Home
News
FAQ
lookup
- IP lookup
- Domain lookup
Tracking Systems
- FastFlux Tracker
- Web abuse Tracker
Statistic
- drone.abuse.ch
- httpbl.abuse.ch
Links

Web abuse Tracker

On this page you can see the recent attackers which my honeypots have caputred. You can click on a IP address or a RFI script URL to see more inforamtion about the attack.

Recent RFI attackers (hijacked webservers)

Timestamp (UTC)	IP address	Hostname	Country	RFI URL	New?
2010-07-31 22:38:02	195.42.120.131	vs120131.tuxtools.net		http://www.net-games.it/open.txt	no
2010-07-31 22:11:02	202.160.123.72	jobsupermart.com		http://progene.info/English/Fx29ID.txt	no
2010-07-31 21:23:39	83.216.190.83			http://www.diakonia-jkt.sch.id/sk/image_galeri/a4DAc8C2___CIMG1122.jpg	no
2010-07-31 20:39:45	89.108.67.164	cp122.agava.net		http://constructor.ru/modules/goodid.txt	yes
2010-07-31 19:56:12	81.208.34.38	81-208-34-38.ip.fastwebnet.it		http://ssghost.com/ssg/id1.txt	no
2010-07-31 19:45:23	212.249.57.201	www.hugy.ch		http://impeel.com/impeel/web/css/r_jpg.txt	no
2010-07-31 19:43:22	222.236.47.182			http://www.hydraumatec.com/mambots/editors/tinymce//jscripts/tiny_mce/	no
2010-07-31 19:21:16	203.147.62.92			http://bcis.pacificu.edu/images/1	no
2010-07-31 18:59:10	64.15.156.75			http://www.puddicombe.org/wedding/idxx.txt	no
2010-07-31 18:58:30	69.10.143.68	ns1.on-air.co.za		http://phamsight.com/docs/images/head	yes
2010-07-31 18:11:36	77.222.34.35	badi.ru		http://www.freediskspace.com/_inc/images/v4.5id1	no
2010-07-31 17:45:35	89.145.68.166	mtc.mtcmedia.co.uk		http://www.photos.or.kr/bbs/icon/id1.txt	yes
2010-07-31 17:32:12	70.38.11.39			http://www.irishtoothache.com/ver1	no
2010-07-31 17:13:34	74.52.48.66	p14.ich-2.com		http://cyb3rz.fileave.com/fx29id1.txt	no
2010-07-31 17:02:22	75.136.121.230	75-136-121-230.dhcp-v.spbg.sc.chart		http://www.howtolisten.kr/lct/exam3/111/id1.txt	no
2010-07-31 16:45:30	74.55.96.234	server102.easyhostsolutions.net		http://www.oschub.cn//plugins/system/ts	no
2010-07-31 16:41:22	82.192.65.135	esd536.easyserver.net		http://minarik-pila.cz//id1.txt	no
2010-07-31 16:17:51	89.161.174.100	v032104.home.net.pl		http://203.252.71.232/~edugraduate/data/file/sub3_1/ckrid1.txt	yes
2010-07-31 14:42:31	200.29.171.35			http://www.biegaj.isp.net.pl/portal/media/id.txt	no
2010-07-31 14:40:26	119.235.18.12	server4239.masterweb.net		http://tjdhosp.co.kr/data/session/byz9991.txt	no

Displayed: 20
New RFI attacks caputred today: 12
Total RFI attacks caputred today: 50

New RFI URLs

RFI script URL	Hash	Filesize (Bytes)	Counter
http://wjw.kr/.header/RFI/id1.txt	725add22d937622a13654a97d8c04538	86	1
http://www.photos.or.kr/bbs/icon/id1.txt	725add22d937622a13654a97d8c04538	86	1
http://surtifruverdelasabana.com/MC22.txt	725add22d937622a13654a97d8c04538	86	1
http://www.primer.hu/e107_languages/baner.txt	725add22d937622a13654a97d8c04538	86	3
http://milowfan.com/files/ckrid1.txt	725add22d937622a13654a97d8c04538	86	6
http://jy-lib.or.kr/bbs//skin/zero_vote/id.txt	725add22d937622a13654a97d8c04538	86	1
http://www.fileden.com/files/2010/7/14/2914741/echo.txt	725add22d937622a13654a97d8c04538	86	1
http://www.mln.mlc.edu.tw/appserv/p1.txt	dc7b2fd7417f4ea1917ac8b7284fecba	77	2
http://kesawan.fileave.com/irc/sh.txt	725add22d937622a13654a97d8c04538	86	1
http://www.africamissionsna.org//sc/as.txt	725add22d937622a13654a97d8c04538	86	1

Recent scanning drones

Timestamp (UTC)	IP address	Hostname	Country	Notes	Counter	New?
2010-08-01 00:08:29	187.45.214.10	xxxdnn1028.locaweb.com.br		Scanning Drone (w00tw00t.at.ISC.SANS)	2	no
2010-07-31 23:22:46	62.103.39.74	host10.halkidiki.gov.gr		Scanning Drone (w00tw00t.at.ISC.SANS)	5	no
2010-07-31 17:10:30	69.64.56.208	usloft1512		Scanning Drone (w00tw00t.at.ISC.SANS)	9	no
2010-07-31 14:17:56	66.150.221.50			Scanning Drone (w00tw00t.at.ISC.SANS)	2	no
2010-07-31 12:17:23	91.121.136.191	ns355308.ovh.net		Scanning Drone (w00tw00t.at.ISC.SANS)	8	no
2010-07-31 06:23:08	95.130.172.152	host-95-130-172-152.routergate.com		Scanning Drone (w00tw00t.at.ISC.SANS)	2	no
2010-07-31 03:09:56	213.246.222.74	mail.davidts.be		Scanning Drone (w00tw00t.at.ISC.SANS)	85	no
2010-07-31 00:53:04	58.218.204.110			Open Proxy Scanner	19	no
2010-07-31 21:46:13	81.201.60.169	router-zero.pilsfree.net		Open Proxy Scanner	1	yes
2010-07-31 20:53:05	85.62.229.21	21.pool85-62-229.dynamic.orange.es		Scanning Drone	1	yes

Recent referer spammers

Timestamp (UTC)	IP address	Hostname	Referer	Country	Counter	New?
2010-07-31 23:57:50	91.201.66.104			http://www.pinyen.com/member/Acai_Berry_Testimonials	7	no
2010-07-31 23:57:04	95.134.10.89	89-10-134-95.pool.ukrtel.net		http://www.hqtube.com/?5736000000/	6	yes
2010-07-31 23:52:37	95.134.7.141	141-7-134-95.pool.ukrtel.net		http://www.hqtube.com/?5736000000/	22	yes
2010-07-31 23:36:48	143.93.43.2	pat-2.umwelt-campus.de		http://www.sizzling-hot.de	4	no
2010-07-31 19:12:20	95.134.142.75	75-142-134-95.pool.ukrtel.net		http://www.hqtube.com/?5736000000/	20	yes
2010-07-31 12:34:48	41.190.16.17			http://smokefreeonline.com	15	no
2010-07-31 07:37:53	95.134.13.85	85-13-134-95.pool.ukrtel.net		http://www.hqtube.com/?5736000000/	2	yes
2010-07-31 06:46:58	98.165.72.66	ip98-165-72-66.ph.ph.cox.net		http://www.SeoMarketingServicesOnline.com	2	yes
2010-07-31 05:53:23	212.241.176.94	ds3296.dedicated.turbodns.co.uk		http://makeupsuppliers.weebly.com	3	yes
2010-07-31 02:02:51	95.134.234.45	45-234-134-95.pool.ukrtel.net		http://www.hqtube.com/?5736000000/	2	no
2010-07-31 01:11:30	120.35.19.29			http://holidaystream.com/category/hotel-guides/	17	no
2010-07-31 21:20:25	173.208.70.134	173.208.70.134.rdns.ubiquityservers		http://www.packagefromsanta.com/	1	yes
2010-07-31 21:14:32	59.149.227.44	059149227044.ctinets.com		http://www.squidoo.com/raeuchermischung	1	yes
2010-07-31 19:08:36	203.172.168.40			http://highestdecoration.com	1	yes
2010-07-31 18:45:58	173.208.13.100	rdns173-208-13-100.xninet.com		http://dicale.com	1	yes
2010-07-31 18:43:00	94.181.219.64	dynamicip-94-181-219-64.pppoe.kirov		http://grou.ps/cigarettes/blogs/item/buy-cigarettes-overseas	1	yes
2010-07-31 18:19:56	59.120.5.235	mail.brightwear.com.tw		http://www.pornhub4u.com	1	yes
2010-07-31 18:19:09	173.234.31.149	173.234.31.149.rdns.ubiquityservers		http://dicale.com	1	yes
2010-07-31 15:21:14	117.79.83.161			http://www.replicahandbagsite.com	1	yes
2010-07-31 15:10:56	66.249.82.2			http://translate.googleusercontent.com/translate_c?hl=en&ie=	1	yes

Recent catched Script Kiddies

Timestamp (UTC)	IP address	Hostname	Country	Module	UserAgent	Counter	New?
2010-07-31 23:56:09	66.219.58.41	net66-219-58-41.static-customer.cor		phpMyAdmin	MLBot (www.metadatalabs.com/mlbot)	7	no
2010-07-31 17:10:01	41.230.223.246			r57Shell	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/	12	yes
2010-07-31 16:29:49	188.104.171.201			r57Shell	Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.8) Gec	5	yes
2010-07-31 15:10:58	41.227.96.235			r57Shell	Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1.11) Ge	33	yes
2010-07-31 13:21:50	92.74.2.211	dslb-092-074-002-211.pools.arcor-ip		r57Shell	Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.8) Gec	24	yes
2010-07-31 06:34:46	87.210.239.104	ip104-239-210-87.adsl2.static.versa		r57Shell	Java/1.6.0_20	40	no
2010-07-31 03:17:42	92.74.13.151	dslb-092-074-013-151.pools.arcor-ip		r57Shell	Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.8) Gec	44	yes
2010-07-31 02:55:28	213.46.140.38	d140038.upc-d.chello.nl		r57Shell	Java/1.6.0_15	14	yes
2010-07-31 01:31:36	173.203.198.31	173-203-198-31.static.cloud-ips.com		PHPShell	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3)	43	no
2010-07-31 20:07:18	41.224.197.151			r57Shell	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/	1	yes

Questions? Your IP address is listed here? You don't know what a RFI attack is? Then take a look at the FAQ.