IP Threat Report
107.150.120.129
ABUSE.MOM — BEHAVE OR GET EXPOSED
Geolocation & Classification
Detection Signatures
| Signature | Description | Points | Severity |
|---|---|---|---|
| POST requests present | Behavioral anomaly detected by automated analysis | +8 | |
| POST seen | Behavioral anomaly detected by automated analysis | +8 | |
| UA bot: python | Known bot/crawler User-Agent detected | +40 | |
| UA changed | Multiple User-Agents — bot rotation technique | +25 | |
| UA changed for same IP | Multiple User-Agents — bot rotation technique | +25 |
Observed Activity
Reconstructed HTTP requests from server access logs. Target domains redacted for security.
* Typical request patterns for detected signatures. Actual target domains are redacted.
Timeline
Network Provider
Recommendations
Actions taken & recommended
- IP 107.150.120.129 is blocked at application level (HTTP 403)
- Consider blocking at firewall level (iptables/CSF) to reduce server load
- Other malicious IPs detected in the same /24 subnet — consider blocking 107.150.120.0/24
- Report abuse to the network provider via their abuse contact
- Ensure sensitive files (.env, .git, backups) are not accessible from the web
🤖 User-Agent Anomaly Defense
IP 107.150.120.129 shows suspicious UA behavior. Block empty User-Agent requests. Implement JavaScript-based bot detection for sensitive endpoints.
Neighbors in 107.150.120.0/24
Other blocked IPs from the same /24 subnet — indicates systematic abuse from this network range.
Blacklist Status (DNSBL)
This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.
Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.
Threat Analysis
107.150.120.129 has been assigned a threat score of 73/100 (High). The IP is rated as a high-level threat. Network administrators should implement blocking rules and monitor for any connections from this address.
The following attack categories were identified:
📊 Threat Analysis
Threat intelligence analysis has linked 107.150.120.129 to malicious activity originating from Hong Kong, Hong Kong, operating on the network of Zenlayer Inc. The address has been under observation since its initial detection. The address has been active for 21 days in our monitoring system, producing 3,551 flagged requests at a rate of ~169.1/day. Classified as a hosting IP, this address likely runs on a rented server or cloud instance. Attackers prefer datacenter IPs for their high bandwidth and disposable nature. Detected suspicious User-Agent anomalies including empty, forged, or rapidly rotating UA strings — characteristic of automated scanning tools. Hong Kong currently accounts for 158 blocked IPs in our database, making it a significant source of malicious traffic. A threat score of 73/100 places this IP in the high-risk category. Blocking at the firewall level is recommended.
This IP belongs to a hosting or data center provider. Malicious traffic from hosting infrastructure often originates from compromised VPS instances, rented servers used for scanning campaigns, or abused free-tier cloud accounts. Hosting providers typically respond to abuse reports within 24-72 hours.
Related Threats
🇭🇰 Top threats from Hong Kong
20.205.115.105 (280)20.24.82.132 (280)23.100.90.148 (280)65.52.160.249 (280)20.187.125.76 (280)View all →Security Intelligence
💡 User-Agent Analysis Techniques
Analyzing User-Agent strings reveals automated tools masquerading as legitimate browsers. Inconsistencies between claimed browser capabilities and actual behavior, impossible version combinations, and known scanner signatures help identify malicious clients.
💡 Remote Code Execution (RCE)
RCE vulnerabilities allow attackers to execute arbitrary code on target servers. These critical flaws often arise from deserialization bugs, template injection, or file upload vulnerabilities, and represent the highest severity class of web application weaknesses.