gpc.areyouafraidof.me - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

The webmaster of gpc.areyouafraidof.me joined AbuseIPDB in September 2021 and has reported 21 IP addresses.

Standing (weight) is good.

INACTIVE USER WEBMASTER

IP	Date	Comment	Categories
🇷🇴 94.131.119.126	01 Feb 2024	C2 94.131.119.126:6541 https://www.virustotal.com/gui/file/b9333524777994c5bac8e6e76fb23693dee ... show more C2 94.131.119.126:6541 https://www.virustotal.com/gui/file/b9333524777994c5bac8e6e76fb23693dee7545cd616c2ba0b79668a8fbfb39b/detection show less	Hacking
🇺🇸 143.244.220.150	27 Sep 2023	ATT ARRIS BGW210-700's DNS resolvers resolve every non-existent domain to this ip address. $ di ... show more ATT ARRIS BGW210-700's DNS resolvers resolve every non-existent domain to this ip address. $ dig gofuckyourself-att-i-just-made-this-domain-up.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24313 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;gofuckyourself-att-i-just-made-this-domain-up.com. IN A ;; ANSWER SECTION: gofuckyourself-att-i-just-made-this-domain-up.com. 60 IN A 143.244.220.150 ;; Query time: 56 msec ;; SERVER: 192.168.1.254#53(192.168.1.254) ;; WHEN: Tue Sep 26 21:36:40 EDT 2023 ;; MSG SIZE rcvd: 94 $ dig gofuckyourself-att-i-just-made-this-domain-up.xxx @68.94.156.11 +short 143.244.220.150 $ whois 68.94.156.11 \| egrep -im2 'Orgn\|orgid' OrgName: AT&T Corp. OrgId: AC-3280 ASN - AS7018 Everyone please complain to [email protected] show less	DNS Compromise DNS Poisoning
🇺🇸 68.94.156.11	27 Sep 2023	ATT ARRIS BGW210-700's DNS resolvers resolve every non-existent domain to this ip address. $ di ... show more ATT ARRIS BGW210-700's DNS resolvers resolve every non-existent domain to this ip address. $ dig gofuckyourself-att-i-just-made-this-domain-up.com ; <<>> DiG 9.11.5-P4-5-Debian <<>> gofuckyourself-att-i-just-made-this-domain-up.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24313 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;gofuckyourself-att-i-just-made-this-domain-up.com. IN A ;; ANSWER SECTION: gofuckyourself-att-i-just-made-this-domain-up.com. 60 IN A 143.244.220.150 ;; Query time: 56 msec ;; SERVER: 192.168.1.254#53(192.168.1.254) ;; WHEN: Tue Sep 26 21:36:40 EDT 2023 ;; MSG SIZE rcvd: 94 $ dig gofuckyourself-att-i-just-made-this-domain-up.xxx @68.94.156.11 +short 143.244.220.150 $ whois 68.94.156.11 \| egrep -im2 'Orgn\|orgid' OrgName: AT&T Corp. OrgId: AC-3280 ASN - AS7018 show less	DNS Compromise DNS Poisoning
🇳🇱 185.142.236.43	08 May 2023	Looking for vulns and information disclosure. 185.142.236.43 - - [08/May/2023:12:55:44 -0500] "GET ... show more Looking for vulns and information disclosure. 185.142.236.43 - - [08/May/2023:12:55:44 -0500] "GET / HTTP/1.1" 200 339 185.142.236.43 - - [08/May/2023:12:55:53 -0500] "\n" 400 298 185.142.236.43 - - [08/May/2023:12:56:54 -0500] "GET /robots.txt HTTP/1.1" 200 24 185.142.236.43 - - [08/May/2023:12:56:55 -0500] "GET /sitemap.xml HTTP/1.1" 200 2132 185.142.236.43 - - [08/May/2023:12:56:56 -0500] "GET /.well-known/security.txt HTTP/1.1" 404 260 show less	Port Scan Hacking Bad Web Bot Web App Attack
🇺🇸 52.152.108.96	03 Oct 2022	Contacted by a maldoc with the shasum of 491f794c3af9f45c084ccd118104cec1f891f60341347559b87734e2a7e ... show more Contacted by a maldoc with the shasum of 491f794c3af9f45c084ccd118104cec1f891f60341347559b87734e2a7ef2b8c show less	Hacking
🇺🇸 216.250.254.234	30 Sep 2022	Possibly a compromised server, the domain in the message headers suggests that it came from this ser ... show more Possibly a compromised server, the domain in the message headers suggests that it came from this server, but it also had an ip after the domain name "216.250.254.234" Received: (qmail 28019 invoked by uid 101); 30 Sep 2022 00:28:00 +0900 Received: from unknown (HELO WIN-ELU0UATGO1E) ([email protected]@216.250.254.234) https://a.insgly.net/api/trk?id=emailclick&i=728539&eid=136254895&url=http://fmtrack.s2mtraining.com/v1/clk/rDxCyCxeQc2N451FGA-XnA,69pDe2NrTb2BBhvNfbKJnw,0,https://office-messages.info/?e=<redacted> <== the last part was a base64 encoded string for this url to a user at the company I work for. Abuse complaint was addressed to the IP, the IP associated with the user@domain reported as possibly exploited host on here. show less	Phishing
🇯🇵 211.133.134.50	30 Sep 2022	Possibly a compromised server, the domain in the message headers suggests that it came from this ser ... show more Possibly a compromised server, the domain in the message headers suggests that it came from this server, but it also had an ip after the domain name "216.250.254.234" Received: (qmail 28019 invoked by uid 101); 30 Sep 2022 00:28:00 +0900 Received: from unknown (HELO WIN-ELU0UATGO1E) ([email protected]@216.250.254.234) https://a.insgly.net/api/trk?id=emailclick&i=728539&eid=136254895&url=http://fmtrack.s2mtraining.com/v1/clk/rDxCyCxeQc2N451FGA-XnA,69pDe2NrTb2BBhvNfbKJnw,0,https://office-messages.info/?e=<redacted> <== the last part was a base64 encoded string for this url to a user at the company I work for. Abuse complaint was addressed to the IP but reporting here just in case. show less	Phishing Exploited Host
🇧🇪 13.107.246.57	23 Aug 2022	https://rotf.lol/mscustvoice customervoice.microsoft.com pageresponse aspx phishing abuse.	Phishing
🇦🇹 193.37.255.146	11 Feb 2022	javascript malware (nearly FUD) https://www.virustotal.com/gui/file/ac8ebc235b7bd8aaec088ee5bcf83 ... show more javascript malware (nearly FUD) https://www.virustotal.com/gui/file/ac8ebc235b7bd8aaec088ee5bcf83eb4347edc614e8f42977676041bf5eb92e9/detection/f-ac8ebc235b7bd8aaec088ee5bcf83eb4347edc614e8f42977676041bf5eb92e9-1644531681 Long sleeps; heavily heavily obfuscated. show less	Phishing Hacking Exploited Host
🇮🇪 40.112.72.205	20 Jan 2022	https://www.virustotal.com/gui/file/64a091ad849576166c15ef6c4b119c58a0216686ab3e9cebe4345774c1d89bc2 ... show more https://www.virustotal.com/gui/file/64a091ad849576166c15ef6c4b119c58a0216686ab3e9cebe4345774c1d89bc2/behavior/VirusTotal%20ZenBox show less	Phishing Hacking Exploited Host
🇨🇿 194.15.113.155	20 Jan 2022	HTTP/HTTPS requests url https://80.71.158.106/lab/research/info url https://194.15.113.155/lab/r ... show more HTTP/HTTPS requests url https://80.71.158.106/lab/research/info url https://194.15.113.155/lab/research/info url https://104.143.94.101/lab/research/info https://www.virustotal.com/gui/file/64a091ad849576166c15ef6c4b119c58a0216686ab3e9cebe4345774c1d89bc2/community show less	Hacking
🇺🇦 80.71.158.106	20 Jan 2022	HTTP/HTTPS requests url https://80.71.158.106/lab/research/info url https://194.15.113.155/lab/r ... show more HTTP/HTTPS requests url https://80.71.158.106/lab/research/info url https://194.15.113.155/lab/research/info url https://104.143.94.101/lab/research/info show less	Hacking
🇺🇸 104.143.94.101	20 Jan 2022	HTTP/HTTPS requests url https://80.71.158.106/lab/research/info url https://194.15.113.155/lab/r ... show more HTTP/HTTPS requests url https://80.71.158.106/lab/research/info url https://194.15.113.155/lab/research/info url https://104.143.94.101/lab/research/info show less	Hacking
🇺🇸 129.146.8.64	21 Dec 2021	apostle28.duckdns.org:3543 https://www.virustotal.com/gui/file/bb89acbea16bc8318aea9275e037b20325 ... show more apostle28.duckdns.org:3543 https://www.virustotal.com/gui/file/bb89acbea16bc8318aea9275e037b203252ffba8cab52ef017f338bed20062fb/community show less	Phishing Hacking
🇹🇷 109.228.255.59	02 Nov 2021	https://www.virustotal.com/gui/file/63c7f199d132e4a9ec56797ec7b69013df2e3deb5f0308e29fa2c7bf79b0556c ... show more https://www.virustotal.com/gui/file/63c7f199d132e4a9ec56797ec7b69013df2e3deb5f0308e29fa2c7bf79b0556c/community LOLLib (suspected qbot), injects in to explorer.exe , sends check in to port 443 on this host before communicating with 79.191.159.175 on port 2222 show less	Hacking
🇵🇱 79.191.159.175	02 Nov 2021	https://www.virustotal.com/gui/file/63c7f199d132e4a9ec56797ec7b69013df2e3deb5f0308e29fa2c7bf79b0556c ... show more https://www.virustotal.com/gui/file/63c7f199d132e4a9ec56797ec7b69013df2e3deb5f0308e29fa2c7bf79b0556c/community tcp port 2222, LOLLib that injects in to explorer.exe show less	Hacking
🇺🇸 52.219.106.89	26 Oct 2021	https://urlscan.io/result/7dd0c653-5c93-4f53-b78c-a27c269033f0/ https://s3.us-east-2.amazonaws.co ... show more https://urlscan.io/result/7dd0c653-5c93-4f53-b78c-a27c269033f0/ https://s3.us-east-2.amazonaws.com/pitts.secure.capo/XLSREMIT045.html#[email protected] show less	Phishing
🇺🇸 52.219.106.89	26 Oct 2021	https://s3.us-east-2.amazonaws.com/pitts.secure.capo/XLSREMIT045.html#[email protected] https://www ... show more https://s3.us-east-2.amazonaws.com/pitts.secure.capo/XLSREMIT045.html#[email protected] https://www.abuseipdb.com/report?ip=52.219.106.89 show less	Phishing
🇫🇷 92.204.223.87	10 Sep 2021	https://slicetogo.com/faxmessage/ofc3/	Phishing Exploited Host
🇺🇸 162.241.149.153	07 Sep 2021	https://dominationexploration.com/server/OfficeLogin/index.html Attacker email captured that cred ... show more https://dominationexploration.com/server/OfficeLogin/index.html Attacker email captured that credentials are sent to as well. show less	Phishing