natyhtsmp - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User natyhtsmp joined AbuseIPDB in November 2025 and has reported 6 IP addresses.

Standing (weight) is good.

INACTIVE USER

IP	Date	Comment	Categories
🇧🇷 169.150.198.69	09 Dec 2025	The IP performed Brute-Force/Credential Stuffing attacks against VPN services. After gaining unautho ... show more The IP performed Brute-Force/Credential Stuffing attacks against VPN services. After gaining unauthorized access, the attacker established a persistent tunnel, performed lateral movement scanning for internal servers and exfiltrated data. show less	Fraud Orders Port Scan Hacking Brute-Force Web App Attack
🇺🇸 104.21.26.103	21 Nov 2025	Source of a targeted phishing campaign delivering a multi-stage VBS loader malware. The attack vecto ... show more Source of a targeted phishing campaign delivering a multi-stage VBS loader malware. The attack vector involves a malicious link pointing to a ZIP file containing a script ("gsanb.vbs"). Upon execution, the script utilizes LOLBins (wscript, cmd, powershell, expand) to drop and execute a secondary credential stealer payload ("cinzabombeiro.exe"). Confirmed malicious behavior via sandbox analysis including evasion techniques and C2 communication. show less	Phishing Email Spam Hacking Spoofing
🇺🇸 172.67.185.24	21 Nov 2025	Source of a targeted phishing campaign delivering a multi-stage VBS loader malware. The attack vecto ... show more Source of a targeted phishing campaign delivering a multi-stage VBS loader malware. The attack vector involves a malicious link pointing to a ZIP file containing a script ("gsanb.vbs"). Upon execution, the script utilizes LOLBins (wscript, cmd, powershell, expand) to drop and execute a secondary credential stealer payload ("cinzabombeiro.exe"). Confirmed malicious behavior via sandbox analysis including evasion techniques and C2 communication. show less	Phishing Email Spam Hacking Spoofing
🇺🇸 104.21.32.200	21 Nov 2025	Source of a targeted phishing campaign delivering a multi-stage VBS loader malware. The attack vecto ... show more Source of a targeted phishing campaign delivering a multi-stage VBS loader malware. The attack vector involves a malicious link pointing to a ZIP file containing a script ("gsanb.vbs"). Upon execution, the script utilizes LOLBins (wscript, cmd, powershell, expand) to drop and execute a secondary credential stealer payload ("cinzabombeiro.exe"). Confirmed malicious behavior via sandbox analysis including evasion techniques and C2 communication. show less	Phishing Email Spam Hacking Spoofing
🇺🇸 104.21.20.174	21 Nov 2025	Source of a targeted phishing campaign delivering a multi-stage VBS loader malware. The attack vecto ... show more Source of a targeted phishing campaign delivering a multi-stage VBS loader malware. The attack vector involves a malicious link pointing to a ZIP file containing a script ("gsanb.vbs"). Upon execution, the script utilizes LOLBins (wscript, cmd, powershell, expand) to drop and execute a secondary credential stealer payload ("cinzabombeiro.exe"). Confirmed malicious behavior via sandbox analysis including evasion techniques and C2 communication. show less	Phishing Email Spam Hacking Spoofing
🇪🇸 217.116.26.111	21 Nov 2025	Source of a targeted phishing campaign delivering a multi-stage VBS loader malware. The attack vecto ... show more Source of a targeted phishing campaign delivering a multi-stage VBS loader malware. The attack vector involves a malicious link pointing to a ZIP file containing a script ("gsanb.vbs"). Upon execution, the script utilizes LOLBins (wscript, cmd, powershell, expand) to drop and execute a secondary credential stealer payload ("cinzabombeiro.exe"). Confirmed malicious behavior via sandbox analysis including evasion techniques and C2 communication. show less	Phishing Email Spam Hacking Spoofing