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=36702 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 06:18:53 CET] [Timestamp: 1395379133] [10521292.751364] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=195.20.205.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=37720 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
[2014-03-21 07:31:23 CET] [Timestamp: 1395383484] [10525643.720661] Firewall: *TCP_IN Blocked* IN=eth0 OUT= SRC=162.243.149.107 DST=128.204.204.251 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=51268 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0

This email is from the IT Security Team at Utah State University.

This email describes suspicious and/or malicious network activity
that appears to be sourced from your network. We have included
IP Addresses as well as description, documentation, log snippets,
and other useful information about this event.

Please review this information and/or forward to the responsible person.

Thank you.

USU Network Security Team
Utah State University Information Technology
4410 Old Main Hill
Logan, UT 84322-4410
(435)797-1804

IP/CIDR Address: 162.243.149.107

Description:
162.243.149.107 scanned 129.123.0.0/16 for TCP/8080.

Log Snippet (Timestamps are MDT or GMT -0600):
Date flow start Duration Src IP Addr Src Pt Dst IP Addr Dst Pt Flags Packets Bytes Proto
2014-03-21 00:01:35.518 0.000 162.243.149.107 54186 129.123.199.242 8080 ....S. 1 40 6
2014-03-21 00:01:43.461 0.000 162.243.149.107 44448 129.123.192.79 8080 ....S. 1 40 6
2014-03-21 00:01:49.975 0.000 162.243.149.107 35538 129.123.9.61 8080 ....S. 1 40 6
2014-03-21 00:01:51.348 0.000 162.243.149.107 52877 129.123.196.24 8080 ....S. 1 40 6
2014-03-21 00:01:55.954 0.000 162.243.149.107 35187 129.123.190.237 8080 ....S. 1 40 6
2014-03-21 00:02:33.003 0.000 162.243.149.107 49553 204.113.91.120 8080 ....S. 1 40 6
2014-03-21 00:02:33.163 0.000 162.243.149.107 48751 129.123.123.2 8080 ....S. 1 40 6
2014-03-21 00:02:40.513 0.000 162.243.149.107 41920 129.123.197.7 8080 ....S. 1 40 6
2014-03-21 00:02:41.530 0.000 162.243.149.107 56188 129.123.192.252 8080 ....S. 1 40 6
2014-03-21 00:02:42.892 0.000 162.243.149.107 37651 129.123.193.155 8080 ....S. 1 40 6
2014-03-21 00:03:04.538 0.000 162.243.149.107 47344 129.123.194.226 8080 ....S. 1 40 6
2014-03-21 00:03:47.055 0.000 162.243.149.107 40401 204.113.91.74 8080 ....S. 1 40 6
2014-03-21 00:03:50.385 0.060 162.243.149.107 53694 129.123.44.61 8080 ...RS. 2 80 6
2014-03-21 00:03:50.411 0.000 129.123.44.61 8080 162.243.149.107 53694 .A..S. 1 44 6
2014-03-21 00:08:47.203 0.000 162.243.149.107 50176 129.123.198.93 8080 ....S. 1 40 6
2014-03-21 00:09:24.956 0.000 162.243.149.107 50326 129.123.124.234 8080 ....S. 1 40 6
2014-03-21 00:09:27.489 0.000 162.243.149.107 58694 129.123.194.248 8080 ....S. 1 40 6
2014-03-21 00:09:28.011 0.000 162.243.149.107 57072 129.123.194.210 8080 ....S. 1 40 6
2014-03-21 00:09:29.571 0.000 162.243.149.107 45935 129.123.197.155 8080 ....S. 1 40 6
2014-03-21 00:09:33.720 0.000 162.243.149.107 51744 204.113.91.102 8080 ....S. 1 40 6
2014-03-21 00:09:49.379 0.000 162.243.149.107 56471 129.123.193.71 8080 ....S. 1 40 6
2014-03-21 00:10:25.112 0.000 162.243.149.107 40316 129.123.196.105 8080 ....S. 1 40 6
2014-03-21 00:10:48.854 0.000 162.243.149.107 41611 129.123.197.144 8080 ....S. 1 40 6
2014-03-21 00:10:55.181 0.000 162.243.149.107 52034 129.123.6.127 8080 ....S. 1 40 6
2014-03-21 00:11:03.626 0.000 162.243.149.107 60301 129.123.6.118 8080 ....S. 1 40 6
2014-03-21 00:11:29.760 0.000 162.243.149.107 35350 129.123.144.26 8080 ....S. 1 40 6
2014-03-21 00:11:48.487 0.000 162.243.149.107 39401 129.123.192.112 8080 ....S. 1 40 6
2014-03-21 00:11:49.782 0.000 162.243.149.107 57839 129.123.198.2 8080 ....S. 1 40 6
2014-03-21 00:11:53.511 0.000 162.243.149.107 38133 129.123.198.136 8080 ....S. 1 40 6
2014-03-21 00:11:53.867 0.000 162.243.149.107 37319 129.123.192.193 8080 ....S. 1 40 6
2014-03-21 00:11:56.838 0.000 162.243.149.107 46309 129.123.199.175 8080 ....S. 1 40 6
2014-03-21 00:34:25.287 0.000 162.243.149.107 56388 129.123.194.146 8080 ....S. 1 40 6
2014-03-21 00:34:26.495 0.000 162.243.149.107 36881 129.123.123.148 8080 ....S. 1 40 6
2014-03-21 00:34:29.941 0.000 162.243.149.107 43752 129.123.198.104 8080 ....S. 1 40 6
2014-03-21 00:34:54.575 0.000 162.243.149.107 52018 129.123.47.237 8080 ....S. 1 40 6
2014-03-21 00:34:58.348 0.000 162.243.149.107 54173 129.123.193.205 8080 ....S. 1 40 6
2014-03-21 00:35:16.607 0.000 162.243.149.107 34493 204.113.91.75 8080 ....S. 1 40 6
2014-03-21 00:35:20.663 0.000 162.243.149.107 43534 204.113.91.27 8080 ....S. 1 40 6
2014-03-21 00:35:21.487 0.000 162.243.149.107 55875 129.123.6.162 8080 ....S. 1 40 6
2014-03-21 00:35:38.251 0.000 162.243.149.107 56618 129.123.197.93 8080 ....S. 1 40 6
2014-03-21 00:35:55.060 0.000 162.243.149.107 53639 129.123.199.125 8080 ....S. 1 40 6
2014-03-21 00:36:02.278 0.000 162.243.149.107 35218 129.123.199.230 8080 ....S. 1 40 6
2014-03-21 00:36:14.170 0.000 162.243.149.107 41974 129.123.192.249 8080 ....S. 1 40 6
2014-03-21 00:36:45.131 0.000 162.243.149.107 33579 129.123.195.241 8080 ....S. 1 40 6
2014-03-21 00:37:42.490 0.000 162.243.149.107 59077 129.123.41.212 8080 ....S. 1 40 6
2014-03-21 00:37:47.779 0.000 162.243.149.107 34653 129.123.196.199 8080 ....S. 1 40 6
2014-03-21 00:37:55.391 0.000 162.243.149.107 49662 129.123.196.7 8080 ....S. 1 40 6
2014-03-21 00:38:02.218 0.000 162.243.149.107 57254 204.113.91.70 8080 ....S. 1 40 6
2014-03-21 00:38:07.456 0.000 162.243.149.107 45466 129.123.68.69 8080 ....S. 1 40 6
2014-03-21 00:38:09.532 0.000 162.243.149.107 57929 129.123.6.176 8080 ....S. 1 40 6
2014-03-21 00:38:21.860 0.000 162.243.149.107 36596 129.123.193.10 8080 ....S. 1 40 6

Whois data for 162.243.149.107 at time of email:

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=162.243.149.107?showDetails=true&showARIN=false&ext=netref2
#

NetRange: 162.243.0.0 - 162.243.255.255
CIDR: 162.243.0.0/16
OriginAS: AS14061, AS62567, AS46652
NetName: DIGITALOCEAN-7
NetHandle: NET-162-243-0-0-1
Parent: NET-162-0-0-0-0
NetType: Direct Allocation
Comment: http://www.digitalocean.com
Comment: Simple Cloud Hosting
RegDate: 2013-09-06
Updated: 2013-09-06
Ref: http://whois.arin.net/rest/net/NET-162-243-0-0-1

OrgName: Digital Ocean, Inc.
OrgId: DO-13
Address: 270 Lafayette St
Address: Suite 1105
City: New York
StateProv: NY
PostalCode: 10012
Country: US
RegDate: 2012-05-14
Updated: 2013-12-12
Ref: http://whois.arin.net/rest/org/DO-13

OrgAbuseHandle: URETS-ARIN
OrgAbuseName: Uretsky, Ben
OrgAbusePhone: +1-646-397-8051
OrgAbuseEmail: [email protected]
OrgAbuseRef: http://whois.arin.net/rest/poc/URETS-ARIN

OrgTechHandle: URETS-ARIN
OrgTechName: Uretsky, Ben
OrgTechPhone: +1-646-397-8051
OrgTechEmail: [email protected]
OrgTechRef: http://whois.arin.net/rest/poc/URETS-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

162.243.149.107 was observed probing caltech.edu for security holes. It
has been blocked at our border routers. It may be compromised.

For more info contact [email protected]
Please include the entire subject line of the original message

Blake

(time zone of log is PDT, which is UTC-07:00, date is MMDD)
log entries are from Cisco netflow, time is flow start time
date.time srcIP srcPort dstIP dstPort proto #pkts
0320.23:01:48.420 162.243.149.107 46152 131.215.135.191 8080 6 2
0320.23:02:10.853 162.243.149.107 57528 131.215.154.0 8080 6 1
0320.23:01:25.882 162.243.149.107 53225 134.4.235.178 8080 6 1
0320.23:01:26.134 162.243.149.107 59304 131.215.153.101 8080 6 1
0320.23:01:26.328 162.243.149.107 39040 134.4.121.68 8080 6 1
0320.23:01:24.727 162.243.149.107 53630 131.215.82.97 8080 6 1
0320.23:01:24.919 162.243.149.107 42822 134.4.162.162 8080 6 1
0320.23:01:25.624 162.243.149.107 40470 134.4.220.73 8080 6 1
0320.23:01:26.776 162.243.149.107 54059 131.215.80.189 8080 6 1
0320.23:01:24.864 162.243.149.107 54581 131.215.146.113 8080 6 1
0320.23:01:26.208 162.243.149.107 53385 134.4.151.55 8080 6 1
0320.23:01:26.720 162.243.149.107 52704 131.215.2.61 8080 6 1
0320.23:01:27.745 162.243.149.107 36567 134.4.146.2 8080 6 1
0320.23:01:25.183 162.243.149.107 36047 131.215.5.217 8080 6 1
0320.23:01:25.505 162.243.149.107 35974 134.4.242.118 8080 6 1
0320.23:01:25.824 162.243.149.107 45020 134.4.22.99 8080 6 1
0320.23:01:26.721 162.243.149.107 58952 131.215.36.159 8080 6 1
0320.23:01:26.848 162.243.149.107 36200 134.4.82.140 8080 6 1
0320.23:02:13.449 162.243.149.107 51692 192.12.19.147 8080 6 2
0320.23:01:30.871 162.243.149.107 56782 134.4.94.105 8080 6 1

We have detected abuse from the IP address 162.243.149.107. See below for how we obtained your email address in case it is wrong. We would appreciate if you would investigate and take action as appropriate.

** THIS IP ADDRESS IS NULL ROUTED on our entire network, including peering and transit, for a period of time not exceeding 24 hours from the date and time of this email. YOU ARE NOT REQUIRED to reply to this email unless you need more information.

You can see more information on this incident by reviewing the data at http://darknet.superb.net/ip/162.243.149.107 and log lines are given below. Please ask if you require any further information.

You may contact us at [email protected]
(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process. This mail was generated by an automated process.)

The recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information they provide derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email ([email protected]). Information about the Abuse Contact Database can be found here:
http://abusix.com/global-reporting/abuse-contact-db

abusix.com is neither responsible nor liable for the content or accuracy of this message.

Note: Local timezone is -0400 (EDT)
/var/log/messages:Mar 21 03:17:24 darknet.superb.net Darknet: 162.243.149.107 exceeded connection attempt threshold to tcp:8080 11 times in a 30 minute period
/var/log/messages:Mar 21 03:47:24 darknet.superb.net Darknet: 162.243.149.107 exceeded connection attempt threshold to tcp:8080 15 times in a 30 minute period
/var/log/messages:Mar 21 04:17:24 darknet.superb.net Darknet: 162.243.149.107 exceeded connection attempt threshold to tcp:8080 19 times in a 30 minute period
/var/log/messages:Mar 21 04:47:24 darknet.superb.net Darknet: 162.243.149.107 exceeded connection attempt threshold to tcp:8080 14 times in a 30 minute period
/var/log/messages:Mar 21 05:17:24 darknet.superb.net Darknet: 162.243.149.107 exceeded connection attempt threshold to tcp:8080 15 times in a 30 minute period
/var/log/messages:Mar 21 07:47:25 darknet.superb.net Darknet: 162.243.149.107 exceeded connection attempt threshold to tcp:8080 15 times in a 30 minute period

We have blocked someone from your IP space for abuse. Reason: Port_Scanning. Log lines are below. Time zone is UTC.

2014-03-21T06:02:00+00:00 slurp 1395381719.608702 - - - - - - - - tcp Scan::Address_Scan 162.243.149.107 scanned at least 52 unique hosts on port 8080/tcp in 0m30s remote 162.243.149.107 - 8080 - slurp4-8 Notice::ACTION_LOG 3600.000000 F - - - - -

I am writing to inform you so that you can take whatever action is necessary to prevent this user from doing this again. We would be happy to discuss further if you would like. Please feel free to respond to this email to follow up.