Dashboard›🇬🇧 United Kingdom›152.89.129.70

THREAT REPORT

IP Threat Report
152.89.129.70

ABUSE.MOM — BEHAVE OR GET EXPOSED

Generated: 2026-05-26 22:56:03

First seen: 2026-03-14 10:00:05

Last seen: 2026-03-25 21:00:06

Geolocation & Classification

IP Address

152.89.129.70

Type

Residential

Country

🇬🇧 United Kingdom

City

London

ISP

XT GLOBAL NETWORKS LTD.

Organization

EliteWork LLC

Autonomous System

AS48095 XT GLOBAL NETWORKS LTD.

Hit Count

Detection Signatures

Signature	Description	Points
Danger medium hits: 4	Medium-risk: admin panels, config files	+40
Probe pattern 302->404 same path	Behavioral anomaly detected by automated analysis	+20
Foreign referer seen	Referer from unrelated external domain	+10

Σ = 70

Observed Activity

Reconstructed HTTP requests from server access logs. Target domains redacted for security.

[redacted]

GET

200

Requests shown: 1 · HTTP 404: 0 · Dangerous patterns: 0

* Typical request patterns for detected signatures. Actual target domains are redacted.

Timeline

2026-03-14 10:00:05

First malicious request detected

IP entered monitoring from server access logs

During observation

Multiple detection signatures triggered

Danger medium hits: 4 (+40), Probe pattern 302->404 same path (+20), Foreign referer seen (+10)

2026-03-25 21:00:06

Last malicious request observed

Total score reached: 70/100

Next cycle

IP blocked — all subsequent requests denied (HTTP 403)

Added to blocklist automatically

Network Provider

XT GLOBAL NETWORKS LTD.

AS48095 · 🇬🇧 United Kingdom

Recommendations

Actions taken & recommended

IP 152.89.129.70 is blocked at application level (HTTP 403)
Consider blocking at firewall level (iptables/CSF) to reduce server load
Other malicious IPs detected in the same /24 subnet — consider blocking 152.89.129.0/24
Report abuse to the network provider via their abuse contact
Ensure sensitive files (.env, .git, backups) are not accessible from the web

🔎 Path Enumeration Protection

Block scanning from 152.89.129.70: rate-limit 404 responses per IP, deploy a honeypot 404 page, ensure no backup files are web-accessible.

Neighbors in 152.89.129.0/24

Other blocked IPs from the same /24 subnet — indicates systematic abuse from this network range.

Open Ports & Services

Network reconnaissance data from Shodan. Open ports may indicate running services, misconfigurations, or potential attack surfaces.

OPEN PORTS (5)

Port	Service	Risk	Description
80	HTTP	Low	HTTP web server — standard web traffic
3128	Unknown	Low	Service on port 3128
8000	Unknown	Low	Service on port 8000
8080	HTTP-Alt	Low	HTTP alternative port — often used for admin panels or proxies
8800	Unknown	Low	Service on port 8800

KNOWN VULNERABILITIES (CVE) (56)

CVE ID	Link
CVE-2024-45802	NVD →
CVE-2019-12521	NVD →
CVE-2020-24606	NVD →
CVE-2023-46728	NVD →
CVE-2019-18679	NVD →
CVE-2015-5400	NVD →
CVE-2023-5824	NVD →
CVE-2021-31806	NVD →
CVE-2019-12529	NVD →
CVE-2021-33620	NVD →
CVE-2019-12528	NVD →
CVE-2019-12520	NVD →
CVE-2021-46784	NVD →
CVE-2020-15049	NVD →
CVE-2018-1000024	NVD →
CVE-2023-50269	NVD →
CVE-2023-46846	NVD →
CVE-2025-62168	NVD →
CVE-2020-11945	NVD →
CVE-2019-13345	NVD →
CVE-2021-31808	NVD →
CVE-2016-3947	NVD →
CVE-2016-4554	NVD →
CVE-2016-10002	NVD →
CVE-2023-49286	NVD →

+31 more

🔴 Security scanning identified 56 vulnerability entries on this host. This volume strongly suggests severely outdated software. Consult NVD advisories for details.

DETECTED TECHNOLOGIES

squid-cache:squid:3.1.23

Data source: Shodan InternetDB. Scanned independently of abuse.mom.

Blacklist Status (DNSBL)

This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.

✓ Clean

Spamhaus ZEN

Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.

Threat Analysis

152.89.129.70 has been assigned a threat score of 70/100 (High). This classifies it as a high-severity threat. Proactive blocking is recommended for sensitive infrastructure.

The following attack categories were identified:

Path Enumeration

📊 Threat Analysis

Our monitoring infrastructure has identified 152.89.129.70, geolocated to London, United Kingdom, operating on the network of XT GLOBAL NETWORKS LTD., as a source of suspicious network activity. The address has been active for 11 days in our monitoring system, producing 2 flagged requests at a rate of ~0.2/day. Operating from a residential network, this IP may represent a compromised home gateway or IoT device that has been drafted into a larger attack infrastructure. Active path scanning has been detected — this IP probes for hundreds of common file and directory names. United Kingdom currently accounts for 30 blocked IPs in our database, making it a notable source of malicious traffic. At 70/100, this IP warrants immediate defensive action.

This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.

Related Threats

🇬🇧 Top threats from United Kingdom

152.89.129.190 (105)152.89.128.239 (105)171.22.37.210 (105)152.89.129.60 (105)152.89.129.28 (105)View all →

🏢 Same network: AS48095

194.26.176.22 (180)46.175.152.162 (140)194.4.171.123 (140)194.4.169.86 (140)152.89.129.190 (105)View all →

Security Intelligence

💡 Vulnerability Scanning Explained

Vulnerability scanning is the automated process of probing web applications for known weaknesses. Attackers use tools like Nuclei, Nikto, and ZAP to test thousands of hosts per hour, looking for exposed configuration files, outdated software, and default credentials.

💡 HTTP/2 and HTTP/3 Security Implications

Modern HTTP protocols introduce new attack surfaces including stream multiplexing abuse, header compression attacks (HPACK bombing), and rapid reset attacks. Security tools must evolve to handle these protocol-specific threats effectively.

🔍 Check Any IP Address

Share this report:

IP Threat Report152.89.129.70

⛔ Verdict: BLOCK