ihatescambodians - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User ihatescambodians joined AbuseIPDB in March 2026 and has reported 6 IP addresses.

Standing (weight) is good.

INACTIVE USER

IP	Date	Comment	Categories
🇭🇰 152.32.175.134	06 Apr 2026	Confirmed active phishing infrastructure hosted on this IP. The server responds on port 9999 with ... show more Confirmed active phishing infrastructure hosted on this IP. The server responds on port 9999 with a working endpoint used for credential harvesting: http://152.32.175.134:9999/users/sign_in Behavior indicates this is a backend component of a phishing operation rather than a simple static page. The host returns HTTP 200 responses and is actively serving malicious login interfaces. show less	Phishing Web App Attack
🇨🇳 154.85.60.150	06 Apr 2026	This host is part of a known command-and-control (C2) infrastructure cluster identified in threat in ... show more This host is part of a known command-and-control (C2) infrastructure cluster identified in threat intelligence investigations. The IP belongs to subnet 154.85.60.0/24 and has been associated with coordinated malicious activity, including phishing infrastructure and financial fraud operations. Although the HTTP service currently returns a generic “domain for sale” page, the server remains active with SSH (port 22) exposed, indicating potential backend control usage or staged infrastructure. The behavior is consistent with nodes that attempt to mask malicious activity while remaining operational within a larger C2 network. show less	Hacking Exploited Host SSH
🇭🇰 152.32.175.174	06 Apr 2026	Observed active phishing backend on this host. Confirmed working endpoint: http://152.32.175.134 ... show more Observed active phishing backend on this host. Confirmed working endpoint: http://152.32.175.134:9999/users/sign_in Server responds with HTTP 200 and exposes a login interface consistent with phishing/C2 infrastructure. Multiple high-risk ports (9999, 8080, 9094) are open, indicating backend control services. This host is part of a coordinated phishing and command-and-control network targeting Southeast Asia. show less	Phishing Hacking Web App Attack
🇭🇰 152.32.175.134	06 Apr 2026	Confirmed phishing and C2 infrastructure. - Active phishing backend observed: http://152.32.175. ... show more Confirmed phishing and C2 infrastructure. - Active phishing backend observed: http://152.32.175.134:9999/users/sign_in (HTTP 200) - Response headers indicate active application backend: Server: nginx Set-Cookie: _gitlab_session X-Gitlab-Meta present - Network traffic evidence shows CONNECT tunnel activity: 17.23.18.34:443 (proxy-style communication) - Associated with coordinated malicious cluster across subnet: 154.85.56.0/21 (previously 154.85.60.0/24) - Reused SSH fingerprint across nodes indicates centralized control. - Infrastructure used for impersonation phishing (government services) and potential banking trojan delivery. This is not a single compromised host but part of an organized C2 cluster. show less	Phishing Hacking
🇻🇳 104.218.166.205	06 Apr 2026	Localized proxy/frontend node located in Vietnam, part of the massive 600+ node scam syndicate on UC ... show more Localized proxy/frontend node located in Vietnam, part of the massive 600+ node scam syndicate on UCloud AS135377. Operates illicit financial APIs on non-standard ports (8881-8891). Hides behind a decoy Chinese HTML title ("阿Q精神胜利法趣味测试") to evade automated scanners. Shares identical SSH HASSH footprint (e42184b06d45385a906f0803d04c83da) with the rest of the criminal infrastructure. show less	Fraud Orders Phishing Web App Attack
🇭🇰 152.32.175.202	06 Apr 2026	Primary C2/Admin node for a massive organized financial scam and phishing syndicate (600+ nodes) hos ... show more Primary C2/Admin node for a massive organized financial scam and phishing syndicate (600+ nodes) hosted on UCloud AS135377 targeting SE Asia. Unauthorized RDP exposed. Uses unique self-signed SSL certificate (CN=10-7-64-27, Serial: 7f1335161da80eb44d5d8c3e5169c163). This server manages backend databases and illicit financial flows for the entire botnet. show less	Fraud Orders Phishing Hacking