114.119.132.250 initiated contact with a matsnu command and control server, using contents unique to ...
show more114.119.132.250 initiated contact with a matsnu command and control server, using contents unique to matsnu C&C command protocols. Unauthorized access attempts originating from this IP address were detected.
Destination_port: 80
show less
This IP has been identified as illegally scanning networks for vulnerabilities - port-scanning activ ...
show moreThis IP has been identified as illegally scanning networks for vulnerabilities - port-scanning activities. Possibly an IP address of web proxy (websites that allow the user to anonymously view websites).
Destination_port: 80
show less
Unauthorized access attempts from this IP address were detected - potential sql injection (suspiciou ...
show moreUnauthorized access attempts from this IP address were detected - potential sql injection (suspicious). A device using 108.167.189.50 is infected with malware associated with the avalanche/andromeda family. 108.167.189.50 initiated contact with a nymaim command and control server, using contents unique to nymaim C&C command protocols.
Destination_port: 80
show less
Unauthorized access attempts from this IP address were detected - potential sql injection (suspiciou ...
show moreUnauthorized access attempts from this IP address were detected - potential sql injection (suspicious). Potentially malicious domains identified by analysing DNS traffic, web sites that are contained in phishing emails. The domain owner might be a victim of email spoofing.
Destination_port: 80
show less
Unauthorized access attempts from this IP address were detected. The IP address is known to perform ...
show moreUnauthorized access attempts from this IP address were detected. The IP address is known to perform botnet activities. The device using this IP address is obviously infected and is involved in DDoS attacks, port scanning, spamming, and so on.
Destination_port: 80
show less
Unauthorized access attempts originating from this IP address were detected (automated dictionary at ...
show moreUnauthorized access attempts originating from this IP address were detected (automated dictionary attacks/SSH Brute Force). Possibly the machine using 5.8.10.202 is infected with malware, or is sharing its internet connection with an infected computer. This IP address was detected attempting to make contact via a network connection with an "goznym" Command & Control server (C&C). This IP has been identified as illegally scanning networks for vulnerabilities - port-scanning activities.
Destination_port: 80
show less
Unauthorized access attempts originating from this IP address were detected. The machine using 52.18 ...
show moreUnauthorized access attempts originating from this IP address were detected. The machine using 52.185.186.37 is infected with malware, or is sharing its internet connection with an infected computer. This IP address was detected attempting to make contact via a network connection with an "zeus" Command & Control server (C&C). This IP has been identified as illegally scanning networks for vulnerabilities - port-scanning activities.
Destination_port: 80
show less
Unauthorized access attempts originating from this IP address were detected. The machine using 5.188 ...
show moreUnauthorized access attempts originating from this IP address were detected. The machine using 5.188.210.227 is infected with malware, or is sharing its internet connection with an infected computer. This IP address was detected attempting to make contact via a network connection with an "ramnit" Command & Control server (C&C). This IP has been identified as illegally scanning networks for vulnerabilities - port-scanning activities.
Destination_port: 80
show less
Unauthorized access attempts originating from this IP address were detected - brute force attack. Th ...
show moreUnauthorized access attempts originating from this IP address were detected - brute force attack. The machine using 18.140.72.94 is infected with malware, or is sharing its internet connection with an infected computer. This IP address was detected attempting to to make contact via a network connection with an "emotet" Command & Control server (C&C). Emotet infects computers and servers that are running a Windows operating system. This IP has been identified as illegally scanning networks for vulnerabilities - port-scanning activities. The domain owner might be a victim of email spoofing.
Destination_port: 80
show less
Unauthorized access attempts originating from this IP address were detected. IP address known for bo ...
show moreUnauthorized access attempts originating from this IP address were detected. IP address known for botnet-member activity. Devices using these IP addresses are obviously infected and take part in DDoS-attacks, port-scanning, spam-sending, etc. Possibly compromised email accounts being used to send spam/malware/phishing or compromised PCs/servers under the control of criminal organizations capable of sending spam/malware/phishing.
Destination_port: 80
show less
Possibly an exploited host, potentially being part of a bad web bot. This IP has been identified as ...
show morePossibly an exploited host, potentially being part of a bad web bot. This IP has been identified as illegally scanning networks for vulnerabilities - port-scanning activities. A device using 107.189.10.170 is infected with malware: 107.189.10.170 initiated contact with a conficker command and control server, using contents unique to conficker C&C command protocols.
The attackers will be more inclined to use proxies in an attempt to mask their location - attempting to use the server as an open proxy/web proxies (websites that allow the user to anonymously view websites).
Destination_port: 80
show less
Potential sql injection (suspicious). A device using 109.234.164.135 is infected with malware associ ...
show morePotential sql injection (suspicious). A device using 109.234.164.135 is infected with malware associated with the avalanche/andromeda family. 109.234.164.135 initiated contact with a nymaim command and control server, using contents unique to nymaim C&C command protocols. The domain owner might be a victim of email spoofing. Spam and phishing emails use spoofing to mislead the recipient about the origin of the message.
Destination_port: 80
show less
Domain (suspicious) & free web hosting (suspicious). This IP address is being used and is about to b ...
show moreDomain (suspicious) & free web hosting (suspicious). This IP address is being used and is about to be used for the purpose of high volume 'snowshoe' spam emission; potentially being part of a bad web bot. A device using 172.104.43.191 is infected with malware: 172.104.43.191 initiated contact with a matsnu command and control server, using contents unique to matsnu C&C command protocols. The attackers will be more inclined to use proxies in an attempt to mask their location - attempting to use the server as an open proxy/web proxies (websites that allow the user to anonymously view websites) - Open HTTP proxy. The domain owner might be a victim of email spoofing.
Destination_port: 80
show less
Phishing websites and/or email; domain (suspicious). Possibly an exploited host, potentially being p ...
show morePhishing websites and/or email; domain (suspicious). Possibly an exploited host, potentially being part of a bad web bot. This IP has been identified as illegally scanning networks for vulnerabilities - port-scanning activities.
Destination_port: 53
show less
This category contains IP addresses that host a botnet command&control server. At least one of the w ...
show moreThis category contains IP addresses that host a botnet command&control server. At least one of the websites that is hosted on this IP address contains content of the aforementioned category. In the past days, this category listed IPs of malicious websites or malware hosting websites and this category contained IP addresses that were used for cryptocurrency mining.
Destination port: 1808, 4434
show less
This IP address is being used and is about to be used for the purpose of high volume 'snowshoe' spam ...
show moreThis IP address is being used and is about to be used for the purpose of high volume 'snowshoe' spam emission; potentially being part of a bad web bot. The attackers will be more inclined to use proxies in an attempt to mask their location - attempting to use the server as an open proxy/web proxies (websites that allow the user to anonymously view websites) - Open HTTP proxy; possibly compromised PCs/servers under the control of criminal organizations capable of sending spam/malware/phishing.
Destination_port: 80
show less
Phishing websites and/or email; domain (suspicious). Possibly an exploited host, potentially being p ...
show morePhishing websites and/or email; domain (suspicious). Possibly an exploited host, potentially being part of a bad web bot. This IP has been identified as illegally scanning networks for vulnerabilities - port-scanning activities.
Destination_port: 53
show less
Potential sql injection (suspicious). Unauthorized access attempts originating from this IP address ...
show morePotential sql injection (suspicious). Unauthorized access attempts originating from this IP address were detected. Possibly an exploited host, potentially being part of a bad web bot. In the past days, this IP address was associated with Win.Worm.NetSky-4 and Spam Zero-Day.
Destination_port: 80
show less
Potential sql injection (suspicious) & potential xss injection (suspicious). Possibly an exploited h ...
show morePotential sql injection (suspicious) & potential xss injection (suspicious). Possibly an exploited host, potentially being part of a bad web bot; we don't know, yet, if this IP address is part of a good bot or a bad bot. In the past days, this IP address was associated with Spam Zero-Day. This IP was involved in spam sending activities. The domain owner might be a victim of email spoofing. This IP has been identified as illegally scanning networks for vulnerabilities - Nmap tool: to discover hosts and services on a computer network by sending packets and analyzing the responses.
Destination_port: 80
show less
Potential sql injection (suspicious). Unauthorized access attempts originating from this IP address ...
show morePotential sql injection (suspicious). Unauthorized access attempts originating from this IP address were detected. This category lists IP addresses that were seen sending out spam; servers are sending spam, nonspam, or a mix of spam and nonspam. This IP address is known for botnet-member activity. Devices using this IP address are obviously infected and take part in DDoS attacks, port-scanning, spam-sending and so on. This IP has been identified as illegally scanning networks for vulnerabilities.
Destination_port: 80
show less
Potential sql injection (suspicious). Unauthorized access attempts originating from this IP address ...
show morePotential sql injection (suspicious). Unauthorized access attempts originating from this IP address were detected. A device using 171.217.69.3 is infected with malware and it is sending spam; potentially being part of a bad web bot.
Destination_port: 80
show less
Potential sql injection (suspicious). Unauthorized access attempts originating from this IP address ...
show morePotential sql injection (suspicious). Unauthorized access attempts originating from this IP address were detected. A device using 45.227.253.94 is infected with malware that is emitting spam. This IP address is known for botnet-member activity.
Destination_port: 80
show less
Potential sql injection (suspicious). Unauthorized access attempts originating from this IP address ...
show morePotential sql injection (suspicious). Unauthorized access attempts originating from this IP address were detected. This IP has been identified as scanning networks for vulnerabilities. This category contains IP addresses of Web Proxies (websites that allow the user to anonymously view websites). Furthermore, IP addresses are listed that can be used directly to surf anonymously (e.g. by adding them to browser configuration). A device using 163.172.213.212 is infected with malware that is emitting spam: 163.172.213.212 initiated contact with a tinba command and control server, using contents unique to tinba C&C command protocols.
Destination_port: 80
show less
Open ProxyPort ScanSQL InjectionBrute-ForceBad Web Bot
By clicking “Accept all”, you agree to the storing of cookies on your device to remember preferences and
analyze site usage.
Read more
- Required to log into your AbuseIPDB account, and store these cookie preferences.