Dashboard🇨🇳 China101.201.50.253
ABUSE.MOM
THREAT REPORT

IP Threat Report
101.201.50.253

ABUSE.MOM — BEHAVE OR GET EXPOSED

Generated: 2026-05-30 07:19:03
First seen: 2026-04-25 21:00:04
Last seen: 2026-04-25 21:00:04
85

⛔ Verdict: BLOCK

This IP address has been classified as a source of malicious automated activity. Threat score: 85/100. Total malicious requests observed: 1.

DANGER_PATHRATIO_404REDIRECT_PROBE
01

Geolocation & Classification

IP Address
101.201.50.253
Type
Residential
Country
🇨🇳 China
City
Beijing
ISP
Hangzhou Alibaba Advertising Co
Organization
Aliyun Computing Co., LTD
Autonomous System
AS37963 Hangzhou Alibaba Advertising Co.,Ltd.
Hit Count
1
02

Detection Signatures

SignatureDescriptionPointsSeverity
Danger strong hits: 2High-risk paths: shells, RCE vectors, exploits+50
404 ratio 40-60%Majority of requests returned 404 — enumeration+15
Probe pattern 302->404 same pathBehavioral anomaly detected by automated analysis+20
Σ = 85
03

Observed Activity

Reconstructed HTTP requests from server access logs. Target domains redacted for security.

[redacted]
GET
/
200
Requests shown: 1 · HTTP 404: 0 · Dangerous patterns: 0

* Typical request patterns for detected signatures. Actual target domains are redacted.

04

Timeline

2026-04-25 21:00:04
First malicious request detected
IP entered monitoring from server access logs
During observation
Multiple detection signatures triggered
Danger strong hits: 2 (+50), 404 ratio 40-60% (+15), Probe pattern 302->404 same path (+20)
2026-04-25 21:00:04
Last malicious request observed
Total score reached: 85/100
Next cycle
IP blocked — all subsequent requests denied (HTTP 403)
Added to blocklist automatically
05

Network Provider

Hangzhou Alibaba Advertising Co
AS37963 · 🇨🇳 China
06

Recommendations

Actions taken & recommended

  • IP 101.201.50.253 is blocked at application level (HTTP 403)
  • Consider blocking at firewall level (iptables/CSF) to reduce server load
  • Report abuse to the network provider via their abuse contact
  • Ensure sensitive files (.env, .git, backups) are not accessible from the web

🔎 Directory Scan Defense

IP 101.201.50.253 is enumerating directories. Configure fail2ban apache-404 jail after 10+ 404 errors. Disable directory listings. Normalize all 404 responses.

08

Open Ports & Services

Network reconnaissance data from Shodan. Open ports may indicate running services, misconfigurations, or potential attack surfaces.

OPEN PORTS (261)
PortServiceRiskDescription
11UnknownLowService on port 11
13UnknownLowService on port 13
15UnknownLowService on port 15
23TelnetCriticalTelnet — unencrypted remote access, extremely dangerous if exposed
43UnknownLowService on port 43
70UnknownLowService on port 70
86UnknownLowService on port 86
91UnknownLowService on port 91
102UnknownLowService on port 102
195UnknownLowService on port 195
389UnknownLowService on port 389
450UnknownLowService on port 450
513UnknownLowService on port 513
771UnknownLowService on port 771
830UnknownLowService on port 830
843UnknownLowService on port 843
873UnknownLowService on port 873
943UnknownLowService on port 943
993IMAPSLowService on port 993
1002UnknownLowService on port 1002
1023UnknownLowService on port 1023
1080UnknownLowService on port 1080
1153UnknownLowService on port 1153
1177UnknownLowService on port 1177
1200UnknownLowService on port 1200
1283UnknownLowService on port 1283
1292UnknownLowService on port 1292
1494UnknownLowService on port 1494
1554UnknownLowService on port 1554
1604UnknownLowService on port 1604
1800UnknownLowService on port 1800
1883UnknownLowService on port 1883
1962UnknownLowService on port 1962
2000UnknownLowService on port 2000
2008UnknownLowService on port 2008
2069UnknownLowService on port 2069
2083UnknownLowService on port 2083
2154UnknownLowService on port 2154
2222UnknownLowService on port 2222
2332UnknownLowService on port 2332
2362UnknownLowService on port 2362
2404UnknownLowService on port 2404
2455UnknownLowService on port 2455
2553UnknownLowService on port 2553
2599UnknownLowService on port 2599
2761UnknownLowService on port 2761
3001UnknownLowService on port 3001
3124UnknownLowService on port 3124
3148UnknownLowService on port 3148
3153UnknownLowService on port 3153
3164UnknownLowService on port 3164
3169UnknownLowService on port 3169
3191UnknownLowService on port 3191
3193UnknownLowService on port 3193
3260UnknownLowService on port 3260
3268UnknownLowService on port 3268
3301UnknownLowService on port 3301
3388UnknownLowService on port 3388
3389RDPHighRemote Desktop Protocol — primary target for ransomware attacks
3790UnknownLowService on port 3790
4022UnknownLowService on port 4022
4063UnknownLowService on port 4063
4064UnknownLowService on port 4064
4157UnknownLowService on port 4157
4200UnknownLowService on port 4200
4242UnknownLowService on port 4242
4282UnknownLowService on port 4282
4369UnknownLowService on port 4369
4433UnknownLowService on port 4433
4434UnknownLowService on port 4434
4443UnknownLowService on port 4443
4445UnknownLowService on port 4445
4500UnknownLowService on port 4500
4531UnknownLowService on port 4531
4664UnknownLowService on port 4664
4700UnknownLowService on port 4700
4786UnknownLowService on port 4786
4911UnknownLowService on port 4911
5004UnknownLowService on port 5004
5007UnknownLowService on port 5007
5022UnknownLowService on port 5022
5224UnknownLowService on port 5224
5234UnknownLowService on port 5234
5257UnknownLowService on port 5257
5269UnknownLowService on port 5269
5274UnknownLowService on port 5274
5276UnknownLowService on port 5276
5435UnknownLowService on port 5435
5672UnknownLowService on port 5672
5917UnknownLowService on port 5917
5984UnknownLowService on port 5984
6001UnknownLowService on port 6001
6297UnknownLowService on port 6297
6331UnknownLowService on port 6331
6379RedisCriticalRedis in-memory database — frequently misconfigured without auth
6633UnknownLowService on port 6633
6653UnknownLowService on port 6653
6666UnknownLowService on port 6666
6667UnknownLowService on port 6667
6668UnknownLowService on port 6668
6779UnknownLowService on port 6779
7003UnknownLowService on port 7003
7020UnknownLowService on port 7020
7071UnknownLowService on port 7071
7078UnknownLowService on port 7078
7173UnknownLowService on port 7173
7218UnknownLowService on port 7218
7634UnknownLowService on port 7634
7676UnknownLowService on port 7676
8005UnknownLowService on port 8005
8009UnknownLowService on port 8009
8039UnknownLowService on port 8039
8089UnknownLowService on port 8089
8108UnknownLowService on port 8108
8124UnknownLowService on port 8124
8126UnknownLowService on port 8126
8131UnknownLowService on port 8131
8143UnknownLowService on port 8143
8195UnknownLowService on port 8195
8291MikroTikHighMikroTik Winbox — router management, targeted by VPNFilter malware
8403UnknownLowService on port 8403
8436UnknownLowService on port 8436
8448UnknownLowService on port 8448
8463UnknownLowService on port 8463
8472UnknownLowService on port 8472
8481UnknownLowService on port 8481
8500UnknownLowService on port 8500
8503UnknownLowService on port 8503
8554UnknownLowService on port 8554
8579UnknownLowService on port 8579
8580UnknownLowService on port 8580
8584UnknownLowService on port 8584
8589UnknownLowService on port 8589
8602UnknownLowService on port 8602
8649UnknownLowService on port 8649
8728UnknownLowService on port 8728
8834UnknownLowService on port 8834
8845UnknownLowService on port 8845
9001UnknownLowService on port 9001
9042UnknownLowService on port 9042
9053UnknownLowService on port 9053
9095UnknownLowService on port 9095
9131UnknownLowService on port 9131
9132UnknownLowService on port 9132
9216UnknownLowService on port 9216
9223UnknownLowService on port 9223
9236UnknownLowService on port 9236
9307UnknownLowService on port 9307
9398UnknownLowService on port 9398
9530UnknownLowService on port 9530
9600UnknownLowService on port 9600
9690UnknownLowService on port 9690
9758UnknownLowService on port 9758
9876UnknownLowService on port 9876
9943UnknownLowService on port 9943
9950UnknownLowService on port 9950
9966UnknownLowService on port 9966
9998UnknownLowService on port 9998
10000UnknownLowService on port 10000
10090UnknownLowService on port 10090
10909UnknownLowService on port 10909
11000UnknownLowService on port 11000
11007UnknownLowService on port 11007
11027UnknownLowService on port 11027
11211UnknownLowService on port 11211
11288UnknownLowService on port 11288
11300UnknownLowService on port 11300
11602UnknownLowService on port 11602
12000UnknownLowService on port 12000
12001UnknownLowService on port 12001
12019UnknownLowService on port 12019
12144UnknownLowService on port 12144
12153UnknownLowService on port 12153
12164UnknownLowService on port 12164
12238UnknownLowService on port 12238
12253UnknownLowService on port 12253
12259UnknownLowService on port 12259
12270UnknownLowService on port 12270
12271UnknownLowService on port 12271
12301UnknownLowService on port 12301
12311UnknownLowService on port 12311
12326UnknownLowService on port 12326
12343UnknownLowService on port 12343
12345UnknownLowService on port 12345
12355UnknownLowService on port 12355
12358UnknownLowService on port 12358
12362UnknownLowService on port 12362
12366UnknownLowService on port 12366
12374UnknownLowService on port 12374
12412UnknownLowService on port 12412
12418UnknownLowService on port 12418
12437UnknownLowService on port 12437
12492UnknownLowService on port 12492
12504UnknownLowService on port 12504
12506UnknownLowService on port 12506
12553UnknownLowService on port 12553
13380UnknownLowService on port 13380
13443UnknownLowService on port 13443
14026UnknownLowService on port 14026
14344UnknownLowService on port 14344
14875UnknownLowService on port 14875
16027UnknownLowService on port 16027
16028UnknownLowService on port 16028
16041UnknownLowService on port 16041
16076UnknownLowService on port 16076
16080UnknownLowService on port 16080
16311UnknownLowService on port 16311
16316UnknownLowService on port 16316
16443UnknownLowService on port 16443
18005UnknownLowService on port 18005
18011UnknownLowService on port 18011
18030UnknownLowService on port 18030
18061UnknownLowService on port 18061
18076UnknownLowService on port 18076
18077UnknownLowService on port 18077
18089UnknownLowService on port 18089
20060UnknownLowService on port 20060
20185UnknownLowService on port 20185
20547UnknownLowService on port 20547
20800UnknownLowService on port 20800
20894UnknownLowService on port 20894
21200UnknownLowService on port 21200
21257UnknownLowService on port 21257
21259UnknownLowService on port 21259
21307UnknownLowService on port 21307
21326UnknownLowService on port 21326
21329UnknownLowService on port 21329
21379UnknownLowService on port 21379
23023UnknownLowService on port 23023
23889UnknownLowService on port 23889
24443UnknownLowService on port 24443
24649UnknownLowService on port 24649
25001UnknownLowService on port 25001
25565UnknownLowService on port 25565
25831UnknownLowService on port 25831
27015UnknownLowService on port 27015
28621UnknownLowService on port 28621
29799UnknownLowService on port 29799
29810UnknownLowService on port 29810
32800UnknownLowService on port 32800
35004UnknownLowService on port 35004
44303UnknownLowService on port 44303
44332UnknownLowService on port 44332
45668UnknownLowService on port 45668
47080UnknownLowService on port 47080
47366UnknownLowService on port 47366
48012UnknownLowService on port 48012
49121UnknownLowService on port 49121
49551UnknownLowService on port 49551
51002UnknownLowService on port 51002
53490UnknownLowService on port 53490
54138UnknownLowService on port 54138
55000UnknownLowService on port 55000
55481UnknownLowService on port 55481
55553UnknownLowService on port 55553
61616UnknownLowService on port 61616
62858UnknownLowService on port 62858
63127UnknownLowService on port 63127
63205UnknownLowService on port 63205
63210UnknownLowService on port 63210
63256UnknownLowService on port 63256

⚠️ 4 high-risk ports detected on 101.201.50.253. Exposed RDP (3389) is the #1 entry point for ransomware attacks. Open database ports suggest possible data exfiltration risk. Telnet (23) transmits credentials in plaintext — likely a compromised IoT device. These services should not be publicly accessible without strict firewall rules.

KNOWN VULNERABILITIES (CVE) (42)
CVE IDLink
CVE-2016-10011NVD →
CVE-2023-38408NVD →
CVE-2015-5352NVD →
CVE-2011-5000NVD →
CVE-2007-2768NVD →
CVE-2021-36368NVD →
CVE-2016-1908NVD →
CVE-2018-15473NVD →
CVE-2016-3115NVD →
CVE-2017-15906NVD →
CVE-2023-51767NVD →
CVE-2014-1692NVD →
CVE-2020-14145NVD →
CVE-2019-6109NVD →
CVE-2016-20012NVD →
CVE-2016-10010NVD →
CVE-2010-5107NVD →
CVE-2023-51385NVD →
CVE-2016-10012NVD →
CVE-2015-6564NVD →
CVE-2016-10009NVD →
CVE-2025-26465NVD →
CVE-2014-2532NVD →
CVE-2026-35414NVD →
CVE-2014-2653NVD →
+17 more

🔴 Security scanning identified 42 vulnerability entries on this host. This volume strongly suggests severely outdated software. Consult NVD advisories for details.

DETECTED TECHNOLOGIES
apache:subversionopenbsd:openssh:7.4opennetworking:openflow:1.0openbsd:openssh:7.2p2openbsd:openssh:8.2p1openbsd:openssh:7.6p1microsoft:internet_information_servicescanonical:ubuntu_linuxopenbsd:openssh:6.6.1microsoft:windowsopenbsd:openssh:7.5openbsd:openssh:5.3openbsd:openssh:X.X

Data source: Shodan InternetDB. Scanned independently of abuse.mom.

09

Blacklist Status (DNSBL)

This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.

✓ Clean
ix.dnsbl.manitu.net
✓ Clean
dnsbl.sorbs.net
✓ Clean
dnsbl-1.uceprotect.net
✓ Clean
bl.spamcop.net
✓ Clean
zen.spamhaus.org
✓ Clean
b.barracudacentral.org
✓ Clean
truncate.gbudb.net
✓ Clean
psbl.surriel.com

Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.

10

Threat Analysis

101.201.50.253 has been assigned a threat score of 85/100 (Critical). With this rating, the IP falls into the critical severity bracket — among the most dangerous addresses in our monitoring database.

The following attack categories were identified:

Path Enumeration

📊 Threat Analysis

Threat intelligence analysis has linked 101.201.50.253 to malicious activity originating from Beijing, China, operating on the network of Hangzhou Alibaba Advertising Co. The address has been under observation since its initial detection. Over a period of 1 days, this IP generated 1 malicious requests, averaging approximately 1 requests per day. This residential IP is likely a compromised consumer device. Home routers and IoT equipment with default credentials are prime targets for botnet operators. Active path scanning has been detected — this IP probes for hundreds of common file and directory names. With 123 flagged addresses, China represents a significant presence in our threat database. The score of 85/100 indicates a confirmed malicious actor. Network-level blocking is appropriate.

This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.

11

Related Threats

🇨🇳 Top threats from China

180.184.55.222 (340)117.50.120.215 (235)115.191.1.205 (235)123.58.16.244 (235)43.142.47.248 (230)View all →

🏢 Same network: AS37963

120.26.168.44 (230)139.196.99.108 (195)47.116.207.202 (190)121.43.99.231 (185)182.92.218.96 (170)View all →
12

Security Intelligence

💡 Command Injection Techniques

Command injection occurs when attackers insert operating system commands through application inputs. Successful exploitation grants direct server access, enabling data theft, malware installation, and lateral movement across networks.

💡 Behavioral Analysis vs Signature Detection

Signature-based detection matches known attack patterns but misses novel threats. Behavioral analysis identifies anomalies in request patterns, timing, and volume, catching zero-day attacks that signatures cannot recognize.

🔍 Check Any IP Address

Share this report:
AboutDisclaimerTermsAbuse Reports Tracker
Report generated 30.05.2026 07:19
Behave or get exposed