b0r1s - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User b0r1s joined AbuseIPDB in June 2025 and has reported 39 IP addresses.

Standing (weight) is good.

ACTIVE USER

IP	Date	Comment	Categories
🇺🇸 193.202.8.63	01 Jun 2026	This IP is part of an automated SQL Injection campaign targeting a web application. The payload us ... show more This IP is part of an automated SQL Injection campaign targeting a web application. The payload uses boolean-based blind SQLi techniques with CASE WHEN, CAST, and obfuscation methods. High request frequency indicates active scanning and exploitation attempts. show less	SQL Injection
🇫🇮 170.168.175.107	01 Jun 2026	This IP is part of an automated SQL Injection campaign targeting a web application. The payload us ... show more This IP is part of an automated SQL Injection campaign targeting a web application. The payload uses boolean-based blind SQLi techniques with CASE WHEN, CAST, and obfuscation methods. High request frequency indicates active scanning and exploitation attempts. show less	SQL Injection
🇫🇮 194.70.234.210	01 Jun 2026	This IP is part of an automated SQL Injection campaign targeting a web application. The payload us ... show more This IP is part of an automated SQL Injection campaign targeting a web application. The payload uses boolean-based blind SQLi techniques with CASE WHEN, CAST, and obfuscation methods. High request frequency indicates active scanning and exploitation attempts. show less	SQL Injection
🇫🇮 155.212.36.161	01 Jun 2026	This IP is performing active exploitation attempts against a web application, including SQL Injectio ... show more This IP is performing active exploitation attempts against a web application, including SQL Injection, Cross-Site Scripting (XSS), and Command Injection techniques. The payload includes UNION SELECT, information_schema enumeration, and xp_cmdshell execution attempts. This behavior is clearly malicious and automated. show less	SQL Injection
🇩🇪 179.60.150.123	04 May 2026	This IP attempted a highly crafted SQL Injection attack against a production website. The request in ... show more This IP attempted a highly crafted SQL Injection attack against a production website. The request included dynamic SQL, table enumeration via INFORMATION_SCHEMA, and multiple EXECUTE statements. The activity was clearly malicious and blocked by the WAF. show less	SQL Injection
🇧🇷 193.19.205.94	26 Jan 2026		SQL Injection
🇯🇵 64.176.49.123	26 Jan 2026	This IP attempted to establish an encrypted outbound connection consistent with command‑and‑control ... show more This IP attempted to establish an encrypted outbound connection consistent with command‑and‑control activity, indicating potential backdoor or malware behavior. show less	Hacking
🇺🇸 23.162.8.20	27 Nov 2025		SQL Injection
🇨🇦 23.234.86.117	27 Nov 2025	SQL Injection	SQL Injection
🇺🇸 103.251.27.165	27 Nov 2025	SQL Injection	SQL Injection
🇦🇺 103.216.220.46	27 Nov 2025	SQL injetcion	SQL Injection
🇹🇭 171.6.13.243	27 Nov 2025	Detected multiple SQL Injection attempts from IP 171.6.13.243 Payload includes SELECT, INFORMATION_S ... show more Detected multiple SQL Injection attempts from IP 171.6.13.243 Payload includes SELECT, INFORMATION_SCHEMA, RAND() with obfuscation. show less	SQL Injection
🇺🇸 23.234.93.117	27 Nov 2025	Malicious activity detected from IP 23.234.93.117. Attempted SQL Injection on e-commerce site via cr ... show more Malicious activity detected from IP 23.234.93.117. Attempted SQL Injection on e-commerce site via crafted GET request with obfuscated payload. show less	SQL Injection
🇧🇷 138.255.213.123	13 Oct 2025	Bruteforce on Microsoft application.	Brute-Force
🇧🇷 147.45.116.123	10 Oct 2025	Malicious request from IP 147.45.116.123 attempting directory traversal to access SSL key file. Used ... show more Malicious request from IP 147.45.116.123 attempting directory traversal to access SSL key file. Used encoded traversal pattern. Server closed connection (444). No legitimate reason for this behavior. show less	Web App Attack
🇧🇷 147.45.116.187	10 Oct 2025	Malicious request from IP 147.45.116.187 attempting directory traversal to access wp-config.php via ... show more Malicious request from IP 147.45.116.187 attempting directory traversal to access wp-config.php via vulnerable plugin path. Server denied access (403). No legitimate reason for this behavior. show less	Web App Attack
🇦🇺 78.153.151.5	10 Oct 2025	Suspicious activity detected from IP 78.153.151.5. Attempted directory traversal targeting sensitive ... show more Suspicious activity detected from IP 78.153.151.5. Attempted directory traversal targeting sensitive SSL key paths. Request used encoded traversal patterns and outdated user-agent. No legitimate reason for this behavior. show less	Web App Attack
🇧🇷 77.111.101.169	01 Oct 2025	Suspicious activity detected from sorvetenopote.com. Endpoint attempted to execute obfuscated PowerS ... show more Suspicious activity detected from sorvetenopote.com. Endpoint attempted to execute obfuscated PowerShell commands to connect, download, and run potentially malicious content. Behavior matches known downloader patterns (CL.Downloader!gen9). show less	Hacking
🇺🇸 23.227.203.148	01 Oct 2025	Suspicious activity detected from expansiveuser.com. Endpoint attempted to execute obfuscated PowerS ... show more Suspicious activity detected from expansiveuser.com. Endpoint attempted to execute obfuscated PowerShell commands to connect, download, and run potentially malicious content. Behavior matches known downloader patterns (CL.Downloader!gen9). show less	Hacking
🇬🇧 109.176.30.141	01 Oct 2025	Suspicious activity detected from zapgrande.com. Endpoint attempted to execute obfuscated PowerShell ... show more Suspicious activity detected from zapgrande.com. Endpoint attempted to execute obfuscated PowerShell commands to connect, download, and run potentially malicious content. Behavior matches known downloader patterns (CL.Downloader!gen9). show less	Hacking
🇧🇷 181.41.201.158	29 Sep 2025	Suspicious activity detected from IP 181.41.201.158. Attempted SQL Injection via crafted GET request ... show more Suspicious activity detected from IP 181.41.201.158. Attempted SQL Injection via crafted GET request targeting a public-facing web endpoint. Request contained UNION SELECT and MD5 hash injection patterns. show less	SQL Injection
🇩🇪 151.241.8.130	26 Sep 2025	Suspicious SQL Injection attempt detected targeting a public website. The payload used time-based te ... show more Suspicious SQL Injection attempt detected targeting a public website. The payload used time-based techniques (PG_SLEEP) to test for vulnerabilities. show less	SQL Injection
🇫🇮 85.192.49.158	24 Sep 2025	SQL Injection attempt detected from IP 85.192.49.158 targeting a public API endpoint. Payload includ ... show more SQL Injection attempt detected from IP 85.192.49.158 targeting a public API endpoint. Payload included time-based injection using PG_SLEEP(15). show less	SQL Injection
🇧🇷 147.45.116.177	18 Sep 2025	Suspicious activity detected from IP 147.45.116.177. Attempted Log4Shell exploitation via HTTP heade ... show more Suspicious activity detected from IP 147.45.116.177. Attempted Log4Shell exploitation via HTTP headers. show less	Web App Attack
🇧🇷 177.112.29.44	16 Sep 2025	The IP attempted a SQL Injection attack targeting a public-facing web application. The payload used ... show more The IP attempted a SQL Injection attack targeting a public-facing web application. The payload used a UNION SELECT statement with an MD5 hash function, commonly employed to test for SQLi vulnerabilities. show less	SQL Injection