el-brujo - AbuseIPDB User Profile

Check an IP Address, Domain Name, or Subnet

e.g. 3.236.107.249, microsoft.com, or 5.188.10.0/24

User el-brujo, the webmaster of elhacker.net, joined AbuseIPDB in January 2021 and has reported 766,911 IP addresses.

Standing (weight) is good.

ACTIVE USER WEBMASTER SUPPORTER

IP	Date	Comment	Categories
89.248.165.204	1 minute ago	06/26/2022-16:44:45.448345 89.248.165.204 Protocol: 6 ET DROP Dshield Block Listed Source group 1	Hacking
179.43.155.172	1 minute ago	06/26/2022-16:44:03.206949 179.43.155.172 Protocol: 6 ET SCAN Suspicious inbound to PostgreSQL port ... show more06/26/2022-16:44:03.206949 179.43.155.172 Protocol: 6 ET SCAN Suspicious inbound to PostgreSQL port 5432 show less	Hacking
176.25.116.62	3 minutes ago	Cowrie Honeypot: Unauthorised SSH/Telnet login attempt with user "admin" at 2022-06-26T14:42:48Z	Brute-Force SSH
141.98.11.29	3 minutes ago	06/26/2022-16:42:17.664835 141.98.11.29 Protocol: 6 ET COMPROMISED Known Compromised or Hostile Host ... show more06/26/2022-16:42:17.664835 141.98.11.29 Protocol: 6 ET COMPROMISED Known Compromised or Hostile Host Traffic group 9 show less	Hacking
212.80.219.226	4 minutes ago	06/26/2022-16:41:27.151672 212.80.219.226 Protocol: 6 ET SCAN Potential VNC Scan 5900-5920	Port Scan
1.247.0.155	5 minutes ago	06/26/2022-16:40:16.866260 1.247.0.155 Protocol: 6 ET CINS Active Threat Intelligence Poor Reputatio ... show more06/26/2022-16:40:16.866260 1.247.0.155 Protocol: 6 ET CINS Active Threat Intelligence Poor Reputation IP group 2 show less	Hacking
181.214.206.185	7 minutes ago	06/26/2022-16:38:37.235085 181.214.206.185 Protocol: 6 ET SCAN Behavioral Unusually fast Terminal Se ... show more06/26/2022-16:38:37.235085 181.214.206.185 Protocol: 6 ET SCAN Behavioral Unusually fast Terminal Server Traffic Potential Scan or Infection (Inbound) show less	Hacking
104.129.29.6	13 minutes ago	06/26/2022-16:32:46.906665 104.129.29.6 Protocol: 17 ET SCAN Sipvicious Scan	Port Scan
62.138.179.170	13 minutes ago	06/26/2022-16:32:11.704236 62.138.179.170 Protocol: 17 ET SCAN Sipvicious Scan	Port Scan
164.160.139.92	16 minutes ago	06/26/2022-16:29:31.477056 164.160.139.92 Protocol: 6 ET SCAN Behavioral Unusually fast Terminal Ser ... show more06/26/2022-16:29:31.477056 164.160.139.92 Protocol: 6 ET SCAN Behavioral Unusually fast Terminal Server Traffic Potential Scan or Infection (Inbound) show less	Hacking
193.105.134.95	16 minutes ago	Cowrie Honeypot: Unauthorised SSH/Telnet login attempt with user "root" at 2022-06-26T14:29:16Z	Brute-Force SSH
173.212.198.225	18 minutes ago	06/26/2022-16:27:37.346475 173.212.198.225 Protocol: 6 ET SCAN Behavioral Unusually fast Terminal Se ... show more06/26/2022-16:27:37.346475 173.212.198.225 Protocol: 6 ET SCAN Behavioral Unusually fast Terminal Server Traffic Potential Scan or Infection (Inbound) show less	Hacking
89.22.234.69	19 minutes ago	26/Jun/2022:16:26:50 +0200Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 89.22.2 ... show more26/Jun/2022:16:26:50 +0200Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 89.22.234.69] ModSecurity: Warning. Pattern match "\\\\\\\\xbc[^\\\\\\\\xbe>][\\\\\\\\xbe>]\|<[^\\\\\\\\xbe]\\\\\\\\xbe" at ARGS:_wpcf7_ak_hp_textarea. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "546"] [id "941310"] [msg "US-ASCII Malformed Encoding XSS Filter - Attack Detected"] [data "Matched Data: \\\\xbc\\\\xd0\\\\xbe found within ARGS:_wpcf7_ak_hp_textarea: \\\\xd0\\\\xb2\\\\xd0\\\\xbd\\\\xd0\\\\xb6 \\\\xd1\\\\x81\\\\xd1\\\\x82\\\\xd0\\\\xbe\\\\xd0\\\\xb8\\\\xd0\\\\xbc\\\\xd0\\\\xbe\\\\xd1\\\\x81\\\\xd1\\\\x82\\\\xd1\\\\x8c \\\\xd0\\\\xb2 \\\\xd1\\\\x80\\\\xd0\\\\xbe\\\\xd1\\\\x81\\\\xd1\\\\x81\\\\xd0\\\\xb8\\\\xd0\\\\xb8 <a href=https://xn----btbbq8aon.xn--p1ai/>https://xn----btbbq8aon.xn--p1ai/</"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-tomcat"] [tag "attack-xss"] ... show less	Hacking Web App Attack
147.182.249.80	20 minutes ago	06/26/2022-16:25:52.984452 147.182.249.80 Protocol: 6 ET SCAN Potential VNC Scan 5900-5920	Port Scan
141.98.10.157	20 minutes ago	06/26/2022-16:25:13.868061 141.98.10.157 Protocol: 6 ET COMPROMISED Known Compromised or Hostile Hos ... show more06/26/2022-16:25:13.868061 141.98.10.157 Protocol: 6 ET COMPROMISED Known Compromised or Hostile Host Traffic group 8 show less	Hacking
212.80.219.175	24 minutes ago	06/26/2022-16:21:28.752643 212.80.219.175 Protocol: 6 ET SCAN Potential VNC Scan 5900-5920	Port Scan
91.240.118.139	24 minutes ago	06/26/2022-16:21:01.815243 91.240.118.139 Protocol: 6 ET DROP Dshield Block Listed Source group 1	Hacking
65.154.226.166	25 minutes ago	26/Jun/2022:16:20:23 +0200Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 65.154. ... show more26/Jun/2022:16:20:23 +0200Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 65.154.226.166] ModSecurity: Warning. Pattern match "^[\\\\\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "91.126.217.153"] [severity "WARNING"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "91.126.217.153"] [uri "/"] [unique_id "YrhrJ6nbLYR80RJUaZeY9QABAxI"] ... show less	Hacking Web App Attack
158.69.251.122	28 minutes ago	06/26/2022-16:17:57.377591 158.69.251.122 Protocol: 6 ET SCAN Potential VNC Scan 5900-5920	Port Scan
195.3.147.60	29 minutes ago	Cowrie Honeypot: Unauthorised SSH/Telnet login attempt with user "Admin" at 2022-06-26T14:16:57Z	Brute-Force SSH
167.71.239.134	29 minutes ago	Cowrie Honeypot: Unauthorised SSH/Telnet login attempt with user "root" at 2022-06-26T14:16:37Z	Brute-Force SSH
194.165.16.13	29 minutes ago	06/26/2022-16:16:21.431409 194.165.16.13 Protocol: 6 ET SCAN Potential VNC Scan 5900-5920	Port Scan
185.56.83.101	29 minutes ago	06/26/2022-16:16:08.392640 185.56.83.101 Protocol: 6 ET SCAN Potential VNC Scan 5900-5920	Port Scan
104.248.147.69	29 minutes ago	Cowrie Honeypot: Unauthorised SSH/Telnet login attempt with user "el-hacker" at 2022-06-26T14:16:05Z	Brute-Force SSH
2.58.149.116	30 minutes ago	Cowrie Honeypot: Unauthorised SSH/Telnet login attempt with user "admin" at 2022-06-26T14:15:36Z	Brute-Force SSH