robi052 - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User robi052 joined AbuseIPDB in July 2018 and has reported 23,953 IP addresses.

Standing (weight) is good.

ACTIVE USER WEBMASTER

IP	Date	Comment	Categories
🇦🇷 190.139.42.119	13 hours ago	Automated reconnaissance and web application enumeration activity detected from IP 190.139.42.119. ... show more Automated reconnaissance and web application enumeration activity detected from IP 190.139.42.119. The source performed a high-volume sequence of requests within seconds targeting potentially sensitive and non-standard resources including: * /.git/HEAD * /config.json * /.well-known/security.txt * /.well-known/dnt-policy.txt * /AGENTS.md * /CLAUDE.md * /llms.txt * /robots.txt * /sitemap.xml User-Agent identified itself as: OpenBash-Surface/2.1 (+https://openbash.com/scan-policy) The activity appears to be automated reconnaissance intended to identify exposed repositories, configuration files, AI-related metadata files, and security disclosure endpoints. Multiple repeated requests were generated in a very short timeframe. This behavior was not authorized and has been classified as reconnaissance / scanning activity against a production web server. show less	Port Scan Hacking Exploited Host Web App Attack
🇦🇷 190.194.81.108	03 Jun 2026	This IP is performing automated reconnaissance against my web server. It repeatedly probes the same ... show more This IP is performing automated reconnaissance against my web server. It repeatedly probes the same sensitive endpoints in rapid bursts, including /.git/HEAD, /config.json, /.env patterns, /llms.txt, /AGENTS.md, /CLAUDE.md, /.well-known/security.txt, /.well-known/dnt-policy.txt, robots.txt, sitemap.xml, /favicon.ico, and /humans.txt. Multiple requests are duplicated within seconds, indicating automated scanning rather than human browsing behavior. The traffic includes repeated hits to robots.txt (200 OK) and multiple attempts to access non-existent sensitive files returning 404 responses. The User-Agent identifies as "OpenBash-Surface/2.1 (+https://openbash.com/scan-policy)", consistent with an automated web surface scanning framework. The pattern strongly indicates attack surface enumeration, endpoint discovery, and vulnerability probing activity. show less	Web Spam Port Scan Hacking Bad Web Bot Web App Attack
🇷🇺 193.106.191.22	19 May 2026	WAF intercepted and blocked a blatant SQL Injection (SQLi) attack. The attacker attempted to inject ... show more WAF intercepted and blocked a blatant SQL Injection (SQLi) attack. The attacker attempted to inject malicious SQL commands ('1%20UNION%20SELECT%20null,username,password%20FROM%20wp_users') into the 'id' URL parameter targeting the root directory, aiming to exfiltrate database credentials and user information. Request was blocked with a 403 Forbidden status. show less	Web Spam Bad Web Bot Web App Attack
🇳🇱 45.133.1.98	19 May 2026	WAF blocked a malicious Local File Inclusion (LFI) / Path Traversal attack targeting a WordPress ins ... show more WAF blocked a malicious Local File Inclusion (LFI) / Path Traversal attack targeting a WordPress installation. The attacker attempted to exploit '/wp-admin/admin-ajax.php' by passing directory traversal sequences ('..%2F..%2F') in the query parameters to access sensitive system files like '/etc/passwd'. Request was blocked with a 403 Forbidden status. show less	Web Spam Bad Web Bot Web App Attack
🇲🇦 41.143.49.18	18 May 2026	Automated Web Application Attack / Cross-Site Scripting (XSS) probing detected. The host attempted m ... show more Automated Web Application Attack / Cross-Site Scripting (XSS) probing detected. The host attempted multiple high-severity XSS injections targeting search and query parameters using various polyglot payloads and encoded vectors. All malicious requests were blocked with HTTP 403. Sample of sanitized log entries: 2026-05-18 06:22:51 \| GET \| /?search=jaVasCript%3A%2F%2A-%2F%2A%2F%60... \| HTTP 403 \| XSS_ATTEMPT 2026-05-18 06:22:51 \| GET \| /find?s=jaVasCript%3A%2F%2A-%2F%2A%2F%60... \| HTTP 403 \| XSS_ATTEMPT 2026-05-18 08:48:23 \| GET \| /query?term=%3C%2Fscript%3E%27%22%3E%3Cimg+src%3Dx+onError%3Dprompt%281%29%3E \| HTTP 403 \| XSS_ATTEMPT 2026-05-18 08:48:23 \| GET \| /search?q=%3C%2Fscript%3E%27%22%3E%3Cimg+src%3Dx+onError%3Dprompt%281%29%3E \| HTTP 403 \| XSS_ATTEMPT show less	Hacking Web App Attack
🇵🇭 47.80.83.228	12 May 2026	Phishing site impersonating the Croatian Ministry of the Interior (MUP RH) to steal credit card info ... show more Phishing site impersonating the Croatian Ministry of the Interior (MUP RH) to steal credit card information. The site uses a fake traffic fine payment portal (e-prekrsaji) to defraud users. Verified by Cloudflare Radar and reported to National CERT (CERT.hr). Targeted at Croatian citizens via SMS/Smishing. show less	Phishing
🇸🇬 43.160.236.248	12 May 2026	Phishing site impersonating the Croatian Ministry of the Interior (MUP RH) to steal credit card info ... show more Phishing site impersonating the Croatian Ministry of the Interior (MUP RH) to steal credit card information. The site uses a fake traffic fine payment portal (e-prekrsaji) to defraud users. Verified by Cloudflare Radar and reported to National CERT (CERT.hr). Targeted at Croatian citizens via SMS/Smishing. show less	Phishing
🇯🇵 20.48.1.192	05 May 2026	Automated vulnerability scanning detected. The bot is probing for common PHP backdoors, admin interf ... show more Automated vulnerability scanning detected. The bot is probing for common PHP backdoors, admin interfaces, and sensitive files (e.g., xleet.php, xmrlpc.php, admin.php). Rapid succession of requests (27+ requests in 7 seconds) indicates a scripted attack. All requests blocked with 403 Forbidden. [2026-05-05 02:36:03] [403] [ACCESS_DENIED] [REF-317433] 20.48.1.192 - /xleet.php - Referer: Direct Access - Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 [2026-05-05 02:36:03] [403] [INVALID_HOST_HEADER] [REF-D42FA5] 20.48.1.192 - /xmrlpc.php - Referer: Direct Access - Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 [2026-05-05 02:36:04] [403] [INVALID_HOST_HEADER] [REF-28FD99] 20.48.1.192 - /1.php - Referer: Direct Access - Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 show less	Port Scan Bad Web Bot Web App Attack
🇺🇸 107.173.31.201	04 May 2026	Phishing attempt via email. The user received a fraudulent notification claiming there are "4 undeli ... show more Phishing attempt via email. The user received a fraudulent notification claiming there are "4 undelivered emails" waiting in the inbox. The email contains a link leading to a fake login page designed to harvest email credentials (credential harvesting). The landing page mimics a legitimate webmail login interface to deceive users into providing their passwords. Verified as a malicious phishing campaign. show less	Phishing Email Spam
🇺🇸 69.67.183.114	02 Mar 2026	[Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 7 malicious hits in 24h fro ... show more [Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 7 malicious hits in 24h from AS27385 QUALYS Inc. Automatic block triggered due to high risk index (100%). show less	Bad Web Bot
🇺🇸 69.67.183.112	02 Mar 2026	[Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 14 malicious hits in 24h fr ... show more [Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 14 malicious hits in 24h from AS27385 QUALYS Inc. Automatic block triggered due to high risk index (100%). show less	Bad Web Bot
🇺🇸 69.67.183.111	02 Mar 2026	[Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 9 malicious hits in 24h fro ... show more [Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 9 malicious hits in 24h from AS27385 QUALYS Inc. Automatic block triggered due to high risk index (100%). show less	Bad Web Bot
🇺🇸 69.67.183.108	02 Mar 2026	[Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 9 malicious hits in 24h fro ... show more [Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 9 malicious hits in 24h from AS27385 QUALYS Inc. Automatic block triggered due to high risk index (100%). show less	Bad Web Bot
🇺🇸 69.67.183.107	02 Mar 2026	[Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 7 malicious hits in 24h fro ... show more [Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 7 malicious hits in 24h from AS27385 QUALYS Inc. Automatic block triggered due to high risk index (100%). show less	Bad Web Bot
🇺🇸 69.67.183.106	02 Mar 2026	[Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 7 malicious hits in 24h fro ... show more [Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 7 malicious hits in 24h from AS27385 QUALYS Inc. Automatic block triggered due to high risk index (100%). show less	Bad Web Bot
🇺🇸 69.67.183.105	02 Mar 2026	[Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 8 malicious hits in 24h fro ... show more [Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 8 malicious hits in 24h from AS27385 QUALYS Inc. Automatic block triggered due to high risk index (100%). show less	Bad Web Bot
🇺🇸 69.67.183.104	02 Mar 2026	[Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 7 malicious hits in 24h fro ... show more [Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 7 malicious hits in 24h from AS27385 QUALYS Inc. Automatic block triggered due to high risk index (100%). show less	Bad Web Bot
🇺🇸 69.67.183.103	02 Mar 2026	[Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 10 malicious hits in 24h fr ... show more [Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 10 malicious hits in 24h from AS27385 QUALYS Inc. Automatic block triggered due to high risk index (100%). show less	Bad Web Bot
🇮🇪 52.48.53.137	02 Mar 2026	[Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 6 malicious hits in 24h fro ... show more [Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 6 malicious hits in 24h from AS16509 Amazoncom Inc. Automatic block triggered due to high risk index (100%). show less	Bad Web Bot
🇺🇸 45.55.144.146	02 Mar 2026	[Sentinel IDS] Detected Threat: Filesystem: Infrastructure Scoping. Total of 3 malicious hits in 24h ... show more [Sentinel IDS] Detected Threat: Filesystem: Infrastructure Scoping. Total of 3 malicious hits in 24h from AS14061 DigitalOcean LLC. Automatic block triggered due to high risk index (100%). show less	Web App Attack
🇫🇷 37.59.249.210	02 Mar 2026	[Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 51 malicious hits in 24h fr ... show more [Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 51 malicious hits in 24h from AS16276 OVH SAS. Automatic block triggered due to high risk index (100%). show less	Bad Web Bot
🇺🇸 35.247.1.212	02 Mar 2026	[Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 1 malicious hits in 24h fro ... show more [Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 1 malicious hits in 24h from AS396982 Google LLC. Automatic block triggered due to high risk index (100%). show less	Bad Web Bot
🇺🇸 35.236.103.201	02 Mar 2026	[Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 3 malicious hits in 24h fro ... show more [Sentinel IDS] Detected Threat: Legacy/Outdated Browser Shield. Total of 3 malicious hits in 24h from AS396982 Google LLC. Automatic block triggered due to high risk index (100%). show less	Bad Web Bot
🇺🇸 35.235.97.106	02 Mar 2026	[Sentinel IDS] Detected Threat: Filesystem: Infrastructure Scoping. Total of 2 malicious hits in 24h ... show more [Sentinel IDS] Detected Threat: Filesystem: Infrastructure Scoping. Total of 2 malicious hits in 24h from AS396982 Google LLC. Automatic block triggered due to high risk index (100%). show less	Web App Attack
🇺🇸 35.235.68.146	02 Mar 2026	[Sentinel IDS] Detected Threat: Filesystem: Infrastructure Scoping. Total of 3 malicious hits in 24h ... show more [Sentinel IDS] Detected Threat: Filesystem: Infrastructure Scoping. Total of 3 malicious hits in 24h from AS396982 Google LLC. Automatic block triggered due to high risk index (100%). show less	Web App Attack