IP Threat Report
146.70.194.238
ABUSE.MOM — BEHAVE OR GET EXPOSED
Geolocation & Classification
Detection Signatures
| Signature | Description | Points | Severity |
|---|---|---|---|
| Danger strong hits: 1 | High-risk paths: shells, RCE vectors, exploits | +25 | |
| Danger medium hits: 19 | Medium-risk: admin panels, config files | +60 | |
| Burst: 20 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 21 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 21 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| 404 ratio >= 60% | Majority of requests returned 404 — enumeration | +25 | |
| Burst: 17 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 19 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 19 req / 2s | Abnormally fast request rate — automated scanning | +35 |
Observed Activity
Reconstructed HTTP requests from server access logs. Target domains redacted for security.
* Typical request patterns for detected signatures. Actual target domains are redacted.
Timeline
Network Provider
Recommendations
Actions taken & recommended
- IP 146.70.194.238 is blocked at application level (HTTP 403)
- Consider blocking at firewall level (iptables/CSF) to reduce server load
- Other malicious IPs detected in the same /24 subnet — consider blocking 146.70.194.0/24
- Report abuse to the network provider via their abuse contact
- Ensure sensitive files (.env, .git, backups) are not accessible from the web
🌊 Flood / DDoS Mitigation
Implement limit_req_zone in nginx. Deploy CDN with DDoS protection. Configure SYN cookies and connection tracking to throttle 146.70.194.238.
🔎 Path Enumeration Protection
Block scanning from 146.70.194.238: rate-limit 404 responses per IP, deploy a honeypot 404 page, ensure no backup files are web-accessible.
Neighbors in 146.70.194.0/24
Other blocked IPs from the same /24 subnet — indicates systematic abuse from this network range.
Open Ports & Services
Network reconnaissance data from Shodan. Open ports may indicate running services, misconfigurations, or potential attack surfaces.
| Port | Service | Risk | Description |
|---|---|---|---|
| 1443 | Unknown | Low | Service on port 1443 |
| 7443 | Unknown | Low | Service on port 7443 |
| 8443 | HTTPS-Alt | Low | Service on port 8443 |
Data source: Shodan InternetDB. Scanned independently of abuse.mom.
Blacklist Status (DNSBL)
This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.
Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.
Threat Analysis
146.70.194.238 has been assigned a threat score of 180/100 (Critical). This is a critical-level threat. Systems administrators should treat this IP as hostile and block all inbound connections without exception.
The following attack categories were identified:
📊 Threat Analysis
Our monitoring infrastructure has identified 146.70.194.238, geolocated to Dourdain, France, operating on the network of M247 Europe SRL, as a source of suspicious network activity. The address has been active for 8 days in our monitoring system, producing 23 flagged requests at a rate of ~2.9/day. This is a residential IP address, suggesting a compromised home device such as a router, smart appliance, or infected workstation participating in a botnet. Two attack patterns were identified (Request Flooding and Path Enumeration), suggesting a semi-automated campaign that targets multiple vulnerabilities. With 125 flagged addresses, France represents a significant presence in our threat database. With a threat score of 180/100, this IP is among the most dangerous addresses in our database. Immediate and complete blocking is strongly recommended.
This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.
Related Threats
Security Intelligence
💡 Directory Traversal Attacks
Path traversal attacks attempt to access files outside the intended directory by manipulating file path references. Attackers use sequences like ../ to reach sensitive system files such as /etc/passwd or application configuration files.
💡 Mobile Malware Distribution
Mobile malware reaches devices through unofficial app stores, malicious links, and even occasionally through official stores using obfuscation techniques. Banking trojans, spyware, and ransomware variants specifically designed for mobile platforms continue to proliferate.