Dashboard›🇦🇱 AL›151.245.116.70

THREAT REPORT

IP Threat Report
151.245.116.70

ABUSE.MOM — BEHAVE OR GET EXPOSED

Generated: 2026-05-30 06:56:21

First seen: 2026-04-04 09:00:05

Last seen: 2026-04-04 10:00:09

Geolocation & Classification

IP Address

151.245.116.70

Type

Residential

Country

🇦🇱 AL

City

Tirana

ISP

Cyberzone S.A.

Organization

Private Customer

Autonomous System

AS209854 Cyberzone S.A.

Hit Count

107

Detection Signatures

Signature	Description	Points
UA changed for same IP	Multiple User-Agents — bot rotation technique	+25
Danger strong hits: 37	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 216	Medium-risk: admin panels, config files	+60
Burst: 34 req / 2s	Abnormally fast request rate — automated scanning	+35
Burst: 124 req / 10s	Abnormally fast request rate — automated scanning	+35
Danger strong hits: 184	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 414	Medium-risk: admin panels, config files	+60
Burst: 36 req / 2s	Abnormally fast request rate — automated scanning	+35
Burst: 132 req / 10s	Abnormally fast request rate — automated scanning	+35
Burst: 35 req / 2s	Abnormally fast request rate — automated scanning	+35
Burst: 127 req / 10s	Abnormally fast request rate — automated scanning	+35
Danger strong hits: 5	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 122	Medium-risk: admin panels, config files	+60
Burst: 122 req / 10s	Abnormally fast request rate — automated scanning	+35
Danger strong hits: 69	High-risk paths: shells, RCE vectors, exploits	+100
Burst: 128 req / 10s	Abnormally fast request rate — automated scanning	+35
Danger strong hits: 25	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 180	Medium-risk: admin panels, config files	+60
Danger strong hits: 1	High-risk paths: shells, RCE vectors, exploits	+25
Burst: 12 req / 2s	Abnormally fast request rate — automated scanning	+35
Burst: 12 req / 10s	Abnormally fast request rate — automated scanning	+35
Danger strong hits: 130	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 1	Medium-risk: admin panels, config files	+10
Danger strong hits: 154	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 43	Medium-risk: admin panels, config files	+60
Burst: 129 req / 10s	Abnormally fast request rate — automated scanning	+35
Danger strong hits: 185	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 183	Medium-risk: admin panels, config files	+60
Danger strong hits: 174	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 184	Medium-risk: admin panels, config files	+60
Danger strong hits: 3	High-risk paths: shells, RCE vectors, exploits	+75
Danger medium hits: 84	Medium-risk: admin panels, config files	+60
Burst: 84 req / 10s	Abnormally fast request rate — automated scanning	+35
Danger strong hits: 63	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 259	Medium-risk: admin panels, config files	+60
Danger strong hits: 4	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 98	Medium-risk: admin panels, config files	+60
Burst: 98 req / 10s	Abnormally fast request rate — automated scanning	+35
Danger strong hits: 102	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 335	Medium-risk: admin panels, config files	+60
Burst: 126 req / 10s	Abnormally fast request rate — automated scanning	+35
Danger strong hits: 41	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 217	Medium-risk: admin panels, config files	+60
Danger strong hits: 113	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 360	Medium-risk: admin panels, config files	+60
Danger strong hits: 93	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 322	Medium-risk: admin panels, config files	+60
Danger strong hits: 86	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 312	Medium-risk: admin panels, config files	+60
Danger strong hits: 77	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 288	Medium-risk: admin panels, config files	+60
Danger strong hits: 67	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 267	Medium-risk: admin panels, config files	+60
Danger strong hits: 61	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 256	Medium-risk: admin panels, config files	+60
Danger strong hits: 60	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 255	Medium-risk: admin panels, config files	+60
Danger strong hits: 47	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 236	Medium-risk: admin panels, config files	+60
Danger strong hits: 42	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 225	Medium-risk: admin panels, config files	+60
Danger medium hits: 215	Medium-risk: admin panels, config files	+60
Danger strong hits: 31	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 192	Medium-risk: admin panels, config files	+60
Burst: 130 req / 10s	Abnormally fast request rate — automated scanning	+35
Danger strong hits: 71	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 278	Medium-risk: admin panels, config files	+60
Danger strong hits: 167	High-risk paths: shells, RCE vectors, exploits	+100
Danger strong hits: 231	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 336	Medium-risk: admin panels, config files	+60
Danger strong hits: 232	High-risk paths: shells, RCE vectors, exploits	+100
Danger strong hits: 166	High-risk paths: shells, RCE vectors, exploits	+100
Burst: 131 req / 10s	Abnormally fast request rate — automated scanning	+35
Danger strong hits: 118	High-risk paths: shells, RCE vectors, exploits	+100
Danger strong hits: 106	High-risk paths: shells, RCE vectors, exploits	+100
Burst: 125 req / 10s	Abnormally fast request rate — automated scanning	+35
Danger strong hits: 162	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 95	Medium-risk: admin panels, config files	+60
Danger strong hits: 191	High-risk paths: shells, RCE vectors, exploits	+100
Danger strong hits: 72	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 280	Medium-risk: admin panels, config files	+60
Danger strong hits: 2	High-risk paths: shells, RCE vectors, exploits	+50
Danger medium hits: 45	Medium-risk: admin panels, config files	+60
Burst: 45 req / 10s	Abnormally fast request rate — automated scanning	+35
Danger medium hits: 110	Medium-risk: admin panels, config files	+60
Burst: 110 req / 10s	Abnormally fast request rate — automated scanning	+35
Danger strong hits: 207	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 156	Medium-risk: admin panels, config files	+60
Danger strong hits: 49	High-risk paths: shells, RCE vectors, exploits	+100
Danger strong hits: 74	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 283	Medium-risk: admin panels, config files	+60
Danger strong hits: 229	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 252	Medium-risk: admin panels, config files	+60
Danger strong hits: 169	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 77	Medium-risk: admin panels, config files	+60
Danger strong hits: 228	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 238	Medium-risk: admin panels, config files	+60
Danger medium hits: 55	Medium-risk: admin panels, config files	+60
Burst: 33 req / 2s	Abnormally fast request rate — automated scanning	+35
Burst: 55 req / 10s	Abnormally fast request rate — automated scanning	+35
Danger strong hits: 188	High-risk paths: shells, RCE vectors, exploits	+100
Burst: 123 req / 10s	Abnormally fast request rate — automated scanning	+35
Danger strong hits: 201	High-risk paths: shells, RCE vectors, exploits	+100
Danger strong hits: 8	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 150	Medium-risk: admin panels, config files	+60
Danger medium hits: 214	Medium-risk: admin panels, config files	+60
Danger strong hits: 18	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 163	Medium-risk: admin panels, config files	+60
Danger strong hits: 126	High-risk paths: shells, RCE vectors, exploits	+100
Danger strong hits: 333	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 476	Medium-risk: admin panels, config files	+60
Danger strong hits: 139	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 14	Medium-risk: admin panels, config files	+60
Danger strong hits: 146	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 24	Medium-risk: admin panels, config files	+60
Danger strong hits: 155	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 48	Medium-risk: admin panels, config files	+60
Danger strong hits: 165	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 69	Medium-risk: admin panels, config files	+60
Danger strong hits: 171	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 80	Medium-risk: admin panels, config files	+60
Danger strong hits: 172	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 81	Medium-risk: admin panels, config files	+60
Danger medium hits: 100	Medium-risk: admin panels, config files	+60
Danger strong hits: 190	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 111	Medium-risk: admin panels, config files	+60
Danger strong hits: 195	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 121	Medium-risk: admin panels, config files	+60
Danger medium hits: 144	Medium-risk: admin panels, config files	+60
Danger strong hits: 161	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 58	Medium-risk: admin panels, config files	+60
Danger strong hits: 97	High-risk paths: shells, RCE vectors, exploits	+100
Danger medium hits: 329	Medium-risk: admin panels, config files	+60

Σ = 9515

Observed Activity

Reconstructed HTTP requests from server access logs. Target domains redacted for security.

[redacted]

GET

200

[redacted]

GET

/page

200

Requests shown: 2 · HTTP 404: 0 · Dangerous patterns: 0

* Typical request patterns for detected signatures. Actual target domains are redacted.

Timeline

2026-04-04 09:00:05

First malicious request detected

IP entered monitoring from server access logs

During observation

Multiple detection signatures triggered

UA changed for same IP (+25), Danger strong hits: 37 (+100), Danger medium hits: 216 (+60)

2026-04-04 10:00:09

Last malicious request observed

Total score reached: 255/100

Next cycle

IP blocked — all subsequent requests denied (HTTP 403)

Added to blocklist automatically

Network Provider

Cyberzone S.A.

AS209854 · 🇦🇱 AL

Recommendations

Actions taken & recommended

IP 151.245.116.70 is blocked at application level (HTTP 403)
Consider blocking at firewall level (iptables/CSF) to reduce server load
Other malicious IPs detected in the same /24 subnet — consider blocking 151.245.116.0/24
Report abuse to the network provider via their abuse contact
Ensure sensitive files (.env, .git, backups) are not accessible from the web

🤖 User-Agent Anomaly Defense

IP 151.245.116.70 shows suspicious UA behavior. Block empty User-Agent requests. Implement JavaScript-based bot detection for sensitive endpoints.

🌊 Flood / DDoS Mitigation

Implement limit_req_zone in nginx. Deploy CDN with DDoS protection. Configure SYN cookies and connection tracking to throttle 151.245.116.70.

Neighbors in 151.245.116.0/24

Other blocked IPs from the same /24 subnet — indicates systematic abuse from this network range.

151.245.116.148

Score: 255 · Hits: 10

Open Ports & Services

Network reconnaissance data from Shodan. Open ports may indicate running services, misconfigurations, or potential attack surfaces.

OPEN PORTS (4)

Port	Service	Risk	Description
1443	Unknown	Low	Service on port 1443
4000	Unknown	Low	Service on port 4000
7443	Unknown	Low	Service on port 7443
8443	HTTPS-Alt	Low	Service on port 8443

Data source: Shodan InternetDB. Scanned independently of abuse.mom.

Blacklist Status (DNSBL)

This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.

✓ Clean

ix.dnsbl.manitu.net

✓ Clean

bl.spamcop.net

✓ Clean

dnsbl-1.uceprotect.net

✓ Clean

zen.spamhaus.org

✓ Clean

dnsbl.sorbs.net

✓ Clean

b.barracudacentral.org

✓ Clean

psbl.surriel.com

✓ Clean

truncate.gbudb.net

Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.

Threat Analysis

151.245.116.70 has been assigned a threat score of 255/100 (Critical). This represents a critical risk level. Our detection systems have flagged multiple high-confidence indicators of malicious intent from this address.

The following attack categories were identified:

User-Agent AnomalyRequest Flooding

📊 Threat Analysis

Our monitoring infrastructure has identified 151.245.116.70, geolocated to Tirana, AL, operating on the network of Cyberzone S.A., as a source of suspicious network activity. Over a period of 1 days, this IP generated 107 malicious requests, averaging approximately 107 requests per day. This residential IP is likely a compromised consumer device. Home routers and IoT equipment with default credentials are prime targets for botnet operators. The dual attack vectors of User-Agent Anomaly combined with Request Flooding indicate a coordinated assault rather than opportunistic scanning. Our records show 61 malicious IPs originating from AL, positioning it as a notable contributor to global threat activity. With a threat score of 255/100, this IP is among the most dangerous addresses in our database. Immediate and complete blocking is strongly recommended.

This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.

Related Threats

🇦🇱 Top threats from AL

78.159.131.56 (265)217.9.247.118 (255)151.245.116.148 (255)217.9.247.11 (255)193.163.187.232 (168)View all →

🏢 Same network: AS209854

217.9.247.118 (255)151.245.116.148 (255)217.9.247.11 (255)217.9.247.70 (70)View all →

Security Intelligence

💡 TLS Fingerprinting (JA3/JA4)

TLS fingerprinting creates unique identifiers based on how clients negotiate encrypted connections. The JA3 and JA4 methods generate hashes from TLS ClientHello parameters, enabling identification of specific tools and malware regardless of IP address changes.

💡 Server-Side Request Forgery (SSRF)

SSRF attacks trick servers into making requests to internal resources that should not be publicly accessible. This can expose cloud metadata endpoints, internal APIs, and private network services, potentially leading to full infrastructure compromise.

🔍 Check Any IP Address

Share this report:

IP Threat Report151.245.116.70

⛔ Verdict: BLOCK

Geolocation & Classification

Detection Signatures

Observed Activity

Timeline

Network Provider

Recommendations

Actions taken & recommended

🤖 User-Agent Anomaly Defense

🌊 Flood / DDoS Mitigation

Neighbors in 151.245.116.0/24

Open Ports & Services

Blacklist Status (DNSBL)

Threat Analysis

📊 Threat Analysis

Related Threats

🇦🇱 Top threats from AL

🏢 Same network: AS209854

Security Intelligence

💡 TLS Fingerprinting (JA3/JA4)

💡 Server-Side Request Forgery (SSRF)

🔍 Check Any IP Address

IP Threat Report
151.245.116.70