Dashboard›🇮🇳 India›103.247.151.127

THREAT REPORT

IP Threat Report
103.247.151.127

ABUSE.MOM — BEHAVE OR GET EXPOSED

Generated: 2026-05-27 19:33:41

First seen: 2026-02-26 13:00:06

Last seen: 2026-03-12 10:00:05

Geolocation & Classification

IP Address

103.247.151.127

Type

Residential

Country

🇮🇳 India

City

Mumbai

ISP

RIA-INFOSOLUTIONS

Organization

RIA Infosolutions Private Limited

Autonomous System

AS136557 Host Universal Pty Ltd

Hit Count

Detection Signatures

Signature	Description	Points
Danger medium hits: 2	Medium-risk: admin panels, config files	+20
Probe pattern 302->404 same path	Behavioral anomaly detected by automated analysis	+20
Foreign referer seen	Referer from unrelated external domain	+10
Danger medium hits: 6	Medium-risk: admin panels, config files	+60
404 ratio 40-60%	Majority of requests returned 404 — enumeration	+15
UA changed for same IP	Multiple User-Agents — bot rotation technique	+25
Danger medium hits: 12	Medium-risk: admin panels, config files	+60

Σ = 210

Observed Activity

Reconstructed HTTP requests from server access logs. Target domains redacted for security.

[redacted]

GET

200

Requests shown: 1 · HTTP 404: 0 · Dangerous patterns: 0

* Typical request patterns for detected signatures. Actual target domains are redacted.

Timeline

2026-02-26 13:00:06

First malicious request detected

IP entered monitoring from server access logs

During observation

Multiple detection signatures triggered

Danger medium hits: 2 (+20), Probe pattern 302->404 same path (+20), Foreign referer seen (+10)

2026-03-12 10:00:05

Last malicious request observed

Total score reached: 130/100

Next cycle

IP blocked — all subsequent requests denied (HTTP 403)

Added to blocklist automatically

Network Provider

RIA-INFOSOLUTIONS

AS136557 · 🇮🇳 India

Recommendations

Actions taken & recommended

IP 103.247.151.127 is blocked at application level (HTTP 403)
Consider blocking at firewall level (iptables/CSF) to reduce server load
Other malicious IPs detected in the same /24 subnet — consider blocking 103.247.151.0/24
Report abuse to the network provider via their abuse contact
Ensure sensitive files (.env, .git, backups) are not accessible from the web

🔎 Directory Scan Defense

IP 103.247.151.127 is enumerating directories. Configure fail2ban apache-404 jail after 10+ 404 errors. Disable directory listings. Normalize all 404 responses.

🤖 User-Agent Anomaly Defense

IP 103.247.151.127 shows suspicious UA behavior. Block empty User-Agent requests. Implement JavaScript-based bot detection for sensitive endpoints.

Neighbors in 103.247.151.0/24

Other blocked IPs from the same /24 subnet — indicates systematic abuse from this network range.

103.247.151.17

Score: 130 · Hits: 27

103.247.151.36

Score: 110 · Hits: 27

103.247.151.156

Score: 110 · Hits: 22

Open Ports & Services

Network reconnaissance data from Shodan. Open ports may indicate running services, misconfigurations, or potential attack surfaces.

OPEN PORTS (4)

Port	Service	Risk	Description
80	HTTP	Low	HTTP web server — standard web traffic
4444	Unknown	Low	Service on port 4444
7777	Unknown	Low	Service on port 7777
12345	Unknown	Low	Service on port 12345

Data source: Shodan InternetDB. Scanned independently of abuse.mom.

Blacklist Status (DNSBL)

This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.

✓ Clean

Spamhaus ZEN

Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.

Threat Analysis

103.247.151.127 has been assigned a threat score of 130/100 (Critical). This is a critical-level threat. Systems administrators should treat this IP as hostile and block all inbound connections without exception.

The following attack categories were identified:

Path EnumerationUser-Agent Anomaly

📊 Threat Analysis

The address 103.247.151.127 originates from Mumbai, India, operating on the network of RIA-INFOSOLUTIONS. It was identified through automated analysis of incoming network traffic across monitored endpoints. Over a period of 13 days, this IP generated 14 malicious requests, averaging approximately 1.1 requests per day. This is a residential IP address, suggesting a compromised home device such as a router, smart appliance, or infected workstation participating in a botnet. Two attack patterns were identified (Path Enumeration and User-Agent Anomaly), suggesting a semi-automated campaign that targets multiple vulnerabilities. With a threat score of 130/100, this IP is among the most dangerous addresses in our database. Immediate and complete blocking is strongly recommended.

This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.

Related Threats

🇮🇳 Top threats from India

103.247.151.17 (130)103.247.151.36 (110)103.247.151.156 (110)103.247.151.175 (105)103.247.151.115 (105)View all →

🏢 Same network: AS136557

91.190.106.158 (280)144.48.39.126 (255)103.247.151.17 (130)180.149.228.70 (130)103.247.151.36 (110)View all →

Security Intelligence

💡 Server-Side Request Forgery (SSRF)

SSRF attacks trick servers into making requests to internal resources that should not be publicly accessible. This can expose cloud metadata endpoints, internal APIs, and private network services, potentially leading to full infrastructure compromise.

💡 Tor Exit Node Detection

Tor exit nodes are publicly listed but constantly rotating. While Tor serves essential privacy functions for journalists and activists, it is also used to anonymize attacks. Effective security policies differentiate between blocking and monitoring Tor traffic.

🔍 Check Any IP Address

Share this report:

IP Threat Report103.247.151.127

⛔ Verdict: BLOCK