Dashboard›🇧🇷 Brazil›128.201.45.150

THREAT REPORT

IP Threat Report
128.201.45.150

ABUSE.MOM — BEHAVE OR GET EXPOSED

Generated: 2026-05-22 09:36:51

First seen: 2026-02-26 03:00:06

Last seen: 2026-02-26 03:00:06

Geolocation & Classification

IP Address

128.201.45.150

Type

Residential

Country

🇧🇷 Brazil

City

Caxias

ISP

Cohab NET

Organization

COHAB

Autonomous System

AS266616 COHAB NET

Hit Count

Detection Signatures

Signature	Description	Points
Danger strong hits: 3	High-risk paths: shells, RCE vectors, exploits	+75
Danger medium hits: 2	Medium-risk: admin panels, config files	+20
POST requests present	Behavioral anomaly detected by automated analysis	+8

Σ = 103

Observed Activity

Reconstructed HTTP requests from server access logs. Target domains redacted for security.

[redacted]

GET

200

Requests shown: 1 · HTTP 404: 0 · Dangerous patterns: 0

* Typical request patterns for detected signatures. Actual target domains are redacted.

Timeline

2026-02-26 03:00:06

First malicious request detected

IP entered monitoring from server access logs

During observation

Multiple detection signatures triggered

Danger strong hits: 3 (+75), Danger medium hits: 2 (+20), POST requests present (+8)

2026-02-26 03:00:06

Last malicious request observed

Total score reached: 103/100

Next cycle

IP blocked — all subsequent requests denied (HTTP 403)

Added to blocklist automatically

Network Provider

Cohab NET

AS266616 · 🇧🇷 Brazil

Recommendations

Actions taken & recommended

IP 128.201.45.150 is blocked at application level (HTTP 403)
Consider blocking at firewall level (iptables/CSF) to reduce server load
Report abuse to the network provider via their abuse contact
Ensure sensitive files (.env, .git, backups) are not accessible from the web

⚙️ General Security

Add 128.201.45.150 to your firewall blocklist. Review logs for successful connections. Enable comprehensive logging on all public-facing services.

Open Ports & Services

Network reconnaissance data from Shodan. Open ports may indicate running services, misconfigurations, or potential attack surfaces.

OPEN PORTS (13)

Port	Service	Risk	Description
53	DNS	Low	DNS server — potential for DNS amplification attacks
161	Unknown	Low	Service on port 161
1723	PPTP	Low	Service on port 1723
2000	Unknown	Low	Service on port 2000
2022	Unknown	Low	Service on port 2022
3001	Unknown	Low	Service on port 3001
3002	Unknown	Low	Service on port 3002
5000	Unknown	Low	Service on port 5000
8005	Unknown	Low	Service on port 8005
8008	Unknown	Low	Service on port 8008
8043	Unknown	Low	Service on port 8043
8044	Unknown	Low	Service on port 8044
8099	Unknown	Low	Service on port 8099

KNOWN VULNERABILITIES (CVE) (80)

CVE ID	Link
CVE-2024-24795	NVD →
CVE-2006-20001	NVD →
CVE-2021-40438	NVD →
CVE-2024-38475	NVD →
CVE-2024-38473	NVD →
CVE-2022-30556	NVD →
CVE-2022-36760	NVD →
CVE-2020-11984	NVD →
CVE-2024-47252	NVD →
CVE-2024-40898	NVD →
CVE-2025-59775	NVD →
CVE-2020-9490	NVD →
CVE-2024-39573	NVD →
CVE-2025-49630	NVD →
CVE-2021-34798	NVD →
CVE-2024-38476	NVD →
CVE-2013-2765	NVD →
CVE-2024-27316	NVD →
CVE-2023-38709	NVD →
CVE-2012-4360	NVD →
CVE-2022-29404	NVD →
CVE-2009-2299	NVD →
CVE-2024-38477	NVD →
CVE-2025-65082	NVD →
CVE-2019-17567	NVD →

+55 more

🔴 This host has 80 known CVEs associated with its exposed services. This volume strongly suggests severely outdated software. Review each CVE in the NVD database.

DETECTED TECHNOLOGIES

apache:http_server:2.4.62apache:http_server:2.4.41debian:debian_linuxjquery:jquery:3.5.1canonical:ubuntu_linuxgrafana:grafana:12.0.2getbootstrap:bootstrapopenbsd:openssh:8.4p1linux:linux_kernelapache:http_server:2.4.56

Data source: Shodan InternetDB. Scanned independently of abuse.mom.

Blacklist Status (DNSBL)

This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.

⛔ LISTED

Spamhaus ZEN

Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.

Threat Analysis

128.201.45.150 has been assigned a threat score of 103/100 (Critical). A score this high marks a critical threat actor. This address has demonstrated persistent, aggressive malicious behavior across multiple detection vectors.

📊 Threat Analysis

The address 128.201.45.150 originates from Caxias, Brazil, operating on the network of Cohab NET. It was identified through automated analysis of incoming network traffic across monitored endpoints. During its 1-day observation window, we recorded 1 hostile requests from this IP — roughly 1 per day on average. Operating from a residential network, this IP may represent a compromised home gateway or IoT device that has been drafted into a larger attack infrastructure. With 101 flagged addresses, Brazil represents a significant presence in our threat database. With a threat score of 103/100, this IP is among the most dangerous addresses in our database. Immediate and complete blocking is strongly recommended.

This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.

Related Threats

🇧🇷 Top threats from Brazil

173.245.211.6 (293)20.206.78.203 (283)20.197.194.128 (280)20.197.233.108 (280)20.226.83.230 (280)View all →

🏢 Same network: AS266616

View all →

Security Intelligence

💡 Remote Code Execution (RCE)

RCE vulnerabilities allow attackers to execute arbitrary code on target servers. These critical flaws often arise from deserialization bugs, template injection, or file upload vulnerabilities, and represent the highest severity class of web application weaknesses.

💡 Content Security Policy Implementation

Content Security Policy headers instruct browsers to restrict resource loading, mitigating XSS and data injection attacks. Properly configured CSP policies prevent inline script execution, restrict iframe embedding, and control which domains can serve content.

🔍 Check Any IP Address

Share this report:

IP Threat Report128.201.45.150

⛔ Verdict: BLOCK