User Nero-M- joined AbuseIPDB in October 2020 and has reported 28 IP addresses.
Standing (weight) is good.
INACTIVE USER
| IP | Date | Comment | Categories |
|---|---|---|---|
| 🇷🇺 91.240.118.168 |
Emotet MalSpam - hxxp://91.240.118.168/zqqw/zaas/fe.html
|
Hacking | |
| 🇨🇭 179.43.175.101 |
miari botnet rogue LDAP server used in log4j (CVE-2021-44228) exploitation attempts
|
Port Scan SSH | |
| 39.101.174.115 |
Hosting WebShell exploits targeting MS-Exchange
|
Hacking Exploited Host | |
| 194.90.9.27 |
Phish from [email protected]. MalwareFamily/Malicious Payload
|
Phishing | |
| 76.223.26.96 |
9 TCP probe, bot detection. ASA: Deny TCP connection for Outside76.223.26.96/80
|
Port Scan | |
| 66.96.149.32 |
Denied on firewall (443 TCP)
|
Port Scan | |
| 119.28.15.199 |
CVE-2021-21985 exploit activity detected from 119.28.15.199 - "source_ip_address=119.28.15.199
|
Port Scan Web App Attack SSH | |
| 83.97.20.160 |
Conti Ransomware C2 beacon
|
Hacking Exploited Host | |
| 185.156.73.114 |
MASS TCP FIREWALL DENY
|
Port Scan | |
| 92.63.197.103 |
Mass Firewall TCP DENY
|
Port Scan | |
| 185.156.73.102 |
Firewall TCP Deny
|
Port Scan | |
| 91.148.141.35 |
|
Hacking Web App Attack SSH | |
| 72.52.178.23 |
Known ATP group "lemon duck" disto malware from this IP
|
DNS Compromise Phishing Port Scan Hacking Exploited Host | |
| 172.241.27.244 |
Hosting domain matesmapizza[.]com which delivers Qakbot and then Cobalt
|
Exploited Host | |
| 116.113.28.190 |
SSH Brute Force attempts
|
Brute-Force | |
| 199.217.118.13 |
Emotet dropper - https://urlhaus.abuse.ch/host/starkdoor.com/
|
Email Spam Exploited Host | |
| 23.106.160.137 |
Cobalt Strike Beacon
|
Exploited Host | |
| 172.105.253.97 |
RyUK distributing IP
|
Exploited Host | |
| 186.215.198.137 |
IMAP Brute Force
|
Brute-Force | |
| 211.20.181.113 |
IMAP4 brute force
|
Brute-Force | |
| 211.20.181.113 |
Azure AD brute force using legacy protocols
|
Brute-Force | |
| 78.36.163.253 |
Brute force'ing accounts
|
Brute-Force |