Dashboard🇺🇸 United States144.225.147.24
ABUSE.MOM
THREAT REPORT

IP Threat Report
144.225.147.24

ABUSE.MOM — BEHAVE OR GET EXPOSED

Generated: 2026-05-27 06:21:27
First seen: 2026-04-27 22:00:07
Last seen: 2026-04-27 22:00:07
70

⛔ Verdict: BLOCK

This IP address has been classified as a source of malicious automated activity. Threat score: 70/100. Total malicious requests observed: 1.

BURST
01

Geolocation & Classification

IP Address
144.225.147.24
Type
Residential
Country
🇺🇸 United States
City
Miami
ISP
CubePath
Organization
CubePath Inc
Autonomous System
AS26141 CubePath
Hit Count
1
02

Detection Signatures

SignatureDescriptionPointsSeverity
Burst: 17 req / 2sAbnormally fast request rate — automated scanning+35
Burst: 41 req / 10sAbnormally fast request rate — automated scanning+35
Σ = 70
03

Observed Activity

Reconstructed HTTP requests from server access logs. Target domains redacted for security.

[redacted]
GET
/
200
[redacted]
GET
/page
200
Requests shown: 2 · HTTP 404: 0 · Dangerous patterns: 0

* Typical request patterns for detected signatures. Actual target domains are redacted.

04

Timeline

2026-04-27 22:00:07
First malicious request detected
IP entered monitoring from server access logs
During observation
Multiple detection signatures triggered
Burst: 17 req / 2s (+35), Burst: 41 req / 10s (+35)
2026-04-27 22:00:07
Last malicious request observed
Total score reached: 70/100
Next cycle
IP blocked — all subsequent requests denied (HTTP 403)
Added to blocklist automatically
05

Network Provider

CubePath
AS26141 · 🇺🇸 United States
06

Recommendations

Actions taken & recommended

  • IP 144.225.147.24 is blocked at application level (HTTP 403)
  • Consider blocking at firewall level (iptables/CSF) to reduce server load
  • Other malicious IPs detected in the same /24 subnet — consider blocking 144.225.147.0/24
  • Report abuse to the network provider via their abuse contact
  • Ensure sensitive files (.env, .git, backups) are not accessible from the web

🌊 Flood / DDoS Mitigation

Implement limit_req_zone in nginx. Deploy CDN with DDoS protection. Configure SYN cookies and connection tracking to throttle 144.225.147.24.

07

Neighbors in 144.225.147.0/24

Other blocked IPs from the same /24 subnet — indicates systematic abuse from this network range.

144.225.147.29
Score: 105 · Hits: 3
144.225.147.32
Score: 105 · Hits: 1
144.225.147.132
Score: 75 · Hits: 5
144.225.147.12
Score: 70 · Hits: 1
08

Open Ports & Services

Network reconnaissance data from Shodan. Open ports may indicate running services, misconfigurations, or potential attack surfaces.

OPEN PORTS (4)
PortServiceRiskDescription
80HTTPLowHTTP web server — standard web traffic
443HTTPSLowHTTPS web server — encrypted web traffic
3000UnknownLowService on port 3000
5432PostgreSQLHighPostgreSQL database — direct database access risk

⚠️ 1 high-risk port detected on 144.225.147.24. These services should not be publicly accessible without strict firewall rules.

DETECTED TECHNOLOGIES
postgresql:postgresql

Data source: Shodan InternetDB. Scanned independently of abuse.mom.

09

Blacklist Status (DNSBL)

This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.

⛔ LISTED
zen.spamhaus.org
✓ Clean
ix.dnsbl.manitu.net
✓ Clean
dnsbl.sorbs.net
✓ Clean
bl.spamcop.net
✓ Clean
b.barracudacentral.org
✓ Clean
truncate.gbudb.net
✓ Clean
psbl.surriel.com
✓ Clean
dnsbl-1.uceprotect.net

Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.

10

Threat Analysis

144.225.147.24 has been assigned a threat score of 70/100 (High). At this threat level, the IP is considered high risk. Firewall rules should be updated to deny traffic from this source.

The following attack categories were identified:

Request Flooding

📊 Threat Analysis

The address 144.225.147.24 originates from Miami, United States, operating on the network of CubePath. It was identified through automated analysis of incoming network traffic across monitored endpoints. Over a period of 1 days, this IP generated 1 malicious requests, averaging approximately 1 requests per day. The address is classified as residential, meaning it likely belongs to an end-user ISP connection. Malicious activity from residential IPs typically indicates device compromise or botnet membership. Rate-based attacks from this IP aim to overwhelm server resources through high-volume request flooding. A threat score of 70/100 places this IP in the high-risk category. Blocking at the firewall level is recommended.

This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.

11

Related Threats

🇺🇸 Top threats from United States

144.225.147.32 (105)144.225.147.29 (105)157.254.174.226 (75)144.225.147.132 (75)108.165.47.219 (75)View all →

🏢 Same network: AS26141

144.225.147.32 (105)144.225.147.29 (105)157.254.174.226 (75)144.225.147.132 (75)108.165.47.219 (75)View all →
12

Security Intelligence

💡 DDoS Mitigation Approaches

Distributed denial of service attacks overwhelm infrastructure with traffic volume. Effective mitigation combines always-on traffic scrubbing, anycast network distribution, rate limiting, and the ability to quickly scale absorption capacity during attacks.

💡 IP Geolocation Accuracy Limitations

IP geolocation databases provide approximate locations with varying accuracy. City-level geolocation is typically 50-80% accurate, while country-level exceeds 95%. VPNs, proxies, and mobile networks further reduce reliability, making geolocation a useful but imperfect intelligence signal.

🔍 Check Any IP Address

Share this report:
AboutDisclaimerTermsAbuse Reports Tracker
Report generated 27.05.2026 06:21
Behave or get exposed