I decoded base 64 encoding that contained this IP in the payload for a log4j vulnerability exploit a ...
show moreI decoded base 64 encoding that contained this IP in the payload for a log4j vulnerability exploit also malicious on virus total
show less
Scanning was done by a malicious IP and the payload of the scanning was a log4j attack saying to rea ...
show moreScanning was done by a malicious IP and the payload of the scanning was a log4j attack saying to reach back to this IP on port 443. very odd
show less
Very Malicious IP hosting malware. I downloaded files from IP and uploaded them to VT they all came ...
show moreVery Malicious IP hosting malware. I downloaded files from IP and uploaded them to VT they all came up as malware. Beware of this IP.
show less
A trojan was found on one of my devices that was reaching out to this endpoint IP at the time was re ...
show moreA trojan was found on one of my devices that was reaching out to this endpoint IP at the time was resolving as s4.cnzz.com
show less
js.users.51.la appears in many of the "Chinese" exploits - 51.la itself appears to be a legitimate w ...
show morejs.users.51.la appears in many of the "Chinese" exploits - 51.la itself appears to be a legitimate web counter site. Presumably part of the bad guys' statistical tracking system the js.users.51.la domain is combined with what appears to be a randomly named .js file.
This doesn't appear to be a malware site in itself, but it could be a useful thing to look for in your proxy logs as it may well help track down machines that have visited infected sites. Either search for js.users.51.la or perhaps just 51.la as part of your normal audit process.
show less
Bad Web Bot
By clicking “Accept all”, you agree to the storing of cookies on your device to remember preferences and
analyze site usage.
Read more
- Required to log into your AbuseIPDB account, and store these cookie preferences.