EWCyberOps - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User EWCyberOps joined AbuseIPDB in April 2026 and has reported 54 IP addresses.

Standing (weight) is good.

INACTIVE USER

IP	Date	Comment	Categories
🇺🇸 104.161.37.233	21 Apr 2026	Observed 4/21/2026 sending self-send spoofed phishing emails (2x) impersonating CEO mailbox with 'Se ... show more Observed 4/21/2026 sending self-send spoofed phishing emails (2x) impersonating CEO mailbox with 'Settlement Summary' and 'ACH Payment Details' lures. Part of sustained targeted campaign against Energywell CEO. Hosted on Input Output Flood USA (Phoenix AZ). show less	Phishing Web Spam SQL Injection
🇺🇸 198.23.177.24	21 Apr 2026	Observed 4/21/2026 sending self-send spoofed phishing email impersonating CEO mailbox with 'Action R ... show more Observed 4/21/2026 sending self-send spoofed phishing email impersonating CEO mailbox with 'Action Required: Sign and Complete Document' lure. Part of sustained targeted campaign against Energywell CEO. Hosted on HostPapa (Buffalo NY) - same provider as multiple other observed malicious IPs. show less	Phishing Web Spam SQL Injection
🇩🇪 46.225.7.226	21 Apr 2026	Observed 4/21/2026 sending self-send spoofed phishing emails (2x) impersonating CEO mailbox with 'Do ... show more Observed 4/21/2026 sending self-send spoofed phishing emails (2x) impersonating CEO mailbox with 'DocuSign NDA Executed Agreement' lure. Part of sustained targeted campaign against Energywell CEO. Hosted on Hetzner Online Germany. show less	Phishing Web Spam SQL Injection
🇺🇸 104.164.46.55	21 Apr 2026	Observed 4/20/2026 sending self-send spoofed phishing email impersonating CEO mailbox with 'lMPORTAN ... show more Observed 4/20/2026 sending self-send spoofed phishing email impersonating CEO mailbox with 'lMPORTANT Message' lure using lowercase L character substitution to bypass keyword filters. Part of sustained targeted campaign against Energywell CEO. Hosted on 1GSERVERS USA (Phoenix AZ). show less	Phishing Web Spam SQL Injection
🇺🇸 154.194.50.125	21 Apr 2026	Observed 4/20-4/21/2026 sending multiple self-send spoofed phishing emails impersonating CEO mailbox ... show more Observed 4/20-4/21/2026 sending multiple self-send spoofed phishing emails impersonating CEO mailbox with 'NSA: DOMC Executed NDA Agreement' and 'ESystem Sever' lures. 3 observations in 24 hours. Part of sustained targeted campaign against Energywell CEO. Hosted on Manjul Associates USA (Phoenix AZ). show less	Phishing Web Spam SQL Injection
🇺🇸 104.168.69.190	21 Apr 2026	Observed 4/20/2026 sending self-send spoofed phishing email impersonating CEO mailbox with 'Action R ... show more Observed 4/20/2026 sending self-send spoofed phishing email impersonating CEO mailbox with 'Action Required Agreement' lure. Part of sustained targeted campaign against Energywell CEO. Hosted on HostPapa (Buffalo NY) - same provider as multiple other observed malicious IPs. show less	Phishing Web Spam SQL Injection
🇺🇸 192.254.70.124	21 Apr 2026	Observed 4/20/2026 sending self-send spoofed phishing email impersonating CEO mailbox with 'NSA: Ene ... show more Observed 4/20/2026 sending self-send spoofed phishing email impersonating CEO mailbox with 'NSA: Energywell Executed NDA Agreement' lure. Part of sustained targeted campaign against Energywell CEO. Hosted on Centrilogic USA (Nashville). show less	Phishing Web Spam SQL Injection
🇳🇱 95.211.45.107	21 Apr 2026	Observed 4/20-4/21/2026 sending multiple self-send spoofed phishing emails impersonating CEO mailbox ... show more Observed 4/20-4/21/2026 sending multiple self-send spoofed phishing emails impersonating CEO mailbox with 'Service Termination Alert' lures. Part of sustained targeted campaign against Energywell CEO. Hosted on LeaseWeb Netherlands. show less	Phishing Web Spam SQL Injection
🇩🇪 207.189.10.75	21 Apr 2026	Observed 4/20/2026 sending self-send spoofed phishing email impersonating CEO mailbox with 'NSA: Ene ... show more Observed 4/20/2026 sending self-send spoofed phishing email impersonating CEO mailbox with 'NSA: Energywell Executed NDA Agreement' lure. Part of sustained targeted campaign against Energywell CEO. Hosted on Hyonix (Germany). show less	Phishing Web Spam SQL Injection
🇺🇸 107.173.31.194	21 Apr 2026	Observed 4/21/2026 sending spoofed phishing email impersonating [email protected] with subject ' ... show more Observed 4/21/2026 sending spoofed phishing email impersonating [email protected] with subject 'ATTN _ Remittance Review Expire today'. Fake Microsoft SharePoint shared document lure. Targeted distribution list expanded to 6 executive mailboxes - all delivered due to weaker DMARC on source domain. Attacker also attempted [email protected] 48 seconds prior - blocked by stronger DMARC. Hosted on ColoCrossing USA. show less	Phishing Web Spam SQL Injection
🇺🇸 66.85.27.28	21 Apr 2026	Observed 4/20/2026 sending self-send spoofed phishing email impersonating internal mailbox with subj ... show more Observed 4/20/2026 sending self-send spoofed phishing email impersonating internal mailbox with subject 'Document'. Part of ongoing coordinated phishing campaign. Message quarantined by Defender. Hosted on GWY IT PTY LTD (Los Angeles CA). show less	Phishing Web Spam SQL Injection
🇺🇸 104.168.70.29	21 Apr 2026	Observed 4/20/2026 sending multiple self-send spoofed phishing emails impersonating internal mailbox ... show more Observed 4/20/2026 sending multiple self-send spoofed phishing emails impersonating internal mailboxes (ebarker and accounting) with subject 'Action Required: Service Termination Alert'. Part of ongoing coordinated phishing campaign. Hosted on HostPapa (Buffalo NY). show less	Phishing Web Spam SQL Injection
🇺🇸 198.144.189.54	21 Apr 2026	Observed 4/20/2026 sending self-send spoofed phishing email impersonating internal mailbox with subj ... show more Observed 4/20/2026 sending self-send spoofed phishing email impersonating internal mailbox with subject 'lMPORTANT Notice: Energywell Notice' (using lowercase 'l' character substitution for 'I' to bypass keyword filters). Part of ongoing coordinated phishing campaign. Hosted on HostPapa (Buffalo NY). show less	Phishing Web Spam SQL Injection
🇮🇱 83.229.81.108	21 Apr 2026	Observed 4/21/2026 sending self-send spoofed phishing email impersonating internal mailbox with subj ... show more Observed 4/21/2026 sending self-send spoofed phishing email impersonating internal mailbox with subject 'ACH Remittance Sent on 2026-04-20'. Classic financial/payment lure. Part of ongoing coordinated phishing campaign. Hosted on O.M.C. Computers & Communications LTD (Israel). show less	Phishing Web Spam SQL Injection
🇺🇸 139.64.174.52	21 Apr 2026	Observed 4/21/2026 sending self-send spoofed phishing email impersonating internal mailbox with subj ... show more Observed 4/21/2026 sending self-send spoofed phishing email impersonating internal mailbox with subject 'Communication Playback Received'. Part of ongoing coordinated phishing campaign using voicemail/communication playback lures. Hosted on Centrilogic Inc (Atlanta GA). show less	Phishing Web Spam SQL Injection
🇺🇸 148.163.93.49	21 Apr 2026	Observed 4/21/2026 sending self-send spoofed phishing email impersonating internal mailbox with subj ... show more Observed 4/21/2026 sending self-send spoofed phishing email impersonating internal mailbox with subject 'ATTN: Mailbox Login Expire today'. Classic credential harvesting lure. Part of ongoing coordinated phishing campaign. Hosted on Input Output Flood LLC (Phoenix AZ). show less	Phishing Web Spam SQL Injection
🇺🇸 89.106.1.83	21 Apr 2026	Observed 4/21/2026 sending self-send spoofed phishing email impersonating [email protected] w ... show more Observed 4/21/2026 sending self-send spoofed phishing email impersonating [email protected] with subject 'Reminder: Complete with Docusign: PSA Energywell Aging report'. Part of ongoing coordinated phishing campaign using self-send spoofing technique. Hosted on Interserver USA (Secaucus NJ). show less	Phishing Web Spam SQL Injection
🇺🇸 136.0.213.177	21 Apr 2026	Observed 4/20/2026 sending self-send spoofed phishing email impersonating internal mailbox with subj ... show more Observed 4/20/2026 sending self-send spoofed phishing email impersonating internal mailbox with subject 'HRSign: New Staff Termination Policies'. Part of ongoing coordinated phishing campaign. IPXO-leased address space. show less	Phishing Web Spam SQL Injection
🇺🇸 151.243.250.30	21 Apr 2026	Observed 4/20/2026 sending self-send spoofed phishing email impersonating internal mailbox with subj ... show more Observed 4/20/2026 sending self-send spoofed phishing email impersonating internal mailbox with subject 'HR Documents, Pending completion approval'. Part of ongoing coordinated phishing campaign. Hosted on GorillaServers / Webnx USA. show less	Phishing Web Spam SQL Injection
🇨🇦 178.93.216.41	21 Apr 2026	Observed 4/20/2026 sending self-send spoofed phishing email impersonating internal mailbox with Adob ... show more Observed 4/20/2026 sending self-send spoofed phishing email impersonating internal mailbox with Adobe signature lure. Part of ongoing coordinated phishing campaign. Same /24 as previously observed malicious 178.93.216.194. IPXO-leased address space. show less	Phishing Web Spam SQL Injection
🇳🇱 31.57.201.242	21 Apr 2026	Observed 4/20/2026 sending self-send spoofed phishing emails impersonating internal mailbox with sub ... show more Observed 4/20/2026 sending self-send spoofed phishing emails impersonating internal mailbox with subjects 'Settings Expiry before the end of Today' and 'Take Action: new secure Emails'. Part of ongoing coordinated phishing campaign. Hosted on Layer7 Technologies Netherlands. show less	Phishing Web Spam SQL Injection
🇺🇸 185.174.102.221	21 Apr 2026	Observed 4/21/2026 sending self-send spoofed phishing email impersonating [email protected] with ... show more Observed 4/21/2026 sending self-send spoofed phishing email impersonating [email protected] with subject 'Service Termination Alert'. Attacker used spoofed From header matching recipient address. Part of ongoing coordinated phishing campaign. Hosted on DeltaHost USA. show less	Phishing Web Spam SQL Injection
🇺🇸 45.59.104.215	20 Apr 2026	Phishing campaign targeting executives with DocuSign and HR document lures. Multiple targets hit. 4/ ... show more Phishing campaign targeting executives with DocuSign and HR document lures. Multiple targets hit. 4/15-4/17/2026. show less	Web Spam Email Spam
🇩🇪 45.138.49.113	20 Apr 2026	Phishing self-send ACH Payment Notification EFT Remittance lure. AEZA Group EU. 4/20/2026.	Web Spam Email Spam
🇨🇦 38.49.215.172	20 Apr 2026	Phishing self-send Mailbox Access Password Credentials Expires Today lure. Cogent US. 4/20/2026.	Web Spam Email Spam