Dashboard›🇨🇳 China›150.139.157.151

THREAT REPORT

IP Threat Report
150.139.157.151

ABUSE.MOM — BEHAVE OR GET EXPOSED

Generated: 2026-05-22 11:33:27

First seen: 2026-03-07 20:00:05

Last seen: 2026-03-07 20:00:05

Geolocation & Classification

IP Address

150.139.157.151

Type

Residential

Country

🇨🇳 China

City

Jinan

ISP

China Telecom

Organization

Chinanet SD

Autonomous System

AS136195 Qingdao, Shandong Province, P.R.China.

Hit Count

Detection Signatures

Signature	Description	Points
Burst: 19 req / 2s	Abnormally fast request rate — automated scanning	+35
Burst: 19 req / 10s	Abnormally fast request rate — automated scanning	+35
Foreign referer seen	Referer from unrelated external domain	+10

Σ = 80

Observed Activity

Reconstructed HTTP requests from server access logs. Target domains redacted for security.

[redacted]

GET

200

[redacted]

GET

/page

200

Requests shown: 2 · HTTP 404: 0 · Dangerous patterns: 0

* Typical request patterns for detected signatures. Actual target domains are redacted.

Timeline

2026-03-07 20:00:05

First malicious request detected

IP entered monitoring from server access logs

During observation

Multiple detection signatures triggered

Burst: 19 req / 2s (+35), Burst: 19 req / 10s (+35), Foreign referer seen (+10)

2026-03-07 20:00:05

Last malicious request observed

Total score reached: 80/100

Next cycle

IP blocked — all subsequent requests denied (HTTP 403)

Added to blocklist automatically

Network Provider

China Telecom

AS136195 · 🇨🇳 China

Recommendations

Actions taken & recommended

IP 150.139.157.151 is blocked at application level (HTTP 403)
Consider blocking at firewall level (iptables/CSF) to reduce server load
Report abuse to the network provider via their abuse contact
Ensure sensitive files (.env, .git, backups) are not accessible from the web

🌊 Flood / DDoS Mitigation

Implement limit_req_zone in nginx. Deploy CDN with DDoS protection. Configure SYN cookies and connection tracking to throttle 150.139.157.151.

Open Ports & Services

Network reconnaissance data from Shodan. Open ports may indicate running services, misconfigurations, or potential attack surfaces.

OPEN PORTS (12)

Port	Service	Risk	Description
80	HTTP	Low	HTTP web server — standard web traffic
443	HTTPS	Low	HTTPS web server — encrypted web traffic
880	Unknown	Low	Service on port 880
6008	Unknown	Low	Service on port 6008
8001	Unknown	Low	Service on port 8001
8080	HTTP-Alt	Low	HTTP alternative port — often used for admin panels or proxies
8081	Unknown	Low	Service on port 8081
8083	Unknown	Low	Service on port 8083
8089	Unknown	Low	Service on port 8089
8093	Unknown	Low	Service on port 8093
8443	HTTPS-Alt	Low	Service on port 8443
10250	Unknown	Low	Service on port 10250

Hostnames: cdn-go.cnvod.myqcloud.combldimg.commyapp.comdanmu.comgeetest.comimg4399.com58cdn.com.cnfile.myqcloud.comcdn.myqcloud.comgtimg.cnuniqlo.cn2144.commeituan.netffnews.cnqpic.cnzservey.net5054399.comdpfile.comxpdl999.aiwan4399.comvod2.myqcloud.comqcloudcdn.comdd.cdntips.netugdtimg.comzhongcheng818.comcntv.qcloudcdn.comvda.v.qcloudcdn.comsogoucdn.commykeeta.netflash.cndianping.comsuyinwealth.comhls.cdn.myqcloud.comdd.qq.comvip.cdngot.comwx.qq.comvod-qcloud.com2144.cnweishi.qq.comwanyabox.comgtimg.comvideo.myqcloud.comlof3.xyznitrome.com.4399.comdl.txcdns.com4399.comflash.2144.comwww.txfund.comwww.tencentwm.comvod.cdn.myqcloud.comwww.miniclip.com.4399pk.comjsbchina.cnimage.myqcloud.comdlied1.cdntips.net

PTR: cdn-go.cn

Data source: Shodan InternetDB. Scanned independently of abuse.mom.

Blacklist Status (DNSBL)

This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.

✓ Clean

Spamhaus ZEN

Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.

Threat Analysis

150.139.157.151 has been assigned a threat score of 80/100 (Critical). A score this high marks a critical threat actor. This address has demonstrated persistent, aggressive malicious behavior across multiple detection vectors.

The following attack categories were identified:

Request Flooding

📊 Threat Analysis

150.139.157.151 is registered in Jinan, China, operating on the network of China Telecom. This IP first appeared in our threat feeds after triggering multiple behavioral detection signatures. The address has been active for 1 days in our monitoring system, producing 1 flagged requests at a rate of ~1/day. Operating from a residential network, this IP may represent a compromised home gateway or IoT device that has been drafted into a larger attack infrastructure. Rate-based attacks from this IP aim to overwhelm server resources through high-volume request flooding. With 101 flagged addresses, China represents a significant presence in our threat database. The score of 80/100 indicates a confirmed malicious actor. Network-level blocking is appropriate.

This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.

Related Threats

🇨🇳 Top threats from China

180.184.55.222 (340)117.50.120.215 (235)115.191.1.205 (235)123.58.16.244 (235)43.142.47.248 (230)View all →

🏢 Same network: AS136195

View all →

Security Intelligence

💡 DDoS Mitigation Approaches

Distributed denial of service attacks overwhelm infrastructure with traffic volume. Effective mitigation combines always-on traffic scrubbing, anycast network distribution, rate limiting, and the ability to quickly scale absorption capacity during attacks.

💡 Satellite Internet Security

Satellite internet introduces unique security challenges including high latency that affects real-time threat detection, shared bandwidth that enables traffic sniffing, and coverage areas that cross multiple jurisdictions complicating legal response.

🔍 Check Any IP Address

Share this report:

IP Threat Report150.139.157.151

⛔ Verdict: BLOCK