Panel🇯🇴 JO176.241.66.87
ABUSE.MOM
INFORME DE AMENAZA

Informe de amenaza IP
176.241.66.87

ABUSE.MOM — COMPÓRTATE O SERÁS EXPUESTO

Generado: 2026-05-27 08:00:08
Primera vez visto: 2026-04-04 21:00:04
Última vez visto: 2026-04-16 15:00:06
103

⛔ Veredicto: BLOQUEO

Esta dirección IP ha sido clasificada como fuente de actividad automatizada maliciosa. Puntuación de amenaza: 103/100. Total de solicitudes maliciosas observadas: 3.

DANGER_PATHRATIO_404METHOD
01

Geolocalización y clasificación

Dirección IP
176.241.66.87
Tipo
Residential
País
🇯🇴 JO
Ciudad
Amman
ISP
VTEL HOLDINGS LIMITED/JORDAN CO.
Organización
VTEL HOLDINGS LIMITED/JORDAN CO
Sistema autónomo
AS50670 VTEL HOLDINGS LIMITED/JORDAN CO.
Nº de solicitudes
3
02

Firmas de detección

FirmaDescripciónPuntosGravedad
Danger strong hits: 1Rutas de alto riesgo: shells, RCE, exploits+25
Danger medium hits: 1Riesgo medio: paneles admin, archivos de configuración+10
404 ratio >= 60%Mayoría de solicitudes devolvieron 404 — enumeración+25
POST requests presentAnomalía de comportamiento detectada automáticamente+8
Danger strong hits: 3Rutas de alto riesgo: shells, RCE, exploits+75
Danger medium hits: 2Riesgo medio: paneles admin, archivos de configuración+20
Σ = 163
03

Actividad observada

Solicitudes HTTP reconstruidas de los registros del servidor. Dominios objetivo ocultos por seguridad.

[redacted]
GET
/
200
Solicitudes mostradas: 1 · HTTP 404: 0 · Patrones peligrosos: 0

* Typical request patterns for detected signatures. Actual target domains are redacted.

04

Cronología

2026-04-04 21:00:04
Primera solicitud maliciosa detectada
IP ingresó en monitoreo desde registros del servidor
Durante la observación
Se activaron múltiples firmas de detección
Danger strong hits: 1 (+25), Danger medium hits: 1 (+10), 404 ratio >= 60% (+25)
2026-04-16 15:00:06
Última solicitud maliciosa observada
Puntuación total alcanzada: 103/100
Siguiente ciclo
IP bloqueada — todas las solicitudes posteriores denegadas (HTTP 403)
Añadida a la lista de bloqueo automáticamente
05

Proveedor de red

VTEL HOLDINGS LIMITED/JORDAN CO.
AS50670 · 🇯🇴 JO
06

Recomendaciones

Acciones tomadas y recomendadas

  • IP 176.241.66.87 está bloqueada a nivel de aplicación (HTTP 403)
  • Considere bloquear a nivel de firewall (iptables/CSF)
  • Reporte el abuso al proveedor de red a través de su contacto de abuso
  • Asegúrese de que archivos sensibles (.env, .git) no sean accesibles desde la web

🔎 Defensa contra escaneo de directorios

IP 176.241.66.87 está enumerando directorios. Configure fail2ban con jail apache-404 tras 10+ errores 404.

08

Puertos abiertos y servicios

Datos de reconocimiento de red de Shodan. Los puertos abiertos pueden indicar servicios en ejecución, configuraciones incorrectas o superficies de ataque.

PUERTOS ABIERTOS (359)
PortServiceRiskDescription
11UnknownLowService on port 11
13UnknownLowService on port 13
37UnknownLowService on port 37
49UnknownLowService on port 49
80HTTPLowHTTP web server — standard web traffic
81UnknownLowService on port 81
83UnknownLowService on port 83
102UnknownLowService on port 102
113UnknownLowService on port 113
122UnknownLowService on port 122
143IMAPLowService on port 143
264UnknownLowService on port 264
427UnknownLowService on port 427
440UnknownLowService on port 440
480UnknownLowService on port 480
541UnknownLowService on port 541
548UnknownLowService on port 548
554UnknownLowService on port 554
636UnknownLowService on port 636
789UnknownLowService on port 789
902UnknownLowService on port 902
992UnknownLowService on port 992
993IMAPSLowService on port 993
1027UnknownLowService on port 1027
1177UnknownLowService on port 1177
1234UnknownLowService on port 1234
1235UnknownLowService on port 1235
1311UnknownLowService on port 1311
1337UnknownLowService on port 1337
1414UnknownLowService on port 1414
1433MSSQLHighService on port 1433
1440UnknownLowService on port 1440
1471UnknownLowService on port 1471
1515UnknownLowService on port 1515
1800UnknownLowService on port 1800
1801UnknownLowService on port 1801
1820UnknownLowService on port 1820
1830UnknownLowService on port 1830
1911UnknownLowService on port 1911
1935UnknownLowService on port 1935
1962UnknownLowService on port 1962
1972UnknownLowService on port 1972
1980UnknownLowService on port 1980
2002UnknownLowService on port 2002
2008UnknownLowService on port 2008
2051UnknownLowService on port 2051
2082UnknownLowService on port 2082
2086UnknownLowService on port 2086
2095UnknownLowService on port 2095
2109UnknownLowService on port 2109
2121UnknownLowService on port 2121
2154UnknownLowService on port 2154
2181UnknownLowService on port 2181
2196UnknownLowService on port 2196
2222UnknownLowService on port 2222
2224UnknownLowService on port 2224
2266UnknownLowService on port 2266
2332UnknownLowService on port 2332
2375UnknownLowService on port 2375
2455UnknownLowService on port 2455
2553UnknownLowService on port 2553
2568UnknownLowService on port 2568
2628UnknownLowService on port 2628
2762UnknownLowService on port 2762
3001UnknownLowService on port 3001
3011UnknownLowService on port 3011
3058UnknownLowService on port 3058
3061UnknownLowService on port 3061
3065UnknownLowService on port 3065
3110UnknownLowService on port 3110
3134UnknownLowService on port 3134
3137UnknownLowService on port 3137
3144UnknownLowService on port 3144
3164UnknownLowService on port 3164
3174UnknownLowService on port 3174
3333UnknownLowService on port 3333
3352UnknownLowService on port 3352
3388UnknownLowService on port 3388
3524UnknownLowService on port 3524
3541UnknownLowService on port 3541
3551UnknownLowService on port 3551
3689UnknownLowService on port 3689
3749UnknownLowService on port 3749
3790UnknownLowService on port 3790
3792UnknownLowService on port 3792
4022UnknownLowService on port 4022
4042UnknownLowService on port 4042
4064UnknownLowService on port 4064
4104UnknownLowService on port 4104
4150UnknownLowService on port 4150
4157UnknownLowService on port 4157
4282UnknownLowService on port 4282
4369UnknownLowService on port 4369
4433UnknownLowService on port 4433
4435UnknownLowService on port 4435
4443UnknownLowService on port 4443
4444UnknownLowService on port 4444
4506UnknownLowService on port 4506
4524UnknownLowService on port 4524
4543UnknownLowService on port 4543
4786UnknownLowService on port 4786
4840UnknownLowService on port 4840
4886UnknownLowService on port 4886
4949UnknownLowService on port 4949
5001UnknownLowService on port 5001
5007UnknownLowService on port 5007
5010UnknownLowService on port 5010
5025UnknownLowService on port 5025
5070UnknownLowService on port 5070
5150UnknownLowService on port 5150
5224UnknownLowService on port 5224
5257UnknownLowService on port 5257
5269UnknownLowService on port 5269
5432PostgreSQLHighPostgreSQL database — direct database access risk
5542UnknownLowService on port 5542
5569UnknownLowService on port 5569
5601UnknownLowService on port 5601
5603UnknownLowService on port 5603
5609UnknownLowService on port 5609
5800UnknownLowService on port 5800
5801UnknownLowService on port 5801
5986UnknownLowService on port 5986
5987UnknownLowService on port 5987
5992UnknownLowService on port 5992
6008UnknownLowService on port 6008
6262UnknownLowService on port 6262
6379RedisCriticalRedis in-memory database — frequently misconfigured without auth
6556UnknownLowService on port 6556
6653UnknownLowService on port 6653
6666UnknownLowService on port 6666
7001UnknownLowService on port 7001
7071UnknownLowService on port 7071
7082UnknownLowService on port 7082
7415UnknownLowService on port 7415
7433UnknownLowService on port 7433
7443UnknownLowService on port 7443
7510UnknownLowService on port 7510
7548UnknownLowService on port 7548
7700UnknownLowService on port 7700
7775UnknownLowService on port 7775
7778UnknownLowService on port 7778
7782UnknownLowService on port 7782
7878UnknownLowService on port 7878
7980UnknownLowService on port 7980
8001UnknownLowService on port 8001
8018UnknownLowService on port 8018
8020UnknownLowService on port 8020
8025UnknownLowService on port 8025
8036UnknownLowService on port 8036
8049UnknownLowService on port 8049
8060UnknownLowService on port 8060
8069UnknownLowService on port 8069
8079UnknownLowService on port 8079
8083UnknownLowService on port 8083
8086UnknownLowService on port 8086
8090UnknownLowService on port 8090
8097UnknownLowService on port 8097
8098UnknownLowService on port 8098
8112UnknownLowService on port 8112
8133UnknownLowService on port 8133
8140UnknownLowService on port 8140
8181UnknownLowService on port 8181
8200UnknownLowService on port 8200
8238UnknownLowService on port 8238
8280UnknownLowService on port 8280
8291MikroTikHighMikroTik Winbox — router management, targeted by VPNFilter malware
8333UnknownLowService on port 8333
8385UnknownLowService on port 8385
8417UnknownLowService on port 8417
8421UnknownLowService on port 8421
8430UnknownLowService on port 8430
8443HTTPS-AltLowService on port 8443
8450UnknownLowService on port 8450
8563UnknownLowService on port 8563
8586UnknownLowService on port 8586
8587UnknownLowService on port 8587
8728UnknownLowService on port 8728
8771UnknownLowService on port 8771
8809UnknownLowService on port 8809
8835UnknownLowService on port 8835
8849UnknownLowService on port 8849
8857UnknownLowService on port 8857
8883UnknownLowService on port 8883
8888HTTP-AltLowService on port 8888
8916UnknownLowService on port 8916
9000UnknownLowService on port 9000
9001UnknownLowService on port 9001
9002UnknownLowService on port 9002
9042UnknownLowService on port 9042
9046UnknownLowService on port 9046
9068UnknownLowService on port 9068
9070UnknownLowService on port 9070
9082UnknownLowService on port 9082
9091UnknownLowService on port 9091
9092UnknownLowService on port 9092
9099UnknownLowService on port 9099
9148UnknownLowService on port 9148
9160UnknownLowService on port 9160
9190UnknownLowService on port 9190
9191UnknownLowService on port 9191
9200ElasticsearchHighElasticsearch — can leak sensitive data if unauthenticated
9203UnknownLowService on port 9203
9215UnknownLowService on port 9215
9218UnknownLowService on port 9218
9230UnknownLowService on port 9230
9251UnknownLowService on port 9251
9300UnknownLowService on port 9300
9306UnknownLowService on port 9306
9398UnknownLowService on port 9398
9400UnknownLowService on port 9400
9447UnknownLowService on port 9447
9505UnknownLowService on port 9505
9595UnknownLowService on port 9595
9770UnknownLowService on port 9770
9800UnknownLowService on port 9800
9898UnknownLowService on port 9898
9918UnknownLowService on port 9918
9944UnknownLowService on port 9944
9994UnknownLowService on port 9994
9999UnknownLowService on port 9999
10000UnknownLowService on port 10000
10003UnknownLowService on port 10003
10134UnknownLowService on port 10134
10283UnknownLowService on port 10283
10380UnknownLowService on port 10380
10480UnknownLowService on port 10480
10554UnknownLowService on port 10554
10909UnknownLowService on port 10909
11027UnknownLowService on port 11027
11084UnknownLowService on port 11084
11300UnknownLowService on port 11300
11434UnknownLowService on port 11434
12126UnknownLowService on port 12126
12129UnknownLowService on port 12129
12135UnknownLowService on port 12135
12153UnknownLowService on port 12153
12154UnknownLowService on port 12154
12163UnknownLowService on port 12163
12192UnknownLowService on port 12192
12194UnknownLowService on port 12194
12208UnknownLowService on port 12208
12223UnknownLowService on port 12223
12245UnknownLowService on port 12245
12253UnknownLowService on port 12253
12261UnknownLowService on port 12261
12262UnknownLowService on port 12262
12272UnknownLowService on port 12272
12277UnknownLowService on port 12277
12309UnknownLowService on port 12309
12312UnknownLowService on port 12312
12319UnknownLowService on port 12319
12327UnknownLowService on port 12327
12338UnknownLowService on port 12338
12345UnknownLowService on port 12345
12349UnknownLowService on port 12349
12377UnknownLowService on port 12377
12396UnknownLowService on port 12396
12414UnknownLowService on port 12414
12418UnknownLowService on port 12418
12423UnknownLowService on port 12423
12432UnknownLowService on port 12432
12460UnknownLowService on port 12460
12465UnknownLowService on port 12465
12507UnknownLowService on port 12507
12522UnknownLowService on port 12522
12587UnknownLowService on port 12587
13000UnknownLowService on port 13000
13333UnknownLowService on port 13333
14344UnknownLowService on port 14344
14403UnknownLowService on port 14403
14825UnknownLowService on port 14825
14875UnknownLowService on port 14875
15672UnknownLowService on port 15672
16023UnknownLowService on port 16023
16026UnknownLowService on port 16026
16035UnknownLowService on port 16035
16071UnknownLowService on port 16071
16094UnknownLowService on port 16094
16667UnknownLowService on port 16667
16992UnknownLowService on port 16992
16993UnknownLowService on port 16993
17775UnknownLowService on port 17775
18019UnknownLowService on port 18019
18022UnknownLowService on port 18022
18037UnknownLowService on port 18037
18039UnknownLowService on port 18039
18050UnknownLowService on port 18050
18067UnknownLowService on port 18067
18074UnknownLowService on port 18074
18245UnknownLowService on port 18245
19065UnknownLowService on port 19065
19091UnknownLowService on port 19091
19100UnknownLowService on port 19100
19222UnknownLowService on port 19222
21025UnknownLowService on port 21025
21100UnknownLowService on port 21100
21102UnknownLowService on port 21102
21239UnknownLowService on port 21239
21246UnknownLowService on port 21246
21309UnknownLowService on port 21309
21323UnknownLowService on port 21323
22222UnknownLowService on port 22222
23023UnknownLowService on port 23023
23424UnknownLowService on port 23424
25001UnknownLowService on port 25001
25006UnknownLowService on port 25006
25010UnknownLowService on port 25010
25105UnknownLowService on port 25105
26460UnknownLowService on port 26460
28015UnknownLowService on port 28015
28017UnknownLowService on port 28017
29840UnknownLowService on port 29840
30003UnknownLowService on port 30003
30007UnknownLowService on port 30007
30023UnknownLowService on port 30023
30104UnknownLowService on port 30104
31337UnknownLowService on port 31337
32400UnknownLowService on port 32400
35100UnknownLowService on port 35100
35250UnknownLowService on port 35250
35554UnknownLowService on port 35554
35975UnknownLowService on port 35975
39001UnknownLowService on port 39001
40001UnknownLowService on port 40001
41800UnknownLowService on port 41800
42420UnknownLowService on port 42420
44158UnknownLowService on port 44158
44302UnknownLowService on port 44302
44303UnknownLowService on port 44303
44510UnknownLowService on port 44510
45000UnknownLowService on port 45000
46000UnknownLowService on port 46000
46474UnknownLowService on port 46474
49153UnknownLowService on port 49153
49200UnknownLowService on port 49200
49688UnknownLowService on port 49688
50070UnknownLowService on port 50070
50073UnknownLowService on port 50073
50080UnknownLowService on port 50080
50105UnknownLowService on port 50105
50995UnknownLowService on port 50995
50996UnknownLowService on port 50996
51235UnknownLowService on port 51235
52140UnknownLowService on port 52140
54490UnknownLowService on port 54490
55000UnknownLowService on port 55000
55200UnknownLowService on port 55200
55481UnknownLowService on port 55481
55553UnknownLowService on port 55553
58532UnknownLowService on port 58532
60030UnknownLowService on port 60030
60129UnknownLowService on port 60129
61234UnknownLowService on port 61234
61613UnknownLowService on port 61613
61616UnknownLowService on port 61616
63811UnknownLowService on port 63811
64295UnknownLowService on port 64295
64894UnknownLowService on port 64894
65000UnknownLowService on port 65000

⚠️ Se detectaron 4 puertos de alto riesgo en 176.241.66.87. Puertos de base de datos abiertos sugieren riesgo de exfiltración de datos. Estos servicios no deben ser accesibles públicamente sin reglas estrictas de firewall.

TECNOLOGÍAS DETECTADAS
microsoft:windowsmicrosoft:internet_information_services:10.0

Fuente: Shodan InternetDB. Escaneado independientemente de abuse.mom.

09

Estado en listas negras (DNSBL)

Esta IP fue verificada contra las principales listas negras DNS utilizadas por servidores de correo y firewalls.

⛔ EN LISTA
zen.spamhaus.org
✓ Limpio
dnsbl.sorbs.net
✓ Limpio
ix.dnsbl.manitu.net
✓ Limpio
dnsbl-1.uceprotect.net
✓ Limpio
bl.spamcop.net
✓ Limpio
b.barracudacentral.org
✓ Limpio
truncate.gbudb.net
✓ Limpio
psbl.surriel.com

Verificado: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect.

10

Threat Analysis

176.241.66.87 has been assigned a threat score of 103/100 (Critical). Con esta calificación, la IP cae en el rango de severidad crítica — entre las direcciones más peligrosas en nuestra base de datos de monitoreo.

The following attack categories were identified:

Path Enumeration

📊 Threat Analysis

La dirección 176.241.66.87 se origina en Amman, JO, operando en la red de VTEL HOLDINGS LIMITED/JORDAN CO.. Fue identificada mediante análisis automatizado del tráfico de red entrante en los puntos monitoreados. Nuestros sensores capturaron 3 solicitudes maliciosas de esta dirección en un período de 11 días, reflejando una cadencia de ataque sostenida de ~0.3 solicitudes por día. Operando desde una red residencial, esta IP puede representar un gateway doméstico comprometido o dispositivo IoT reclutado en una infraestructura de ataque mayor. La IP exhibe comportamiento de enumeración de directorios, solicitando sistemáticamente rutas inexistentes. Nuestros registros muestran 78 IPs maliciosas originadas desde JO, posicionándolo como un contribuyente notable a la actividad de amenazas global. Una puntuación de 103/100 coloca esta dirección en el nivel más alto de severidad.

This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.

11

Related Threats

🇯🇴 Top threats from JO

91.186.252.91 (208)176.29.225.112 (198)91.186.255.110 (168)109.107.243.93 (128)176.28.170.254 (128)View all →

🏢 Same network: AS50670

81.21.11.168 (103)View all →
12

Security Intelligence

💡 SQL Injection Campaigns

SQL injection remains one of the most common web attack vectors. Attackers inject malicious SQL code through input fields to extract database contents, modify data, or gain administrative access. Automated scanners test for SQLi vulnerabilities at massive scale.

💡 Ransomware-as-a-Service Economy

The RaaS model allows technically unskilled criminals to deploy sophisticated ransomware through affiliate programs. Operators provide the malware, infrastructure, and negotiation services, taking a percentage of ransom payments from their affiliates.

🔍 Check Any IP Address

Share this report:
Acerca deDescargoTérminosSeguimiento de reportes
Informe generado 27.05.2026 08:00
Compórtate o serás expuesto