ebo3x - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User ebo3x joined AbuseIPDB in February 2022 and has reported 93 IP addresses.

Standing (weight) is good.

INACTIVE USER

IP	Date	Comment	Categories
🇺🇸 172.66.0.227	21 Oct 2025	Landing page for Capital One phishing spam: https://t.co/QivFSyNDZy	Phishing
🇮🇱 176.228.73.113	15 Oct 2025	Phishing attempt purporting to be from American Express.	Phishing Email Spam
🇺🇸 136.143.190.68	14 Oct 2025		Phishing Email Spam
🇺🇸 162.255.118.8	12 Oct 2025	Associated with Ledger impersonation.	Phishing Email Spam
🇺🇸 162.255.118.7	12 Oct 2025		Phishing Email Spam
🇺🇸 149.72.126.143	12 Oct 2025	Phishing for Ledger credentials.	Phishing Email Spam
🇳🇱 159.183.235.50	12 Oct 2025	Ledger impersonation.	Phishing
🇺🇦 62.60.130.165	09 Oct 2025	Phishing email spoofing my own domain (bo3lter.com). Forged From/Return-Path using 62.60.130.165 (Pa ... show more Phishing email spoofing my own domain (bo3lter.com). Forged From/Return-Path using 62.60.130.165 (ParsOnline, Iran) as the true source. Message falsely claims “email account deletion” and links to a credential-harvesting page on a compromised WordPress host: https://mudiwahood.group/wp-includes/js/tinymce/skins/jsquery.html SPF softfail, DKIM none, DMARC fail (policy=quarantine). Not sent via my legitimate mail provider's servers. show less	Phishing Email Spam
🇺🇸 162.255.118.8	08 Oct 2025	Observed phishing email impersonating NatWest (subject “Bank of APIs - sign-in alert”) that links to ... show more Observed phishing email impersonating NatWest (subject “Bank of APIs - sign-in alert”) that links to bankofapis.com for credential harvesting. Email was relayed through asp-relay-pe.jellyfish.systems (IP 162.255.118.8). The message appears to use DKIM headers from natwest.com while the body has been tampered with (DKIM body hash mismatch and ARC failure), indicating DKIM-replay/header-reuse. Full raw message available: ****. Phone number used in scam: +1 (803) 250-7580. show less	Phishing Email Spam Spoofing
🇨🇭 185.196.8.172	29 Sep 2025	Received unsolicited loan/investment scam email. From: [email protected] (forged) Reply-To: ... show more Received unsolicited loan/investment scam email. From: [email protected] (forged) Reply-To: [email protected] Source IP: 185.196.8.172 Subject: "LOAN / INVESTMENT OFFER (from US$ 10 Million to US$ 10 Billion...)" SPF/DKIM/DMARC all failed. Classic advance-fee/financial scam spam. show less	Fraud Orders Phishing Email Spam
🇮🇪 159.183.224.102	29 Sep 2025	Phishing email impersonating Ledger (crypto hardware wallet company). Sent from [email protected] ... show more Phishing email impersonating Ledger (crypto hardware wallet company). Sent from [email protected] via SendGrid (159.183.224.102). Contains links to an Amazon S3 bucket that asks user to "verify recovery phrase." This is a credential-harvesting attempt to steal crypto assets. show less	Fraud Orders Phishing Email Spam
🇨🇿 93.99.104.216	11 Sep 2025	Unsolicited marketing email (“Orangetheory Fitness” promos) sent from 93.99.104.216 (narvi.silentfra ... show more Unsolicited marketing email (“Orangetheory Fitness” promos) sent from 93.99.104.216 (narvi.silentframe.cyou) through relay asp-relay-pe.jellyfish.systems (162.255.118.8). Messages contained tracking links and images hosted at silentframe.cyou plus filler text. DKIM/SPF/DMARC passed, confirming the spam was sent via silentframe.cyou bulk-mail infrastructure. show less	Phishing Email Spam
🇧🇩 144.48.163.44	10 Sep 2025	Spanish-language sextortion email demanding $750 to BTC bc1qd3ejt72l0rdjkdzz7g8zs0cfj326gsevhzkj0w w ... show more Spanish-language sextortion email demanding $750 to BTC bc1qd3ejt72l0rdjkdzz7g8zs0cfj326gsevhzkj0w within 48h. Claims undetectable driver-level trojan and threatens to share fabricated videos with contacts. Originating IP per headers: 144.48.163.44, relayed via asp-relay-pe.jellyfish.systems (162.255.118.8). Same wallet/content as two prior messages from different IPs/senders this week. show less	Fraud Orders Phishing Email Spam
🇦🇷 190.5.161.18	09 Sep 2025	Spanish-language sextortion email demanding $750 to BTC bc1qd3ejt72l0rdjkdzz7g8zs0cfj326gsevhzkj0w w ... show more Spanish-language sextortion email demanding $750 to BTC bc1qd3ejt72l0rdjkdzz7g8zs0cfj326gsevhzkj0w within 48h. Claims undetectable trojan/driver-level malware and threatens to share fabricated videos with contacts. Originating IP per headers: 190.5.161.18 (Megacable AR), relayed via asp-relay-pe.jellyfish.systems (162.255.118.7). Same wallet and content as a prior message from a different IP the previous day. show less	Fraud Orders Email Spam Spoofing
🇸🇻 190.57.86.98	09 Sep 2025	Spanish-language sextortion scam email sent from this IP. Threatens to release fabricated compromisi ... show more Spanish-language sextortion scam email sent from this IP. Threatens to release fabricated compromising webcam videos unless $750 USD is paid to Bitcoin wallet bc1qd3ejt72l0rdjkdzz7g8zs0cfj326gsevhzkj0w within 48 hours. Claims to have installed a trojan and to monitor the recipient. Originating IP is a Claro/Telefónica mobile network (Central America). As of 09 Sep 2025, IP is listed on Barracuda Reputation Block List. show less	Fraud Orders Phishing Email Spam
🇩🇪 176.65.149.32	31 Aug 2025	Spam campaign from Pfcloud UG (AS51396). Observed sending deceptive "T-Mobile Laptop Giveaway" ema ... show more Spam campaign from Pfcloud UG (AS51396). Observed sending deceptive "T-Mobile Laptop Giveaway" emails. Origin: 176.65.149.32 (yoke.syncy.sa.com). Domain: syncy.sa.com with DKIM=pass, SPF & DMARC pass. Messages contain tracking pixel and click-through URLs. Relay: asp-relay-pe.jellyfish.systems (162.255.118.7). Part of same ongoing spam operation using Pfcloud infrastructure. show less	Phishing Email Spam
🇩🇪 176.65.149.31	31 Aug 2025	Ongoing spam campaign from Pfcloud UG (AS51396). This IP (176.65.149.31) is used to send fraudulen ... show more Ongoing spam campaign from Pfcloud UG (AS51396). This IP (176.65.149.31) is used to send fraudulent giveaway emails ("O'Reilly Jump Starter", "Schumacher Gift"). Domain: portraits.ru.com, SPF/DKIM/DMARC pass. Includes tracking pixel and click URLs hosted on portraits.ru.com. Relayed through asp-relay-pe.jellyfish.systems (162.255.118.8). Same campaign reported previously under other Pfcloud IPs/domains. show less	Phishing Email Spam
🇨🇿 93.99.104.2	31 Aug 2025	This IP is actively sending spam tied to an ongoing Pfcloud/Jellyfish campaign. Observed sending u ... show more This IP is actively sending spam tied to an ongoing Pfcloud/Jellyfish campaign. Observed sending unsolicited email promoting fake health remedies ("Japanese Moon Elixir" / thyroid cure). Domain: biowave.sa.com, DKIM/SPF/DMARC all pass. Messages include tracking pixels and multiple click-through links hosted on biowave.sa.com. Relay path via asp-relay-pe.jellyfish.systems (162.255.118.7). Part of a persistent spam/phishing operation. show less	Phishing Email Spam
🇩🇪 176.65.149.25	30 Aug 2025	This IP is actively sending spam as part of the same Pfcloud UG (AS51396) / Jellyfish relay operatio ... show more This IP is actively sending spam as part of the same Pfcloud UG (AS51396) / Jellyfish relay operation. Recent samples include subjects like “Stop Scrubbing – Try This Simple Cleaning Device!” and other deceptive promotions. Headers show DKIM=pass (d=patriotpower.ru.com; s=k1), SPF and DMARC pass. Messages include tracking pixels and click URLs on patriotpower.ru.com. Relayed via asp-relay-pe.jellyfish.systems (162.255.118.8). Repeat abuse from this provider’s allocation. show less	Phishing Email Spam
🇩🇪 176.65.149.23	30 Aug 2025	This IP is part of an ongoing Pfcloud UG (AS51396) spam operation. Observed sending unsolicited bu ... show more This IP is part of an ongoing Pfcloud UG (AS51396) spam operation. Observed sending unsolicited bulk email with subject lines such as “Get paid for scrolling Facebook, Twitter & YouTube” and “Social Media Worker – Full training provided.” Headers show DKIM=pass (d=vitafirm.za.com; s=k1), SPF and DMARC also pass. The emails contain tracking pixels and multiple click-through links hosted on vitafirm.za.com. Mail is relayed through asp-relay-pe.jellyfish.systems (162.255.118.8). Persistent pattern consistent with prior abuse reports from the same network. show less	Phishing Email Spam
🇩🇪 176.65.149.5	30 Aug 2025	IP 176.65.149.5 is sending bulk spam via monte.selfsufficient.za.com, promoting fake “Vehicle Protec ... show more IP 176.65.149.5 is sending bulk spam via monte.selfsufficient.za.com, promoting fake “Vehicle Protection USA” auto warranties. Messages contain rotating subjects, redirect links on selfsufficient.za.com, and padded filler text to evade filters. Part of an ongoing coordinated spam campaign. show less	Email Spam
🇩🇪 176.65.149.25	22 Aug 2025	Ongoing coordinated spam operation involving deceptive bulk marketing emails sent via Pfcloud infras ... show more Ongoing coordinated spam operation involving deceptive bulk marketing emails sent via Pfcloud infrastructure (AS51396). This IP (176.65.149.25) has been observed sending multiple unsolicited messages in the last 24 hours, consistent with previous activity from this network. Messages contain tracking links, misleading subject lines, and appear tied to the same campaign previously reported from other Pfcloud IPs. show less	Phishing Email Spam
🇺🇸 172.67.83.132	16 Aug 2025	IP is associated with a landing page pretending to be E-ZPass.	Phishing Email Spam Spoofing
🇺🇸 162.255.118.7	12 Aug 2025	Jellyfish Systems relay actively passing through spam from Pfcloud UG (AS51396, Germany). Details ... show more Jellyfish Systems relay actively passing through spam from Pfcloud UG (AS51396, Germany). Details: - Relaying multiple daily spam emails for domains: - preciousmetals.sa.com - checkclick.ru.com - pillowfoam.za.com - ninjaservice.sa.com - Tracking/landing URLs: - https://ninjaservice.sa.com/click.php?u=... - https://pillowfoam.za.com/open.php?u=... - Campaign uses tracking images/URLs to confirm recipients. - Relay IP: 162.255.118.7 consistently appears in Received headers. show less	Email Spam
🇩🇪 176.65.149.98	12 Aug 2025	Ongoing coordinated spam campaign originating from Pfcloud UG (AS51396, Germany) and relayed via Jel ... show more Ongoing coordinated spam campaign originating from Pfcloud UG (AS51396, Germany) and relayed via Jellyfish Systems. Details: - Spam promoting diet supplements, fake surveys, and woodworking scams. - Sending domain: checkclick.ru.com - Tracking/landing URLs: - https://checkclick.ru.com/click.php?u=9b3a... - https://checkclick.ru.com/open.php?u=7de4... - Campaign bypasses filters by rotating Pfcloud IPs and spam domains. Relay: asp-relay-pe.jellyfish.systems (162.255.118.7) show less	Email Spam