Panel🇨🇳 China101.201.50.253
ABUSE.MOM
INFORME DE AMENAZA

Informe de amenaza IP
101.201.50.253

ABUSE.MOM — COMPÓRTATE O SERÁS EXPUESTO

Generado: 2026-05-30 10:03:57
Primera vez visto: 2026-04-25 21:00:04
Última vez visto: 2026-04-25 21:00:04
85

⛔ Veredicto: BLOQUEO

Esta dirección IP ha sido clasificada como fuente de actividad automatizada maliciosa. Puntuación de amenaza: 85/100. Total de solicitudes maliciosas observadas: 1.

DANGER_PATHRATIO_404REDIRECT_PROBE
01

Geolocalización y clasificación

Dirección IP
101.201.50.253
Tipo
Residential
País
🇨🇳 China
Ciudad
Beijing
ISP
Hangzhou Alibaba Advertising Co
Organización
Aliyun Computing Co., LTD
Sistema autónomo
AS37963 Hangzhou Alibaba Advertising Co.,Ltd.
Nº de solicitudes
1
02

Firmas de detección

FirmaDescripciónPuntosGravedad
Danger strong hits: 2Rutas de alto riesgo: shells, RCE, exploits+50
404 ratio 40-60%Mayoría de solicitudes devolvieron 404 — enumeración+15
Probe pattern 302->404 same pathAnomalía de comportamiento detectada automáticamente+20
Σ = 85
03

Actividad observada

Solicitudes HTTP reconstruidas de los registros del servidor. Dominios objetivo ocultos por seguridad.

[redacted]
GET
/
200
Solicitudes mostradas: 1 · HTTP 404: 0 · Patrones peligrosos: 0

* Typical request patterns for detected signatures. Actual target domains are redacted.

04

Cronología

2026-04-25 21:00:04
Primera solicitud maliciosa detectada
IP ingresó en monitoreo desde registros del servidor
Durante la observación
Se activaron múltiples firmas de detección
Danger strong hits: 2 (+50), 404 ratio 40-60% (+15), Probe pattern 302->404 same path (+20)
2026-04-25 21:00:04
Última solicitud maliciosa observada
Puntuación total alcanzada: 85/100
Siguiente ciclo
IP bloqueada — todas las solicitudes posteriores denegadas (HTTP 403)
Añadida a la lista de bloqueo automáticamente
05

Proveedor de red

Hangzhou Alibaba Advertising Co
AS37963 · 🇨🇳 China
06

Recomendaciones

Acciones tomadas y recomendadas

  • IP 101.201.50.253 está bloqueada a nivel de aplicación (HTTP 403)
  • Considere bloquear a nivel de firewall (iptables/CSF)
  • Reporte el abuso al proveedor de red a través de su contacto de abuso
  • Asegúrese de que archivos sensibles (.env, .git) no sean accesibles desde la web

🔎 Defensa contra escaneo de directorios

IP 101.201.50.253 está enumerando directorios. Configure fail2ban con jail apache-404 tras 10+ errores 404.

08

Puertos abiertos y servicios

Datos de reconocimiento de red de Shodan. Los puertos abiertos pueden indicar servicios en ejecución, configuraciones incorrectas o superficies de ataque.

PUERTOS ABIERTOS (261)
PortServiceRiskDescription
11UnknownLowService on port 11
13UnknownLowService on port 13
15UnknownLowService on port 15
23TelnetCriticalTelnet — unencrypted remote access, extremely dangerous if exposed
43UnknownLowService on port 43
70UnknownLowService on port 70
86UnknownLowService on port 86
91UnknownLowService on port 91
102UnknownLowService on port 102
195UnknownLowService on port 195
389UnknownLowService on port 389
450UnknownLowService on port 450
513UnknownLowService on port 513
771UnknownLowService on port 771
830UnknownLowService on port 830
843UnknownLowService on port 843
873UnknownLowService on port 873
943UnknownLowService on port 943
993IMAPSLowService on port 993
1002UnknownLowService on port 1002
1023UnknownLowService on port 1023
1080UnknownLowService on port 1080
1153UnknownLowService on port 1153
1177UnknownLowService on port 1177
1200UnknownLowService on port 1200
1283UnknownLowService on port 1283
1292UnknownLowService on port 1292
1494UnknownLowService on port 1494
1554UnknownLowService on port 1554
1604UnknownLowService on port 1604
1800UnknownLowService on port 1800
1883UnknownLowService on port 1883
1962UnknownLowService on port 1962
2000UnknownLowService on port 2000
2008UnknownLowService on port 2008
2069UnknownLowService on port 2069
2083UnknownLowService on port 2083
2154UnknownLowService on port 2154
2222UnknownLowService on port 2222
2332UnknownLowService on port 2332
2362UnknownLowService on port 2362
2404UnknownLowService on port 2404
2455UnknownLowService on port 2455
2553UnknownLowService on port 2553
2599UnknownLowService on port 2599
2761UnknownLowService on port 2761
3001UnknownLowService on port 3001
3124UnknownLowService on port 3124
3148UnknownLowService on port 3148
3153UnknownLowService on port 3153
3164UnknownLowService on port 3164
3169UnknownLowService on port 3169
3191UnknownLowService on port 3191
3193UnknownLowService on port 3193
3260UnknownLowService on port 3260
3268UnknownLowService on port 3268
3301UnknownLowService on port 3301
3388UnknownLowService on port 3388
3389RDPHighRemote Desktop Protocol — primary target for ransomware attacks
3790UnknownLowService on port 3790
4022UnknownLowService on port 4022
4063UnknownLowService on port 4063
4064UnknownLowService on port 4064
4157UnknownLowService on port 4157
4200UnknownLowService on port 4200
4242UnknownLowService on port 4242
4282UnknownLowService on port 4282
4369UnknownLowService on port 4369
4433UnknownLowService on port 4433
4434UnknownLowService on port 4434
4443UnknownLowService on port 4443
4445UnknownLowService on port 4445
4500UnknownLowService on port 4500
4531UnknownLowService on port 4531
4664UnknownLowService on port 4664
4700UnknownLowService on port 4700
4786UnknownLowService on port 4786
4911UnknownLowService on port 4911
5004UnknownLowService on port 5004
5007UnknownLowService on port 5007
5022UnknownLowService on port 5022
5224UnknownLowService on port 5224
5234UnknownLowService on port 5234
5257UnknownLowService on port 5257
5269UnknownLowService on port 5269
5274UnknownLowService on port 5274
5276UnknownLowService on port 5276
5435UnknownLowService on port 5435
5672UnknownLowService on port 5672
5917UnknownLowService on port 5917
5984UnknownLowService on port 5984
6001UnknownLowService on port 6001
6297UnknownLowService on port 6297
6331UnknownLowService on port 6331
6379RedisCriticalRedis in-memory database — frequently misconfigured without auth
6633UnknownLowService on port 6633
6653UnknownLowService on port 6653
6666UnknownLowService on port 6666
6667UnknownLowService on port 6667
6668UnknownLowService on port 6668
6779UnknownLowService on port 6779
7003UnknownLowService on port 7003
7020UnknownLowService on port 7020
7071UnknownLowService on port 7071
7078UnknownLowService on port 7078
7173UnknownLowService on port 7173
7218UnknownLowService on port 7218
7634UnknownLowService on port 7634
7676UnknownLowService on port 7676
8005UnknownLowService on port 8005
8009UnknownLowService on port 8009
8039UnknownLowService on port 8039
8089UnknownLowService on port 8089
8108UnknownLowService on port 8108
8124UnknownLowService on port 8124
8126UnknownLowService on port 8126
8131UnknownLowService on port 8131
8143UnknownLowService on port 8143
8195UnknownLowService on port 8195
8291MikroTikHighMikroTik Winbox — router management, targeted by VPNFilter malware
8403UnknownLowService on port 8403
8436UnknownLowService on port 8436
8448UnknownLowService on port 8448
8463UnknownLowService on port 8463
8472UnknownLowService on port 8472
8481UnknownLowService on port 8481
8500UnknownLowService on port 8500
8503UnknownLowService on port 8503
8554UnknownLowService on port 8554
8579UnknownLowService on port 8579
8580UnknownLowService on port 8580
8584UnknownLowService on port 8584
8589UnknownLowService on port 8589
8602UnknownLowService on port 8602
8649UnknownLowService on port 8649
8728UnknownLowService on port 8728
8834UnknownLowService on port 8834
8845UnknownLowService on port 8845
9001UnknownLowService on port 9001
9042UnknownLowService on port 9042
9053UnknownLowService on port 9053
9095UnknownLowService on port 9095
9131UnknownLowService on port 9131
9132UnknownLowService on port 9132
9216UnknownLowService on port 9216
9223UnknownLowService on port 9223
9236UnknownLowService on port 9236
9307UnknownLowService on port 9307
9398UnknownLowService on port 9398
9530UnknownLowService on port 9530
9600UnknownLowService on port 9600
9690UnknownLowService on port 9690
9758UnknownLowService on port 9758
9876UnknownLowService on port 9876
9943UnknownLowService on port 9943
9950UnknownLowService on port 9950
9966UnknownLowService on port 9966
9998UnknownLowService on port 9998
10000UnknownLowService on port 10000
10090UnknownLowService on port 10090
10909UnknownLowService on port 10909
11000UnknownLowService on port 11000
11007UnknownLowService on port 11007
11027UnknownLowService on port 11027
11211UnknownLowService on port 11211
11288UnknownLowService on port 11288
11300UnknownLowService on port 11300
11602UnknownLowService on port 11602
12000UnknownLowService on port 12000
12001UnknownLowService on port 12001
12019UnknownLowService on port 12019
12144UnknownLowService on port 12144
12153UnknownLowService on port 12153
12164UnknownLowService on port 12164
12238UnknownLowService on port 12238
12253UnknownLowService on port 12253
12259UnknownLowService on port 12259
12270UnknownLowService on port 12270
12271UnknownLowService on port 12271
12301UnknownLowService on port 12301
12311UnknownLowService on port 12311
12326UnknownLowService on port 12326
12343UnknownLowService on port 12343
12345UnknownLowService on port 12345
12355UnknownLowService on port 12355
12358UnknownLowService on port 12358
12362UnknownLowService on port 12362
12366UnknownLowService on port 12366
12374UnknownLowService on port 12374
12412UnknownLowService on port 12412
12418UnknownLowService on port 12418
12437UnknownLowService on port 12437
12492UnknownLowService on port 12492
12504UnknownLowService on port 12504
12506UnknownLowService on port 12506
12553UnknownLowService on port 12553
13380UnknownLowService on port 13380
13443UnknownLowService on port 13443
14026UnknownLowService on port 14026
14344UnknownLowService on port 14344
14875UnknownLowService on port 14875
16027UnknownLowService on port 16027
16028UnknownLowService on port 16028
16041UnknownLowService on port 16041
16076UnknownLowService on port 16076
16080UnknownLowService on port 16080
16311UnknownLowService on port 16311
16316UnknownLowService on port 16316
16443UnknownLowService on port 16443
18005UnknownLowService on port 18005
18011UnknownLowService on port 18011
18030UnknownLowService on port 18030
18061UnknownLowService on port 18061
18076UnknownLowService on port 18076
18077UnknownLowService on port 18077
18089UnknownLowService on port 18089
20060UnknownLowService on port 20060
20185UnknownLowService on port 20185
20547UnknownLowService on port 20547
20800UnknownLowService on port 20800
20894UnknownLowService on port 20894
21200UnknownLowService on port 21200
21257UnknownLowService on port 21257
21259UnknownLowService on port 21259
21307UnknownLowService on port 21307
21326UnknownLowService on port 21326
21329UnknownLowService on port 21329
21379UnknownLowService on port 21379
23023UnknownLowService on port 23023
23889UnknownLowService on port 23889
24443UnknownLowService on port 24443
24649UnknownLowService on port 24649
25001UnknownLowService on port 25001
25565UnknownLowService on port 25565
25831UnknownLowService on port 25831
27015UnknownLowService on port 27015
28621UnknownLowService on port 28621
29799UnknownLowService on port 29799
29810UnknownLowService on port 29810
32800UnknownLowService on port 32800
35004UnknownLowService on port 35004
44303UnknownLowService on port 44303
44332UnknownLowService on port 44332
45668UnknownLowService on port 45668
47080UnknownLowService on port 47080
47366UnknownLowService on port 47366
48012UnknownLowService on port 48012
49121UnknownLowService on port 49121
49551UnknownLowService on port 49551
51002UnknownLowService on port 51002
53490UnknownLowService on port 53490
54138UnknownLowService on port 54138
55000UnknownLowService on port 55000
55481UnknownLowService on port 55481
55553UnknownLowService on port 55553
61616UnknownLowService on port 61616
62858UnknownLowService on port 62858
63127UnknownLowService on port 63127
63205UnknownLowService on port 63205
63210UnknownLowService on port 63210
63256UnknownLowService on port 63256

⚠️ Se detectaron 4 puertos de alto riesgo en 101.201.50.253. RDP expuesto (3389) es el vector #1 para ataques de ransomware. Puertos de base de datos abiertos sugieren riesgo de exfiltración de datos. Telnet (23) transmite credenciales en texto plano — probablemente un dispositivo IoT comprometido. Estos servicios no deben ser accesibles públicamente sin reglas estrictas de firewall.

VULNERABILIDADES CONOCIDAS (CVE) (42)
CVE IDLink
CVE-2016-10011NVD →
CVE-2023-38408NVD →
CVE-2015-5352NVD →
CVE-2011-5000NVD →
CVE-2007-2768NVD →
CVE-2021-36368NVD →
CVE-2016-1908NVD →
CVE-2018-15473NVD →
CVE-2016-3115NVD →
CVE-2017-15906NVD →
CVE-2023-51767NVD →
CVE-2014-1692NVD →
CVE-2020-14145NVD →
CVE-2019-6109NVD →
CVE-2016-20012NVD →
CVE-2016-10010NVD →
CVE-2010-5107NVD →
CVE-2023-51385NVD →
CVE-2016-10012NVD →
CVE-2015-6564NVD →
CVE-2016-10009NVD →
CVE-2025-26465NVD →
CVE-2014-2532NVD →
CVE-2026-35414NVD →
CVE-2014-2653NVD →
+17 más

🔴 Este host tiene 42 CVE conocidos asociados con sus servicios expuestos. Este volumen sugiere software severamente desactualizado. Revise cada CVE en la base de datos NVD.

TECNOLOGÍAS DETECTADAS
apache:subversionopenbsd:openssh:7.4opennetworking:openflow:1.0openbsd:openssh:7.2p2openbsd:openssh:8.2p1openbsd:openssh:7.6p1microsoft:internet_information_servicescanonical:ubuntu_linuxopenbsd:openssh:6.6.1microsoft:windowsopenbsd:openssh:7.5openbsd:openssh:5.3openbsd:openssh:X.X

Fuente: Shodan InternetDB. Escaneado independientemente de abuse.mom.

09

Estado en listas negras (DNSBL)

Esta IP fue verificada contra las principales listas negras DNS utilizadas por servidores de correo y firewalls.

✓ Limpio
ix.dnsbl.manitu.net
✓ Limpio
dnsbl.sorbs.net
✓ Limpio
dnsbl-1.uceprotect.net
✓ Limpio
bl.spamcop.net
✓ Limpio
zen.spamhaus.org
✓ Limpio
b.barracudacentral.org
✓ Limpio
truncate.gbudb.net
✓ Limpio
psbl.surriel.com

Verificado: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect.

10

Threat Analysis

101.201.50.253 has been assigned a threat score of 85/100 (Critical). Con esta calificación, la IP cae en el rango de severidad crítica — entre las direcciones más peligrosas en nuestra base de datos de monitoreo.

The following attack categories were identified:

Path Enumeration

📊 Threat Analysis

El análisis de inteligencia de amenazas vinculó 101.201.50.253 con actividad maliciosa originada en Beijing, China, operando en la red de Hangzhou Alibaba Advertising Co. La dirección ha estado bajo observación desde su detección inicial. Durante un período de 1 días, esta IP generó 1 solicitudes maliciosas, promediando aproximadamente 1 solicitudes por día. La dirección está clasificada como residencial. La actividad maliciosa desde IPs residenciales típicamente indica compromiso del dispositivo o membresía en botnet. La IP exhibe comportamiento de enumeración de directorios, solicitando sistemáticamente rutas inexistentes. Nuestros registros muestran 123 IPs maliciosas originadas desde China, posicionándolo como un contribuyente significativa a la actividad de amenazas global. Una puntuación de 85/100 coloca esta IP en la categoría de alto riesgo. Se recomienda bloqueo a nivel de firewall.

This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.

11

Related Threats

🇨🇳 Top threats from China

180.184.55.222 (340)117.50.120.215 (235)115.191.1.205 (235)123.58.16.244 (235)43.142.47.248 (230)View all →

🏢 Same network: AS37963

120.26.168.44 (230)139.196.99.108 (195)47.116.207.202 (190)121.43.99.231 (185)182.92.218.96 (170)View all →
12

Security Intelligence

💡 Command Injection Techniques

Command injection occurs when attackers insert operating system commands through application inputs. Successful exploitation grants direct server access, enabling data theft, malware installation, and lateral movement across networks.

💡 Behavioral Analysis vs Signature Detection

Signature-based detection matches known attack patterns but misses novel threats. Behavioral analysis identifies anomalies in request patterns, timing, and volume, catching zero-day attacks that signatures cannot recognize.

🔍 Check Any IP Address

Share this report:
Acerca deDescargoTérminosSeguimiento de reportes
Informe generado 30.05.2026 10:03
Compórtate o serás expuesto